[
https://issues.jboss.org/browse/SEAMSECURITY-62?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12601227#comment-12601227
]
wiktorowski maximilien edited comment on SEAMSECURITY-62 at 5/11/11 3:41 AM:
-----------------------------------------------------------------------------
More info on this, when we try to retrieves user's roles calling
identitySession.getRoleManager()
.findUserRoleTypes(u) picketlink RoleManager call
JpaIdentityStore.getRelationShipNames to retrieves roleNames.
The problem is that the function doesn't filter relationship entries with a
null name (that correspond to a membership association).
Looking at HibernateIdentityStore shows they filter this using a "%"
restriction on the query :
Path<String> rolesOnly = root.get(relationshipNameProperty.getName());
predicates.add(builder.like(rolesOnly, "%"));
That solves the roles loading, but then when we try to retrieves user's groups
calling identitySession.getRelationshipManager().findAssociatedGroups(u)
picketlink call this function :
public Collection<IdentityObject> findIdentityObject(
IdentityStoreInvocationContext invocationCxt, IdentityObject identity,
IdentityObjectRelationshipType relationshipType, boolean parent,
IdentityObjectSearchCriteria criteria) throws IdentityException
{
List<IdentityObject> objs = new ArrayList<IdentityObject>();
System.out.println("*** Invoked unimplemented method
findIdentityObject()");
// TODO Auto-generated method stub
return objs;
}
was (Author: maximilien):
More info on this, when we try to retrieves user's roles calling
identitySession.getRoleManager()
.findUserRoleTypes(u) picketlink RoleManager call
JpaIdentityStore.getRelationShipNames to retrieves roleNames.
The problem is that the function doesn't filter relationship entries with a
null name (that correspond to a membership association).
Looking at HibernateIdentityStore shows they filter this using a "%"
restriction on the query :
Path<String> rolesOnly = root.get(relationshipNameProperty.getName());
predicates.add(builder.like(rolesOnly, "%"));
That solves the roles loading, but then when try to retrieves user's groups
calling identitySession.getRelationshipManager().findAssociatedGroups(u)
picketlink call this function :
public Collection<IdentityObject> findIdentityObject(
IdentityStoreInvocationContext invocationCxt, IdentityObject identity,
IdentityObjectRelationshipType relationshipType, boolean parent,
IdentityObjectSearchCriteria criteria) throws IdentityException
{
List<IdentityObject> objs = new ArrayList<IdentityObject>();
System.out.println("*** Invoked unimplemented method
findIdentityObject()");
// TODO Auto-generated method stub
return objs;
}
> Using identity management to add user in group prevent user to login
> --------------------------------------------------------------------
>
> Key: SEAMSECURITY-62
> URL: https://issues.jboss.org/browse/SEAMSECURITY-62
> Project: Seam Security
> Issue Type: Bug
> Affects Versions: 3.0.0.Final
> Reporter: wiktorowski maximilien
> Assignee: Shane Bryzak
>
> Hi,
> I'm using seam-security with JPAIdentityStore.
> When i use RelationshipManager to add a user in a group (as said in reference
> guide) i can not login anymore with this user.
> Indeed when i call associateUser the entry created in
> identityobjectrelationship table has a null name and when i call
> identity.login for this user i got :
> 10:03:27,292 ERROR [org.jboss.seam.security.IdentityImpl] Login failed:
> java.lang.RuntimeException: java.lang.IllegalArgumentException: name cannot
> be null
> at
> org.jboss.seam.security.IdentityImpl.authenticate(IdentityImpl.java:329)
> [:3.0.0.Final]
> at org.jboss.seam.security.IdentityImpl.login(IdentityImpl.java:229)
> [:3.0.0.Final]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> [:1.6.0_20]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> [:1.6.0_20]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> [:1.6.0_20]
> at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_20]
> at org.apache.el.parser.AstValue.invoke(AstValue.java:196)
> [:6.0.0.Final]
> at
> org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276)
> [:6.0.0.Final]
> at
> org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:43)
> [:6.0.0.Final]
> at
> org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:56)
> [:6.0.0.Final]
> at
> org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:43)
> [:6.0.0.Final]
> at
> org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:56)
> [:6.0.0.Final]
> at
> com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:102)
> [:2.0.3-]
> at
> javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:84)
> [:2.0.3-]
> at
> com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:98)
> [:2.0.3-]
> at javax.faces.component.UICommand.broadcast(UICommand.java:311)
> [:2.0.3-]
> at
> javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:781)
> [:2.0.3-]
> at
> javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1246)
> [:2.0.3-]
> at
> com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:77)
> [:2.0.3-]
> at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:97) [:2.0.3-]
> at
> com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:114)
> [:2.0.3-]
> at javax.faces.webapp.FacesServlet.service(FacesServlet.java:308)
> [:2.0.3-]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:324)
> [:6.0.0.Final]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242)
> [:6.0.0.Final]
> at
> org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:67)
> [:6.0.0.Final]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:274)
> [:6.0.0.Final]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242)
> [:6.0.0.Final]
> at com.ocpsoft.pretty.PrettyFilter.doFilter(PrettyFilter.java:118) [:]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:274)
> [:6.0.0.Final]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242)
> [:6.0.0.Final]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
> [:6.0.0.Final]
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> [:6.0.0.Final]
> at
> org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:181)
> [:6.0.0.Final]
> at
> org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.event(CatalinaContext.java:285)
> [:1.1.0.Final]
> at
> org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.invoke(CatalinaContext.java:261)
> [:1.1.0.Final]
> at
> org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:88)
> [:6.0.0.Final]
> at
> org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:100)
> [:6.0.0.Final]
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> [:6.0.0.Final]
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [:6.0.0.Final]
> at
> org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
> [:6.0.0.Final]
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [:6.0.0.Final]
> at
> org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:53)
> [:6.0.0.Final]
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362)
> [:6.0.0.Final]
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
> [:6.0.0.Final]
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654)
> [:6.0.0.Final]
> at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951)
> [:6.0.0.Final]
> at java.lang.Thread.run(Thread.java:619) [:1.6.0_20]
> Caused by: java.lang.IllegalArgumentException: name cannot be null
> at
> org.picketlink.idm.impl.api.model.SimpleRoleType.<init>(SimpleRoleType.java:41)
> [:1.5.0.Alpha02]
> at
> org.picketlink.idm.impl.api.session.managers.RoleManagerImpl.findUserRoleTypes(RoleManagerImpl.java:580)
> [:1.5.0.Alpha02]
> at
> org.picketlink.idm.impl.api.session.managers.RoleManagerImpl.findUserRoleTypes(RoleManagerImpl.java:552)
> [:1.5.0.Alpha02]
> at
> org.jboss.seam.security.management.IdmAuthenticator.authenticate(IdmAuthenticator.java:49)
> [:3.0.0.Final]
> at
> org.jboss.seam.security.IdentityImpl.authenticate(IdentityImpl.java:305)
> [:3.0.0.Final]
> ... 46 more
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
seam-issues mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/seam-issues
