I have spent days on updating myself to Java EE 8, there is a problem I'v encountered when used @CustomFormAuthenticationMechanismDefinition and @DatabaseIdentityStoreDefinition together.
I am using Glassfish v5, NetBeans 9 nightly and Java 8.
What I did is just want to update the app-mem-customform sample in the security-soteria(Java EE Security 1.0 RI) test folder, and what I have changed is using @DatabaseIdentityStoreDefinition to replace the memory based dummy IdentityStore.
When I starts up the application, and try to login, got the following info from the NetBeans console.
Info: Activating javax.security.enterprise.identitystore.DatabaseIdentityStoreDefinition identity store from com.hantsylabs.example.ee8.security.ApplicationConfig class
Info: Activating javax.security.enterprise.authentication.mechanism.http.CustomFormAuthenticationMechanismDefinition authentication mechanism from com.hantsylabs.example.ee8.security.ApplicationConfig class
Warning: RAR8705: Invalid value for property dynamic-reconfiguration-wait-timeout-in-seconds : null
Info: initializing database...
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: Initializing Soteria 1.0 for context '/security-custom-form-db'
Info: Registering WebSocket filter for url pattern /*
Info: Initializing Mojarra 2.3.2 ( 20170627-2139 e63598abf2ed2bb1a24674f308a734e0dce18a72) for context '/security-custom-form-db'
Info: Monitoring jndi:/server/security-custom-form-db/WEB-INF/faces-config.xml for modifications
Info: Loading application [_Security_1.0:_Custom_Form_Authentication_with__DatabaseIdentityStoreDefinition] at [/security-custom-form-db]
Info: _Security_1.0:_Custom_Form_Authentication_with__DatabaseIdentityStoreDefinition was successfully deployed in 3,288 milliseconds.
Warning: RAR8705: Invalid value for property dynamic-reconfiguration-wait-timeout-in-seconds : null
Info: RAR7115: Unable to set ClientInfo for connection
Info: authentication result:NOT_DONE
Info: authentication result:NOT_DONE from my LoginBean, print the returned AuthenticationStatus.
My security config file is:
@CustomFormAuthenticationMechanismDefinition(
loginToContinue = @LoginToContinue(
loginPage = "/login.faces",
errorPage = "" // DRAFT API - must be set to empty for now
)
)
@DatabaseIdentityStoreDefinition(
dataSourceLookup = "${'java:global/MyDS'}",
callerQuery = "#{'select password from caller where name = ?'}",
groupsQuery = "select group_name from caller_groups where caller_name = ?",
hashAlgorithm = Pbkdf2PasswordHash.class,
priorityExpression = "#{100}",
hashAlgorithmParameters = {
"Pbkdf2PasswordHash.Iterations=3072",
"${applicationConfig.dyna}"
} // just for test / example
)
@ApplicationScoped
@Named
public class ApplicationConfig {
public String[] getDyna() {
return new String[]{"Pbkdf2PasswordHash.Algorithm=PBKDF2WithHmacSHA512", "Pbkdf2PasswordHash.SaltSizeBytes=64"};
}
}
I also included the DatabaseSetup to insert users at the application starts up. The file is copied from app-db sample.
My complete codes can be found here.
What is the correct way to use @CustomFormAuthenticationMechanismDefinition and @DatabaseIdentityStoreDefinition seamlessly in projects?
Update, I have just tried to use @FormAuthenticationMechanismDefinition and @DatabaseIdentityStoreDefinition, it works, the codes is here. So is this a bug of @CustomFormAuthenticationMechanismDefinition.
It works for me with custom form and JSF with Glassfish 6.2.5, at first same NOT_DONE thing happened to me as well, but then I figured out that I had errors in SQL statements for
@DatabaseIdentityStoreDefinition. Unfurtunately in this case it just silently returns NOT_DONE, no clues in glassfish logs, etc.Maybe something was fixed since that time.