API tools faq
paste
vwjugow

chat picketlink 5

vwjugow
May 28th, 2014
444
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 33.83 KB | None | 0 0
raw download clone embed print report
  1. (14:17:43) pedroigor: ping
  2. (14:22:10) vwjuicew: pong
  3. (14:23:48) pedroigor: I'm getting some errors when building picketlink-issue
  4. (14:23:50) pedroigor: mvn install -Dmaven.test.skip=true -Denvironment=dev -Pjetty
  5. (14:24:28) vwjuicew: yes, which ones
  6. (14:25:27) pedroigor: let me run again
  7. (14:27:03) pedroigor: http://pastebin.com/br3Pqc3Q
  8. (14:27:50) vwjuicew: MM I think that has to do with Java version, are you using 1.6 ?
  9. (14:28:01) pedroigor: tried with 1.6 and 1.7
  10. (14:28:42) vwjuicew: ok, give me a sec, I'll ask somebody that has already fought this in the past
  11. (14:32:45) vwjuicew: maybe your maven is using a different java version. mvn --version and java -version give you the same java version ?
  12. (14:33:19) pedroigor: do I need to used 1.6 or 1.7 ?
  13. (14:34:31) vwjuicew: I use 1.7
  14. (14:34:56) vwjuicew: in the pom.xml is has 1.7 as java version
  15. (14:35:10) vwjuicew: you can try to set it to 1.6 in the pom
  16. (14:35:21) vwjuicew: and use 1.6
  17. (14:43:12) pedroigor: still failing ..
  18. (14:43:57) vwjuicew: what's your output for mvn --version and java -version ?
  19. (14:48:51) pedroigor: Apache Maven 3.1.1 (0728685237757ffbf44136acec0402957f723d9a; 2013-09-17 12:22:22-0300)
  20. (14:48:53) pedroigor: Maven home: /pedroigor/java/tools/apache-maven
  21. (14:48:55) pedroigor: Java version: 1.7.0_45, vendor: Oracle Corporation
  22. (14:48:57) pedroigor: Java home: /pedroigor/java/sdk/jdk1.7.0_45/jre
  23. (14:48:59) pedroigor: Default locale: en_US, platform encoding: UTF-8
  24. (14:49:01) pedroigor: OS name: "linux", version: "3.14.4-200.fc20.x86_64", arch: "amd64", family: "unix"
  25. (14:49:03) pedroigor: =================
  26. (14:49:07) pedroigor: java version "1.7.0_55"
  27. (14:49:09) pedroigor: OpenJDK Runtime Environment (fedora-2.4.7.0.fc20-x86_64 u55-b13)
  28. (14:49:11) pedroigor: OpenJDK 64-Bit Server VM (build 24.51-b03, mixed mode)
  29. (14:50:47) vwjuicew: could you try chaging your JAVA_HOME to the 1.7.0._45 from Oracle ?
  30. (14:51:11) vwjuicew: export JAVA_HOME=/usr/lib/jvm/jdk1.7.0_45
  31. (14:51:53) pedroigor: did that ...
  32. (14:52:47) vwjuicew: and you still get OpenJDK when doing java -version ?
  33. (14:53:00) vwjuicew: give a sec then
  34. (14:53:20) pedroigor: no, now it is oracle
  35. (14:54:39) vwjuicew: ok, and you still get the error :/ ?
  36. (14:55:32) pedroigor: yes
  37. (14:58:54) vwjuicew: :S sorry if this sounds stupid or desperate, but can you try a mvn clean, and try again haha
  38. (14:59:07) pedroigor: i did that already :)
  39. (14:59:19) pedroigor: is it working for you, right ?
  40. (14:59:51) vwjuicew: yes, we only had that problem when running the application once, never compiling
  41. (15:00:12) vwjuicew: it happened to us when we compile with one version, but tried to run it with other
  42. (15:00:30) pedroigor: I'm going to build using a fresh maven repo ..
  43. (15:00:47) vwjuicew: mm ok, hope that helps
  44. (15:19:26) vwjuicew: no luck right? maybe changing your PATH ?
  45. (15:19:40) pedroigor: maven is downaloding the whole internet :)
  46. (15:19:46) pedroigor: downloading
  47. (15:19:56) vwjuicew: hahah
  48. (15:20:02) pedroigor: give me a few more minutes ..
  49. (15:20:23) vwjuicew: I'll have to commit something anyways
  50. (15:20:32) vwjuicew: it just failed after I downloaded the jars again
  51. (15:23:19) pedroigor: what is failing ?
  52. (15:23:25) pedroigor: build ?
  53. (15:28:23) vwjuicew: yes, something about errai
  54. (15:32:07) pedroigor: the same erro as mine ?
  55. (15:32:10) pedroigor: error
  56. (15:33:08) vwjuicew: no
  57. (15:37:15) vwjuicew: did you get it again ?
  58. (15:37:40) vwjuicew: go a git pull origin master though, I've just pushed something
  59. (15:50:36) pedroigor: almost finish ...
  60. (15:50:41) pedroigor: ok
  61. (15:52:30) vwjuicew: did it compile ?
  62. (15:52:45) pedroigor: going to fetch your changes now
  63. (15:54:02) pedroigor: looks fine now ...
  64. (15:54:14) pedroigor: you were hidden the candy, han ?
