0

我正在尝试使用 JWT 令牌保护 RESTful Web 服务;它基本上是 picketlink-angularjs-rest:PicketLink AngularJS 和 REST 安全快速入门,但带有 L​​DAP (AD) 身份存储。

当客户端尝试获取令牌时,LDAP 授权工作正常,但随后NullPointerException在 JWSTokenProvider尝试使用令牌更新帐户时发生。

14:18:51,463 ERROR [org.picketlink.http] (default task-1) Exception thrown during processing for path [/web/rest/authenticate]. Sending error with status code [500].: javax.ejb.EJBException: org.picketlink.idm.IdentityManagementException: PLIDM000201: Credential update failed for account [org.picketlink.idm.model.basic.User@bd0f05c0] and type [app.security.jws.JWSToken@7abd2a33].
    (...)
    at org.picketlink.http.internal.authentication.schemes.TokenAuthenticationScheme.issueToken(TokenAuthenticationScheme.java:222) [picketlink-impl-2.7.0.Final.jar:]
    at org.picketlink.http.internal.authentication.schemes.TokenAuthenticationScheme.onPostAuthentication(TokenAuthenticationScheme.java:128) [picketlink-impl-2.7.0.Final.jar:]
    at org.picketlink.http.internal.SecurityFilter.performAuthenticationIfRequired(SecurityFilter.java:437) [picketlink-impl-2.7.0.Final.jar:]
    at org.picketlink.http.internal.SecurityFilter.doFilter(SecurityFilter.java:174) [picketlink-impl-2.7.0.Final.jar:]
    at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
    at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
    (...)
    at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_45]
Caused by: org.picketlink.idm.IdentityManagementException: PLIDM000201: Credential update failed for account [org.picketlink.idm.model.basic.User@bd0f05c0] and type [app.security.jws.JWSToken@7abd2a33].
    at org.picketlink.idm.internal.ContextualIdentityManager.updateCredential(ContextualIdentityManager.java:235) [picketlink-idm-impl-2.7.0.Final.jar:]
    at org.picketlink.idm.internal.ContextualIdentityManager.updateCredential(ContextualIdentityManager.java:217) [picketlink-idm-impl-2.7.0.Final.jar:]
    at app.security.jws.JWSTokenProvider.issue(JWSTokenProvider.java:50) [app-1.0-SNAPSHOT.jar:]
    (...)
    ... 75 more
Caused by: java.lang.NullPointerException
    at org.picketlink.idm.internal.DefaultStoreSelector.getStoreForCredentialOperation(DefaultStoreSelector.java:221) [picketlink-idm-impl-2.7.0.Final.jar:]
    at org.picketlink.idm.internal.ContextualIdentityManager.updateCredential(ContextualIdentityManager.java:231) [picketlink-idm-impl-2.7.0.Final.jar:]
    ... 112 more

(完整的堆栈跟踪在这里

我怎样才能使这个场景工作?或者如果在 PicketLink 中不可能,还有什么替代方案?”我正在使用 Java EE 7 和 WildFly 应用程序服务器。

4

1 回答 1

2

也许不支持此配置?检查Picketlink 文档:http ://docs.jboss.org/picketlink/2/latest/reference/html/sect-Built-in_Credential_Handlers.html

org.picketlink.idm.credential.TokenCredential用于基于令牌的身份验证,由JPAIdentityStore和支持FileBasedIdentityStore

于 2016-07-22T10:50:30.147 回答