mercredi 20 mai 2015

Why does referencing a jsf managed bean with an @ejb Enterprise Bean force me to re-authenticate

I am just getting started on a Java EE 7 Project using Maven 3.3.3, and Glassfish 4.1. I have a jdbcRealm configured along with form based authentication. As long as I am not using a JSF Managed Bean that references an Enterprise Bean, everything works fine.

This snippet of code on one of my JSF Templates causes every page to re-authenticate. without it, I can authenticate once and jump between secure pages without re-authentication:

                        <a href="javascript:void(0);" class="dropdown-toggle ink-reaction" data-toggle="dropdown">
                            <!--<img src="${facesContext.externalContext.requestContextPath}/resources/img/avatar1.jpg?1403934956" alt="" />-->
                            <span class="profile-info">
                                <h:outputLabel value="#{membershipController.profileDisplayName}" />
                                <small><h:outputLabel value="#{membershipController.profileDisplayRole}" /></small>
                            </span>
                        </a>
                        <ul class="dropdown-menu animation-dock">
                            <li><a href="../../html/pages/profile.html">My profile</a></li>
                            <li class="divider"></li>
                            <!--<li><a href="../../html/pages/locked.html"><i class="fa fa-fw fa-lock"></i> Lock</a></li>-->
                            <li><h:outputLink value="#{membershipController.logUserOut()}"><i class="fa fa-fw fa-power-off text-danger"></i> Logout</h:outputLink></li>
                        </ul><!--end .dropdown-menu -->

Here is the JSF Managed Bean:

@Named(value = "membershipController")
@SessionScoped
public class MembershipController implements Serializable {

private static final long serialVersionUID = 2878244474899083449L;


@EJB
private MembershipBackingBean membershipBackingBean;
@EJB
private LRMUserFacade lRMUserFacade;
@EJB
private RoleFacade roleFacade;
@EJB
private CryptoTask cryptoTask;    
private LRMUser userPlaceholder = new LRMUser();
private Role rolePlaceholder = new Role();

/**
 * Creates a new instance of SecurityController
 */
public MembershipController() { }

//<editor-fold defaultstate="collapsed" desc="PROPERTIES">

public LRMUser getUserPlaceholder() {
    return userPlaceholder;
}

public void setUserPlaceholder(LRMUser userPlaceholder) {
    this.userPlaceholder = userPlaceholder;
}

public Role getRolePlaceholder() {
    return rolePlaceholder;
}

public void setRolePlaceholder(Role rolePlaceholder) {
    this.rolePlaceholder = rolePlaceholder;
}

// </editor-fold>

/**
 * Create a new User and persist him or
 * her to the database.
 * @return
 */
public String createUser() {
    try {
        this.userPlaceholder.setPassword(getHash(userPlaceholder.getPassword()));
        this.rolePlaceholder.setUserid(userPlaceholder);
        this.rolePlaceholder.setGroupid("staff");
        this.userPlaceholder.getRoles().add(rolePlaceholder);
        this.lRMUserFacade.create(userPlaceholder);
        this.roleFacade.create(rolePlaceholder);
    }
    catch (PersistenceException pEx) {
        Logger.getLogger(MembershipController.class.getName()).log(Level.SEVERE, null, pEx);
        return "userCreationFailure";
    }
    return "userCreationSuccess";
}

private String getHash(String plainText) {
    return this.cryptoTask.getHash(plainText);
}    

public void registerUser() {
    try {
        FacesContext fc = FacesContext.getCurrentInstance();
        ExternalContext externalContext = fc.getExternalContext();
        if (externalContext.getUserPrincipal() == null) {
            Logger.getLogger(MembershipController.class.getName()).log(Level.INFO, null, "User not logged in.");
        }
        else {
            membershipBackingBean.setUser(lRMUserFacade.find(externalContext.getRemoteUser()));
            membershipBackingBean.setRole(roleFacade.getRoleByUser(membershipBackingBean.getUser()));
            membershipBackingBean.setActive(true);
        }
    }
    catch (Exception ex) {
        Logger.getLogger(MembershipController.class.getName()).log(Level.SEVERE, null, ex);
    }
}

public String getProfileDisplayName() {
    if (!membershipBackingBean.isActive()) {
        this.registerUser();
    }
    return this.membershipBackingBean.getUser().toString();
}
public String getProfileDisplayRole() {
    if (!membershipBackingBean.isActive()) {
        this.registerUser();
    }
    return this.membershipBackingBean.getRole().toString();
}

public String logUserOut() {

    FacesContext facesContext = FacesContext.getCurrentInstance();
    HttpServletRequest request = (HttpServletRequest)facesContext.getExternalContext().getRequest();

    try {
        request.logout();
        FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
    } catch (ServletException sEx) {
        Logger.getLogger(MembershipController.class.getName()).log(Level.SEVERE, null, sEx);
        return "../index";
    }
    return "../index";
}

The backing bean just holds a value of User and Role Objects. For some reason my @SessionScoped isn't working for session so the @Stateful BackingBean was used instead.

Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)