  65. (15:54:16) pedroigor: :)
  66. (15:55:46) pedroigor: how do I change the datasource ?
  67. (15:55:52) vwjuicew: haha no, I don't know why it's working now
  68. (15:56:07) vwjuicew: hm for jetty theres a file
  69. (15:56:34) vwjuicew: src/jetty/WEB-INf/jetty-env.xml
  70. (15:56:53) vwjuicew: and for jboss, you need to set it in the standalone.xml
  71. (15:57:04) pedroigor: can you change to use hsqldb instead ?
  72. (15:57:53) vwjuicew: hm let me try
  73. (16:06:18) vwjuicew: ok, trying it out
  74. (16:09:37) pedroigor: got it :)
  75. (16:09:42) pedroigor: btw, r u using linux ?
  76. (16:09:57) vwjuicew: yes
  77. (16:10:05) vwjuicew: I've pushed it already
  78. (16:10:15) pedroigor: how do you install the gwt dev plugin ?
  79. (16:10:39) pedroigor: is it only available for firefox ?
  80. (16:10:52) vwjuicew: ohh, no, for chrome too
  81. (16:11:21) pedroigor: Sorry, the GWT Developer Plugin no longer works with Chrome on Linux
  82. (16:11:28) vwjuicew: https://chrome.google.com/webstore/detail/gwt-developer-plugin/jpjpnpmbddbjkfaccnmhnkdgjideieim?hl=en
  83. (16:12:08) pedroigor: NPAPI plugins are not supported. ?
  84. (16:13:06) vwjuicew: hm yeah I think I had some troubles with it
  85. (16:13:12) vwjuicew: let me google a little bit more
  86. (16:13:21) pedroigor: trying something here ..
  87. (16:13:24) pedroigor: too
  88. (16:16:33) pedroigor: i think it worked now ..
  89. (16:16:35) pedroigor: let me test
  90. (16:17:00) vwjuicew: ok
  91. (16:17:38) pedroigor: it as added, but still asks for the plugin when trying:
  92. (16:17:40) pedroigor: http://127.0.0.1:8888/App.html?gwt.codesvr=127.0.0.1:9997
  93. (16:21:08) vwjuicew: https://code.google.com/p/google-web-toolkit/issues/detail?id=7778#c5 ?
  94. (16:27:59) pedroigor: what is your chrome version ?
  95. (16:28:03) pedroigor: and firefox ?
  96. (16:29:37) vwjuicew: I donт use firefox
  97. (16:29:52) vwjuicew: but you can try, it should work as well
  98. (16:30:06) vwjuicew: you just have to change a line in the App.gwt.xml file, so let me know
  99. (16:30:21) vwjuicew: my chrome Version 34.0.1847.137
  100. (16:30:36) pedroigor: humm ... mine is 35
  101. (16:30:39) pedroigor: let me downgrade
  102. (16:32:14) vwjuicew: hm I don't think that'll help :/ try firefox
  103. (16:32:25) pedroigor: ok
  104. (16:37:27) pedroigor: ok
  105. (16:37:44) pedroigor: need to change App.gwt.xml
  106. (16:37:58) pedroigor: <set-property name="user.agent" value="gecko1_8" /> ?
  107. (16:38:30) vwjuicew: yes, and you can comment "safari" so it takes less time to compile
  108. (16:38:44) pedroigor: may I ask you something ?
  109. (16:38:48) vwjuicew: yes
  110. (16:39:01) pedroigor: why are you guys using gwt and errai ? any specific requirement ?
  111. (16:39:23) vwjuicew: no, errai nees gwt, for what I understand
  112. (16:39:26) vwjuicew: needs*
  113. (16:39:29) pedroigor: yeah ..
  114. (16:39:44) vwjuicew: oh, you mean, why don't we use, jsf or some other ?
  115. (16:39:58) pedroigor: actually, just why you are using gwt :)
  116. (16:40:10) pedroigor: btw, got the login page !
  117. (16:40:29) vwjuicew: yey, so now I don't know how to generate a user in hte hsqsl
  118. (16:40:39) vwjuicew: let me try add the register page
  119. (16:40:42) vwjuicew: so you can create users
  120. (16:46:59) vwjuicew: we use gwt because errai works on top of it, we need it so errai works. At least that's what I know
  121. (16:47:05) pedroigor: i know your issue
  122. (16:47:14) pedroigor: jetty is not resolving the EntityManager
  123. (16:47:25) pedroigor: i mean, injecting when using @PersistenceContext
  124. (16:47:38) vwjuicew: oh, but I instantiated manually
  125. (16:47:51) pedroigor: yeah, that is also giving an error
  126. (16:48:03) pedroigor: telling that could not find the datasource in jndi ..
  127. (16:48:05) pedroigor: etc ..
  128. (16:51:04) vwjuicew: mm I don't get that. did you pull the hsqldb changes ?
  129. (16:51:13) pedroigor: let me get yours ..
  130. (16:52:36) pedroigor: another issue is ..
  131. (16:52:59) pedroigor: you are using the same EM
  132. (16:53:12) pedroigor: and producing it only during startup ..
  133. (16:53:27) pedroigor: i think you need a fresh one each time the app requests one ..
  134. (16:53:36) vwjuicew: the picketlink one ?
