在 Java EE 7 (WildFly) 中将 PicketLink 中的令牌与基于 LDAP 的身份存储一起使用
Using tokens in PicketLink with LDAP-based identity store in Java EE 7 (WildFly)
我正在尝试使用 JWT 令牌保护 RESTful 网络服务;它基本上是 picketlink-angularjs-rest: PicketLink AngularJS and REST Security 快速入门,但具有 LDAP (AD) 身份存储。
当客户端尝试获取令牌时,LDAP 授权工作正常,但是当 JWSTokenProvider attempts to update the account with the token.
时发生 NullPointerException
14:18:51,463 ERROR [org.picketlink.http] (default task-1) Exception thrown during processing for path [/web/rest/authenticate]. Sending error with status code [500].: javax.ejb.EJBException: org.picketlink.idm.IdentityManagementException: PLIDM000201: Credential update failed for account [org.picketlink.idm.model.basic.User@bd0f05c0] and type [app.security.jws.JWSToken@7abd2a33].
(...)
at org.picketlink.http.internal.authentication.schemes.TokenAuthenticationScheme.issueToken(TokenAuthenticationScheme.java:222) [picketlink-impl-2.7.0.Final.jar:]
at org.picketlink.http.internal.authentication.schemes.TokenAuthenticationScheme.onPostAuthentication(TokenAuthenticationScheme.java:128) [picketlink-impl-2.7.0.Final.jar:]
at org.picketlink.http.internal.SecurityFilter.performAuthenticationIfRequired(SecurityFilter.java:437) [picketlink-impl-2.7.0.Final.jar:]
at org.picketlink.http.internal.SecurityFilter.doFilter(SecurityFilter.java:174) [picketlink-impl-2.7.0.Final.jar:]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
(...)
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_45]
Caused by: org.picketlink.idm.IdentityManagementException: PLIDM000201: Credential update failed for account [org.picketlink.idm.model.basic.User@bd0f05c0] and type [app.security.jws.JWSToken@7abd2a33].
at org.picketlink.idm.internal.ContextualIdentityManager.updateCredential(ContextualIdentityManager.java:235) [picketlink-idm-impl-2.7.0.Final.jar:]
at org.picketlink.idm.internal.ContextualIdentityManager.updateCredential(ContextualIdentityManager.java:217) [picketlink-idm-impl-2.7.0.Final.jar:]
at app.security.jws.JWSTokenProvider.issue(JWSTokenProvider.java:50) [app-1.0-SNAPSHOT.jar:]
(...)
... 75 more
Caused by: java.lang.NullPointerException
at org.picketlink.idm.internal.DefaultStoreSelector.getStoreForCredentialOperation(DefaultStoreSelector.java:221) [picketlink-idm-impl-2.7.0.Final.jar:]
at org.picketlink.idm.internal.ContextualIdentityManager.updateCredential(ContextualIdentityManager.java:231) [picketlink-idm-impl-2.7.0.Final.jar:]
... 112 more
(完整的堆栈跟踪是 here)
我怎样才能让这个场景发挥作用?或者如果在 PicketLink 中不可能,还有什么选择?”我正在使用 Java EE 7 和 WildFly 应用程序服务器。
可能不支持此配置?检查 Picketlink 文档:http://docs.jboss.org/picketlink/2/latest/reference/html/sect-Built-in_Credential_Handlers.html
org.picketlink.idm.credential.TokenCredential 用于基于令牌的身份验证,受 JPAIdentityStore 和 FileBasedIdentityStore
支持
我正在尝试使用 JWT 令牌保护 RESTful 网络服务;它基本上是 picketlink-angularjs-rest: PicketLink AngularJS and REST Security 快速入门,但具有 LDAP (AD) 身份存储。
当客户端尝试获取令牌时,LDAP 授权工作正常,但是当 JWSTokenProvider attempts to update the account with the token.
时发生NullPointerException
14:18:51,463 ERROR [org.picketlink.http] (default task-1) Exception thrown during processing for path [/web/rest/authenticate]. Sending error with status code [500].: javax.ejb.EJBException: org.picketlink.idm.IdentityManagementException: PLIDM000201: Credential update failed for account [org.picketlink.idm.model.basic.User@bd0f05c0] and type [app.security.jws.JWSToken@7abd2a33].
(...)
at org.picketlink.http.internal.authentication.schemes.TokenAuthenticationScheme.issueToken(TokenAuthenticationScheme.java:222) [picketlink-impl-2.7.0.Final.jar:]
at org.picketlink.http.internal.authentication.schemes.TokenAuthenticationScheme.onPostAuthentication(TokenAuthenticationScheme.java:128) [picketlink-impl-2.7.0.Final.jar:]
at org.picketlink.http.internal.SecurityFilter.performAuthenticationIfRequired(SecurityFilter.java:437) [picketlink-impl-2.7.0.Final.jar:]
at org.picketlink.http.internal.SecurityFilter.doFilter(SecurityFilter.java:174) [picketlink-impl-2.7.0.Final.jar:]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
(...)
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_45]
Caused by: org.picketlink.idm.IdentityManagementException: PLIDM000201: Credential update failed for account [org.picketlink.idm.model.basic.User@bd0f05c0] and type [app.security.jws.JWSToken@7abd2a33].
at org.picketlink.idm.internal.ContextualIdentityManager.updateCredential(ContextualIdentityManager.java:235) [picketlink-idm-impl-2.7.0.Final.jar:]
at org.picketlink.idm.internal.ContextualIdentityManager.updateCredential(ContextualIdentityManager.java:217) [picketlink-idm-impl-2.7.0.Final.jar:]
at app.security.jws.JWSTokenProvider.issue(JWSTokenProvider.java:50) [app-1.0-SNAPSHOT.jar:]
(...)
... 75 more
Caused by: java.lang.NullPointerException
at org.picketlink.idm.internal.DefaultStoreSelector.getStoreForCredentialOperation(DefaultStoreSelector.java:221) [picketlink-idm-impl-2.7.0.Final.jar:]
at org.picketlink.idm.internal.ContextualIdentityManager.updateCredential(ContextualIdentityManager.java:231) [picketlink-idm-impl-2.7.0.Final.jar:]
... 112 more
(完整的堆栈跟踪是 here)
我怎样才能让这个场景发挥作用?或者如果在 PicketLink 中不可能,还有什么选择?”我正在使用 Java EE 7 和 WildFly 应用程序服务器。
可能不支持此配置?检查 Picketlink 文档:http://docs.jboss.org/picketlink/2/latest/reference/html/sect-Built-in_Credential_Handlers.html
org.picketlink.idm.credential.TokenCredential 用于基于令牌的身份验证,受 JPAIdentityStore 和 FileBasedIdentityStore