Identity injection doesn't work on WebFilter in Wildfly

Question

I'm playing with the following stack:

• wildfly8.1.0
• primefaces 5
• omnifaces 2.0
• picketlink 2.5.2
• jsf2.2
• javaee7
• java7

and I have an ear project.

Then I created a simple web filter to check the role of a user:

@WebFilter(urlPatterns = MemberProtectionFilter.REALM_BASE_URI + "/*")
public class MemberProtectionFilter implements Filter {

    public static final String REALM_BASE_URI = "/pages/member";

    @Inject
    private Instance<Identity> identityInstance;

    @Inject
    private Identity identity;

    private Identity getIdentity() {
        return this.identityInstance.get();
    }

    @Override
    public void destroy() {

    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        HttpServletResponse httpResponse = (HttpServletResponse) response;

        boolean isAuthorized = identity.isLoggedIn();
        PicketlinkAccount account = (PicketlinkAccount) getIdentity()
                .getAccount();

        if (isAuthorized && account != null
                && account.getUser().hasRole("member")) {
            chain.doFilter(httpRequest, httpResponse);
        } else {
            forwardAccessDeniedPage(httpRequest, httpResponse);
        }
    }
}

I deployed it on wildfly without a problem.

Now I want my application to be deploy on the root context /. So I removed the welcome-content in wildfly's admin interface and changed the ear project pom.xml webModule's definition to:

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-ear-plugin</artifactId>
    <version>${version.ear.plugin}</version>
    <configuration>
        <version>6</version>
        <defaultLibBundleDir>lib</defaultLibBundleDir>
        <modules>

            <webModule>
                <groupId>com.czetsuya</groupId>
                <artifactId>picketlink-web</artifactId>
                <contextRoot>/</contextRoot>
            </webModule>

        </modules>
        <fileNameMapping>no-version</fileNameMapping>
    </configuration>
</plugin>

This time after loggin, although identity is injected correctly identity.isLoggedIn() is always evaluated to false. Also I checked the hashCode of identity after login and in the filter and they were the same. So it's the same instance, but why logout in WebFilter? Furthermore, when I go to another page without filter, identity.isLoggedIn() is true again.

I'm working on localhost so root context is http://localhost:8080/

Any idea?

Answer 1

I was able to solved this issue, but didn't really managed to find the real cause. The solution was to deploy the ear on another server with a public ip like openshift.