  135. (16:53:41) vwjuicew: yeah maybe
  136. (16:53:42) pedroigor: yes
  137. (16:53:58) pedroigor: how are you doing with the pu-magick ?
  138. (16:54:15) vwjuicew: it's in commonDAO.java
  139. (16:54:25) vwjuicew: we get a new one
  140. (16:54:45) vwjuicew: only when we delete some entity
  141. (16:55:00) vwjuicew: we had issues over a month ago, and right now is stable
  142. (16:55:43) vwjuicew: we had only one I think and we tried getting a new one each time, but that also brought us some problem
  143. (16:56:02) pedroigor: you need something like OpenEntityManagerInViewFilter ..
  144. (16:56:35) pedroigor: the worst case ..
  145. (16:56:49) pedroigor: I know how to handle that ... the only problem is manage transactions ...
  146. (16:59:13) pedroigor: why u need a UserDAO
  147. (16:59:15) pedroigor: ?
  148. (16:59:23) pedroigor: you can just use PL IDM ?
  149. (16:59:45) vwjuicew: we had that from before
  150. (17:00:10) vwjuicew: AND we don't completely understand PL yet so many things may be wrong
  151. (17:00:29) pedroigor: i see ..
  152. (17:03:52) pedroigor: which class is invoked when you hit the login button ?
  153. (17:04:57) vwjuicew: ok, so that is an errai security class, which calls picketlink
  154. (17:05:21) vwjuicew: (I've just pushed changes so you can create a user, and after creating it, it shows the login page below)
  155. (17:05:40) pedroigor: ok
  156. (17:17:18) vwjuicew: when login is clicked, PicketlinkAuthenticationService#login is called
  157. (17:17:40) pedroigor: ok
  158. (17:17:41) vwjuicew: and that calls out MagickAuthenticator :P
  159. (17:17:48) pedroigor: there are some strange behaviors ...
  160. (17:17:51) pedroigor: like ..
  161. (17:18:07) pedroigor: everytime you hit login the IDM configuration is initialized over and over again ..
  162. (17:18:15) vwjuicew: hm
  163. (17:18:16) pedroigor: ideally, this should be done once ..
  164. (17:18:30) vwjuicew: yeah, I think that's out fault
  165. (17:18:38) vwjuicew: the code is in MagickAuthenticator
  166. (17:18:48) pedroigor: I've removed this authc ..
  167. (17:18:52) pedroigor: I don't think you need it ..
  168. (17:19:07) vwjuicew: yeah I know, you told me in the post
  169. (17:19:44) vwjuicew: but didn't had time to understand and configure IDM to check passwords like BCrypt
  170. (17:25:57) pedroigor: also ..
  171. (17:26:23) pedroigor: how do you get the EntityManagerFactory built during the app startup ?
  172. (17:26:31) pedroigor: I'm not a jetty expert :)
  173. (17:27:14) pedroigor: is possible to run this app in EAP ?
  174. (17:28:21) vwjuicew: impossible on jetty I think.
  175. (17:28:33) vwjuicew: you mean the @Startup from ejb ?
  176. (17:28:41) vwjuicew: that doesn't work with jetty
  177. (17:29:17) pedroigor: is possible to run this app using EAP 6 ?
  178. (17:29:23) vwjuicew: I use a wildfly :/
  179. (17:29:28) pedroigor: cool
  180. (17:29:28) vwjuicew: didn't try with 6
  181. (17:29:32) pedroigor: how do I do ?
  182. (17:29:36) pedroigor: just deploy the war ?
  183. (17:29:51) vwjuicew: you need to compile with -Pjboss7
  184. (17:29:58) vwjuicew: and do a mvn clean before
  185. (17:30:25) pedroigor: and to deploy ?
  186. (17:30:34) vwjuicew: yes, just deploy the war, and you won't need gwt dev mode
  187. (17:31:22) pedroigor: i think that would help ..
  188. (17:32:10) vwjuicew: and you can add all the @startup @singleton @localBean you want haha
  189. (17:32:59) pedroigor: are you going to use wildfly or jetty in production ?
  190. (17:33:14) vwjuicew: we use jboss
  191. (17:33:19) pedroigor: nice
  192. (17:34:04) vwjuicew: jetty for dev because it's a little faster for redeploying and currently debug on server side isn't working in jboss, but it worked before.
  193. (17:35:54) pedroigor: which version of wildfly ?
  194. (17:36:05) pedroigor: getting some errors when deploying ..
  195. (17:36:43) vwjuicew: mm 7.1.1
  196. (17:37:23) vwjuicew: JBAS015899: JBoss AS 7.1.1.Final "Brontes" starting
  197. (17:39:13) vwjuicew: you don't have access here right ? https://bitbucket.org/magick/wildfly/src
  198. (17:39:46) pedroigor: actually, this is AS 7.1.1, not wildfly ..
  199. (17:39:52) pedroigor: is a old version of JBoss AS
  200. (17:40:11) pedroigor: man ...
  201. (17:40:29) vwjuicew: ups sry, we have it as wildfly in the repo
  202. (17:40:43) pedroigor: first of all, you need to decide the target container ...
  203. (17:40:59) pedroigor: specially if you consider how transactions are managed
  204. (17:41:08) pedroigor: you are using resource local
  205. (17:41:47) pedroigor: and it seems you don't have a solution to manage them (begin/commit/rollback) automatically ..
  206. (17:41:57) pedroigor: but you need to do that by yourself, am i right ?
  207. (17:41:58) vwjuicew: nope
  208. (17:42:03) vwjuicew: yes
  209. (17:43:24) pedroigor: is possible to intercept all requests in errai from an interceptor or filter or whatever ?
  210. (17:44:34) vwjuicew: http requests? hm I guess haven't done that so far
  211. (17:45:31) pedroigor: did you see this ?
  212. (17:45:33) pedroigor: https://github.com/errai/errai/tree/master/errai-demos/errai-jpa-demo-todo-list
  213. (17:45:53) vwjuicew: yes
  214. (17:47:57) pedroigor: it works ?
  215. (17:49:42) vwjuicew: I haven't deployed it
  216. (17:50:01) vwjuicew: it should...
  217. (17:53:47) vwjuicew: actually I spent more time looking at this demo in the past. https://github.com/errai/errai/tree/master/errai-demos/errai-security-demo
  218. (17:53:47) vwjuicew: and not that much with the one you just gave. I don't remember seeing all that picketlink stuff in the example so I must have missed it
  219. (18:20:06) pedroigor: maybe you should try it out ..
  220. (18:20:56) vwjuicew: ok, I'll give it a shot tomorrow
  221. (18:21:33) vwjuicew: I'll talk with xybrek so he looks at it (he wakes up in a few hours )
  222. (18:21:44) pedroigor: ok
  223. (18:22:14) vwjuicew: you say that there we'll find the solution for our current issue ?
  224. (18:22:27) vwjuicew: org.picketlink.idm.IdentityManagementException: PLIDM000406: Partition [class org.picketlink.idm.model.basic.Realm] not found with the given name [default].
  225. (18:23:02) pedroigor: the cause of your issue is how JPA is being used ..
  226. (18:23:06) pedroigor: that is one point ..
  227. (18:23:43) pedroigor: we have a plenty of quickstarts for non-errai apps ...
  228. (18:23:47) pedroigor: basically, what they do is:
  229. (18:23:52) pedroigor: 1) user do a request
  230. (18:24:01) pedroigor: 2) a EntityManager is associated with that request
  231. (18:24:17) pedroigor: 3) you call picketlink
  232. (18:24:25) pedroigor: 4) transaction is commited
  233. (18:24:33) pedroigor: you are missing #2 and #3
  234. (18:25:00) vwjuicew: ok.
  235. (18:28:02) vwjuicew: and regarding the custom Authenticator, how can we make that IDM checks the password without using a custom auth, if the all the data (username and password) are saved in tables that correspond to custom entities. I mean we have nothing stored in the picketlink related tables, will those get populated when we do identityManager.add(user) ?
  236. (18:28:36) pedroigor: i think I can give you an overview about PL ...
  237. (18:28:48) pedroigor: documentation is a good source of information too ...
  238. (18:28:59) pedroigor: but if you want I can give you a overview ..
  239. (18:29:02) pedroigor: now
  240. (18:29:28) vwjuicew: yes, please (I've read the docs but they weren't clear enought for me, I feel a little lost yet)
  241. (18:29:31) pedroigor: so you can understand it better and replicate the information to your team ..
  242. (18:30:03) pedroigor: ok, let's start ...
  243. (18:30:48) pedroigor: PicketLink is about two main modules/libraries
  244. (18:30:58) pedroigor: 1) The Base Module
  245. (18:31:03) pedroigor: 2) The IDM Module
  246. (18:31:29) pedroigor: The Base Module is a integration module, which provides CDI support for most of PicketLink features.
  247. (18:31:44) pedroigor: for example, authentication using Identity
  248. (18:31:59) pedroigor: injection of IDM components such as IdentityManager, RelationshipManager, etc ..
  249. (18:32:28) pedroigor: when you configure PicketLink to your project, you'll get all that ...
  250. (18:33:02) pedroigor: by default, when your application starts PicketLink tries to create a default IDM configuration for you
  251. (18:33:11) pedroigor: using a file-based identity store
  252. (18:33:23) pedroigor: an identity store is where you store users, roles, groups, etc ..
  253. (18:33:27) pedroigor: ok so far ?
  254. (18:33:36) vwjuicew: yes
  255. (18:33:40) pedroigor: ok
  256. (18:34:06) pedroigor: so, if you don't provide any configuration, you can start injecting:
  257. (18:34:10) pedroigor: @Inject Identity
  258. (18:34:16) pedroigor: @Inject IdentityManager
  259. (18:34:21) pedroigor: @Inject RelationshipManager
  260. (18:34:25) pedroigor: @Inject PartitionManager
  261. (18:34:41) pedroigor: the Identity bean is responsible to provide you authentication features.
  262. (18:34:45) pedroigor: for example:
  263. (18:36:13) pedroigor: https://github.com/jboss-developer/jboss-picketlink-quickstarts/blob/master/picketlink-authentication-two-factor/src/main/java/org/jboss/as/quickstarts/picketlink/authentication/totp/jsf/LoginController.java
  264. (18:36:43) pedroigor: this is an example of bean that uses the Identity bean to authenticate an user
  265. (18:36:57) pedroigor: as you can see, we use a
  266. (18:36:59) pedroigor: @Inject
  267. (18:37:01) pedroigor: private DefaultLoginCredentials loginCredentials;
  268. (18:37:18) pedroigor: to set user credentials
  269. (18:37:25) pedroigor: credential.setUsername(this.loginCredentials.getUserId());
  270. (18:37:27) pedroigor: credential.setPassword((Password) this.loginCredentials.getCredential());
  271. (18:37:33) pedroigor: and when you call identity.login()
  272. (18:37:51) pedroigor: PL is going to automatically authenticate the user based on the provided credentials
  273. (18:37:59) pedroigor: ok ?
  274. (18:38:13) pedroigor: let me give you a more simple example :)
  275. (18:38:50) pedroigor: https://github.com/picketlink/picketlink/blob/master/tests/src/test/java/org/picketlink/test/authentication/DefaultAuthenticationTestCase.java#L57
  276. (18:38:51) vwjuicew: yeah, I've tested that usercase in the past, but also with a customAuthenticator
  277. (18:38:59) pedroigor: cool
  278. (18:39:01) pedroigor: now ..
  279. (18:39:18) pedroigor: how PL knows if the credentials are valid ?
  280. (18:39:25) vwjuicew: the problem I was having back then is that identity didn't hold the session but I suspect that was because of jetty
  281. (18:39:27) pedroigor: here comes PicketLink IDM
  282. (18:39:34) pedroigor: probably ..
  283. (18:39:39) pedroigor: so ..
  284. (18:39:51) pedroigor: by default, PicketLink provides a IdmAuthenticator
  285. (18:39:58) vwjuicew: yes
  286. (18:40:06) pedroigor: which knows how to use PicketLink IDM to query users, check credentials, etc ..
  287. (18:40:12) pedroigor: that said,
  288. (18:40:28) pedroigor: in order to start authenticating your users, you just need them stored in IDM.
  289. (18:41:38) pedroigor: https://github.com/jboss-developer/jboss-picketlink-quickstarts/blob/master/picketlink-authorization-idm-jpa/src/main/java/org/jboss/as/quickstarts/picketlink/authorization/idm/jpa/IDMInitializer.java#L49
  290. (18:41:53) pedroigor: this is an example of class that creates some default users during startup ..
  291. (18:42:11) pedroigor: you don't need this, actually:
  292. (18:42:13) pedroigor: IdentityManager identityManager = this.partitionManager.createIdentityManager();
  293. (18:42:21) pedroigor: you can just @Inject IdentityManager and use it ..
  294. (18:42:34) vwjuicew: oh ok
  295. (18:42:52) pedroigor: now, how do you tell PL IDM to use a database instead of the default file-store ?
  296. (18:43:13) pedroigor: basically, you just need to provide a configuration for the IDM
  297. (18:43:19) pedroigor: you can do it in several ways
  298. (18:43:21) vwjuicew: so when it does
  299. (18:43:21) vwjuicew: identityManager.add(mary); it saves it to a file ?
  300. (18:43:36) pedroigor: by default, yes ... if you don't provide any specific configuration.
  301. (18:43:42) vwjuicew: yes ok
  302. (18:43:44) pedroigor: like you did providing a JPA configuration ..
  303. (18:43:48) pedroigor: ok
  304. (18:44:04) pedroigor: so, your app is configuring IDM using a JPA store, right ?
  305. (18:44:08) pedroigor: and you did that by doing this:
  306. (18:44:40) pedroigor: https://github.com/jboss-developer/jboss-picketlink-quickstarts/blob/master/picketlink-authorization-idm-jpa/src/main/java/org/jboss/as/quickstarts/picketlink/authorization/idm/jpa/IDMConfiguration.java
  307. (18:45:47) pedroigor: but here is one important thing ..
  308. (18:46:04) pedroigor: if you want to use a default configuration for JPA
  309. (18:46:15) pedroigor: you just need to add the picketlink-idm-simple-schema to your deployment
  310. (18:46:29) pedroigor: and produce a @PicketLink EntityManager
  311. (18:46:31) pedroigor: only that
  312. (18:47:24) pedroigor: you only need to provide a custom configuration for JPA if the default model provided by PL is not enough ..
  313. (18:47:40) pedroigor: the default model is that User, Role, Group, Grant, etc types ..
  314. (18:48:00) pedroigor: and the picketlink-idm-simple-schema provides the default entities to map those types ..
  315. (18:48:04) pedroigor: ok ?
  316. (18:48:50) vwjuicew: yes
  317. (18:53:31) pedroigor: the good thing about using PL IDM is that you can start storing your identities (users, roles, groups) pretty quickly ..
  318. (18:53:53) pedroigor: and use the same API to store them in different stores
  319. (18:54:01) pedroigor: or even support multiple stores and partitions ..
  320. (18:54:21) pedroigor: for example, that error you are getting is because there is no partition to store your users.
  321. (18:54:45) pedroigor: by default, PL uses a partition with type Realm and name "default".
  322. (18:54:57) pedroigor: you need a partition to store users, roles, groups, whatever ..
  323. (18:55:28) pedroigor: during startup, picketlink creates this default partition for you automatically.
  324. (18:55:40) pedroigor: in your case, it is not being created because of those JPA issues
  325. (18:56:05) pedroigor: so,
  326. (18:56:08) pedroigor: in your case ...
  327. (18:56:15) vwjuicew: so you can have more than one partition in every store ?
  328. (18:56:21) pedroigor: yeah
  329. (18:56:27) pedroigor: you can store, for example:
  330. (18:56:36) pedroigor: users X, P, T, O in Partition A
  331. (18:56:44) pedroigor: and users A, B, C, D in Partition B
  332. (18:56:48) pedroigor: the same for roles and groups
  333. (18:56:59) pedroigor: you can store partition A using a LDAP store
  334. (18:57:05) pedroigor: and partition B using database
  335. (18:57:11) pedroigor: there are a lof of combinations ..
  336. (18:57:18) pedroigor: take a look at this quickstart later ..
  337. (18:57:23) vwjuicew: yes yes
  338. (18:57:31) pedroigor: https://github.com/jboss-developer/jboss-picketlink-quickstarts/tree/master/picketlink-authentication-idm-multi-tenancy
  339. (18:57:34) pedroigor: so ..
  340. (18:57:46) vwjuicew: but theres not much sense in creating 2 partitions with the same store right ?
  341. (18:57:58) pedroigor: actually, there is ..
  342. (18:58:14) pedroigor: if you want to provide a multi-tenant architecture using a single repository ..
  343. (18:58:19) pedroigor: a SaaS application
  344. (18:58:32) pedroigor: serving multiple security domains or companies, etc ..
  345. (18:59:18) vwjuicew: hm ok, nice
  346. (18:59:38) pedroigor: welll
  347. (18:59:40) pedroigor: well
  348. (18:59:43) pedroigor: basically, that is it ..
  349. (18:59:54) pedroigor: your app is really different than what we're used to
  350. (19:00:07) pedroigor: it is using gwt with errai, etc ..
  351. (19:00:14) pedroigor: I'm a newbie on this techs
  352. (19:00:40) pedroigor: but I really would like to get this working to make sure we're covering this usecase
  353. (19:01:04) vwjuicew: yeah me too haha
  354. (19:01:23) pedroigor: given that there is some examples using errai and picketlink from errai team ..
  355. (19:01:35) pedroigor: i think you guys should take a look on them ..
  356. (19:01:53) vwjuicew: yes. ok.
  357. (19:01:55) pedroigor: and give them a try, before trying by yourselves ....
  358. (19:02:17) vwjuicew: yes :/ sorry about that
  359. (19:02:42) vwjuicew: so I will consider migrating out users to picketlink model
  360. (19:02:54) pedroigor: i think is better ..
  361. (19:03:06) pedroigor: but first, you need to solve that JPA issue ..
  362. (19:03:17) pedroigor: otherwise you won't be able to use the JPA store
  363. (19:04:13) vwjuicew: but in case our boss won't accept this, and we use out custom users, authentication will be done by IDM checking the picketlink tables ? Or will it check out custom entities ?
  364. (19:04:41) pedroigor: you can always provide your own representations to users, roles, etc ..
  365. (19:05:29) pedroigor: for example ..
  366. (19:05:31) pedroigor: https://github.com/jboss-developer/jboss-picketlink-quickstarts/blob/master/picketlink-angularjs-rest/src/main/java/com/gr/project/security/model/MyUser.java
  367. (19:05:37) pedroigor: this app uses a custom user representation
  368. (19:05:39) pedroigor: MyUser
  369. (19:06:10) pedroigor: and it is also a good example about how to integrate the identity model managed by PL with your app domain model
  370. (19:06:23) pedroigor: the type above is associated with a Person
  371. (19:06:36) pedroigor: which is an entity from that app domain/entity model
  372. (19:06:43) pedroigor: so everytime we load or store an user
  373. (19:06:51) pedroigor: we also store/get the associated Person
  374. (19:07:17) pedroigor: Person is not related with PL, but just an usual JPA entity to store some specific data
  375. (19:08:06) vwjuicew: yeah, that looks like what we did
  376. (19:08:17) pedroigor: yeah ..
  377. (19:08:52) vwjuicew: and, MyUser won't be persisted to a MyUser table right? instead it will be persisted as MyUserTypeEntity because this class 'maps' MyUser ?
  378. (19:10:34) pedroigor: MyUser is not an Entity ..
  379. (19:10:45) pedroigor: but is a IdentityType, which is stored by the MyUserTypeEntity
  380. (19:11:21) pedroigor: but yes, you're right ..
  381. (19:11:32) pedroigor: look ..
  382. (19:11:59) pedroigor: what we can do to get you guys trying PL out is use the file store instead
  383. (19:12:41) pedroigor: later, when you guys find a way to use JPA with errai. you can just switch ..
  384. (19:13:02) vwjuicew: at startup we should get alll the users from database and convert them to PL entities and save them to the IDM, correct ?
  385. (19:13:28) vwjuicew: (if we want to use our already stored users ..)
  386. (19:16:39) pedroigor: ahh ..
  387. (19:17:02) pedroigor: you already have users stored using your own schema ?
  388. (19:17:17) vwjuicew: yeap
  389. (19:17:23) pedroigor: humm ..
  390. (19:17:40) pedroigor: that makes things more interesting :)
  391. (19:17:43) pedroigor: well ..
  392. (19:18:59) pedroigor: PL provides a bunch of JPA annotations that you can use to decorate your existing entities
  393. (19:19:03) vwjuicew: haha, yes, that's why we were trying to use custom entities, otherwise we would just used simpleSchema
  394. (19:20:44) pedroigor: that would require some more understanding about the JPA annotations provided by PL
  395. (19:21:14) pedroigor: so you can create entities based on your existent schema ..
  396. (19:21:18) vwjuicew: ok, yeah honestly I haven't checked those annotations
  397. (19:21:30) vwjuicew: oh ok...
  398. (19:21:45) vwjuicew: you mean PL entities
  399. (19:21:46) vwjuicew: ?
  400. (19:22:10) pedroigor: here are they:
  401. (19:22:43) pedroigor: http://docs.jboss.org/picketlink/2/latest/reference/html/chap-Identity_Management_-_Working_with_JPA.html
  402. (19:22:47) pedroigor: 8.1.3
  403. (19:35:06) vwjuicew: (could it be that 8.1.4 has a typo ? it also says 'map entities to IdentityType types'? )
  404. (19:35:24) pedroigor: 8.1.3. Mapping IdentityType Types
  405. (19:35:29) pedroigor: yeah, those are the annotations ..
  406. (19:35:31) pedroigor: btw ..
  407. (19:35:46) pedroigor: I got your app working with the file store ..
  408. (19:35:57) pedroigor: that way you can start using PL and understand hwo to use it ..
  409. (19:36:24) vwjuicew: oh really ? nice, can you commit the changes to another branch ?
  410. (19:36:38) pedroigor: yeah ..
  411. (19:37:19) vwjuicew: woohoo :) thank you so much, you didn't need to do it, thanks!
  412. (19:38:16) vwjuicew: ok, I understand better now, so my idea to 'translate' our users into IDM is, if when authenticating, user is not found, add it to IDM, and eventually all users will be stored in the IDM. Does this make sense ?
  413. (19:38:39) pedroigor: you may not need that ..
  414. (19:38:47) pedroigor: that is the while point of PicketLink IDM ..
  415. (19:38:57) pedroigor: you may integrate it with your existing schema ...
  416. (19:39:00) pedroigor: for example ..
  417. (19:39:18) pedroigor: you just apply those JPA annotations from PL to your entities from -extra
  418. (19:39:20) pedroigor: got it ?
  419. (19:44:18) vwjuicew: yeah.. but let me ask with an example
  420. (19:45:27) vwjuicew: we have User (it's a jpa @Entity)
  421. (19:45:42) vwjuicew: should we make it a non-Entity class ?
  422. (19:46:40) pedroigor: no, you just need to use the JPA annotations from PicketLink to map it to your UserImpl ..
  423. (19:46:49) pedroigor: which is a PicketLink IdentityType ..
  424. (19:46:51) pedroigor: got it ?
  425. (19:47:53) vwjuicew: so User stays as is, and UserImpl will have the same fields, annotated with PL annotations, and UserImpl extends IdentityType
  426. (19:48:57) vwjuicew: And then we also have AccountTypeEntity, which is annotated with @IdentityManaged ({UserImpl.class})
  427. (19:48:57) pedroigor: yeah, but the User is where you are going to put the JPA annotations. As this is the entity class that is going to be used to store UserImpl instances.
  428. (19:49:07) pedroigor: I can help you guys with this mapping ..
  429. (19:49:23) pedroigor: but you should first find a way to make JPA work in your app
  430. (19:49:40) vwjuicew: yeah ok, I will start by the EM problem
  431. (19:49:49) vwjuicew: but just to wrap this up
  432. (19:51:26) vwjuicew: User will be a @Entity, and have JPA and PL annotations, and also will be annotated with @IdentityManaged ({UserImpl.class}) ???
  433. (19:51:46) pedroigor: yeah !
  434. (19:51:48) pedroigor: exactly :)
  435. (19:51:53) pedroigor: so you are telling:
  436. (19:52:17) pedroigor: "Hey PicketLink, this is the entity that is responsible to store UserImpl."
  437. (19:52:30) vwjuicew: and should it extend IdentityTypeEntity ? or UserImpl should ?
  438. (19:52:50) pedroigor: UserImpl, as it is the type managed by PL
  439. (19:53:10) vwjuicew: ok.. and we would get rid of AccountTypeEntity
  440. (19:53:13) pedroigor: take a look at the AccountTypeEntity
  441. (19:53:16) pedroigor: yeah
  442. (19:53:38) pedroigor: you'll see that we have there a @IdentityManaged
  443. (19:53:39) vwjuicew: ok, so we got this a little wrong haha :/
  444. (19:53:52) pedroigor: which tells which IdentityTypes are supported by this entity
  445. (19:54:27) pedroigor: also, you may noticed some other annotations like:
  446. (19:54:36) pedroigor: @AttributeValue
  447. (19:54:38) pedroigor: private String loginName;
  448. (19:54:42) pedroigor: @AttributeValue
  449. (19:54:44) pedroigor: private String firstName;
  450. (19:54:48) pedroigor: @AttributeValue
  451. (19:54:50) pedroigor: private String lastName;
  452. (19:54:54) pedroigor: @AttributeValue
  453. (19:54:56) pedroigor: private String email;
  454. (19:54:58) pedroigor: the @AttributeValue is used to map a column on this entity to a property on the IdentityType
  455. (19:55:07) pedroigor: so, UserImpl has a loginName getter/setter, right ?
  456. (19:55:23) pedroigor: and also the Entity
  457. (19:55:27) vwjuicew: yeah I got that just now when I read the docs about those Annotations
  458. (19:55:46) pedroigor: so PL is going to automatically get the value from an UserImpl instance and put it in a User entity instance.
  459. (19:55:48) pedroigor: when you call
  460. (19:55:51) pedroigor: identityManager.add
  461. (19:55:58) pedroigor: the same when loading from the IDM
  462. (19:56:19) pedroigor: PL will get each property from the User entity and put it back in a UserImpl instance ..
  463. (19:56:24) pedroigor: more clear now ?
  464. (19:56:52) pedroigor: that is the beauty of PL ...
  465. (19:56:54) pedroigor: :)
  466. (19:57:10) pedroigor: you can quickly enable your app to use some IDM features.
  467. (19:57:14) pedroigor: using a unified API
  468. (19:57:28) pedroigor: and from a central point ..
  469. (19:59:02) vwjuicew: yes! beautiful in deed!
  470. (19:59:39) vwjuicew: just what we need, but we have 3 classes now, so we got it all wrong
  471. (20:00:17) pedroigor: yeah, it is a bit wrong ..
  472. (20:00:25) pedroigor: i did not understand some things like:
  473. (20:00:39) pedroigor: those daos
  474. (20:00:51) pedroigor: app.server.helper.impl.SessionHelperImpl#getCurrentUser
  475. (20:00:58) pedroigor: the logic inside that method ..
  476. (20:01:10) pedroigor: you just need to return the Account
  477. (20:01:14) vwjuicew: that's from the previous implementation
  478. (20:01:16) pedroigor: which would be a UserImpl
  479. (20:01:19) pedroigor: no entity
  480. (20:01:20) vwjuicew: we were using Shiro
  481. (20:01:24) pedroigor: the entity is hidden from your app
  482. (20:01:32) pedroigor: only PL needs to know about them ..
  483. (20:03:10) vwjuicew: ok, so now we will use UserImpl which is the nonEntity
  484. (20:03:25) vwjuicew: and leave PL to store it as a User
  485. (20:03:27) pedroigor: ok
  486. (20:04:05) vwjuicew: is that the correct use case ?
  487. (20:07:19) pedroigor: yeah
  488. (20:07:29) pedroigor: you work only with UserImpl, never the entity
  489. (20:08:04) vwjuicew: ok, that we were doing the wrong way too
  490. (20:08:11) pedroigor: yeah
  491. (20:08:27) pedroigor: forget the entity when writing your security logic
  492. (20:08:38) vwjuicew: yes, understood
  493. (20:08:57) pedroigor: so you can use a file store during development, for example ..
  494. (20:09:03) pedroigor: and in production use a jpa or ldap store
  495. (20:09:08) pedroigor: with the same code
  496. (20:09:15) pedroigor: that is the idea ..
  497. (20:09:43) vwjuicew: I will definitely save this chat
  498. (20:09:54) vwjuicew: oooooh, that's a good one
  499. (20:10:19) vwjuicew: but where is the file saved ? does it deletes every time I deploy ?
  500. (20:10:38) pedroigor: you can delete or not ..
  501. (20:10:48) pedroigor: look the documentation ...
  502. (20:10:52) pedroigor: there are examples ..
  503. (20:11:05) pedroigor: this is what you need to use the file store:
  504. (20:11:11) pedroigor: @Produces
  505. (20:11:14) pedroigor: public IdentityConfiguration getConfiguration() {
  506. (20:11:16) pedroigor: IdentityConfigurationBuilder builder = new IdentityConfigurationBuilder();
  507. (20:11:20) pedroigor: builder
  508. (20:11:22) pedroigor: .named("file.store")
  509. (20:11:24) pedroigor: .stores()
  510. (20:11:26) pedroigor: .file()
  511. (20:11:28) pedroigor: .supportType(UserImpl.class)
  512. (20:11:30) pedroigor: .setCredentialHandlerProperty(CredentialHandler.SUPPORTED_ACCOUNT_TYPES_PROPERTY, UserImpl.class)
  513. (20:11:32) pedroigor: .supportAllFeatures();
  514. (20:11:36) pedroigor: return builder.build();
  515. (20:11:38) pedroigor: }
  516. (20:11:40) pedroigor: this would recreate the files each time PL starts
  517. (20:11:42) pedroigor: if you want to preserve state you just set
  518. (20:11:50) pedroigor: .file()
  519. (20:11:52) pedroigor: .preserveState(true)
  520. (20:12:09) pedroigor: then you'll preserve data during redeploys
  521. (20:12:51) vwjuicew: Nice
  522. (20:13:25) pedroigor: let me give you the file-based working version to your app ..
  523. (20:13:30) pedroigor: so you can at least start using it ..
  524. (20:14:12) vwjuicew: yes, commit it to the git repo if you prefer to do it this way
  525. (20:21:34) pedroigor: do i have permission ?
  526. (20:33:45) vwjuicew: sry
  527. (20:34:07) vwjuicew: mm, I don't know, you probably need to have a user in bitbucket
  528. (20:34:15) vwjuicew: do you prefer github ?
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!