Issue with custom RestAuthenticator Using Rest 5.13
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-12-2013 04:40 AM
Hi,
I'm developing a custom rest application with custom rest services on top of activiti-rest 5.13. As we have integrated siteminder(SSO) in application, all the request will go through the siteminder authentication using cookie value being passed from client to rest application, So I have removed extra authentication for activiti-rest services by customizing the ActivitiRestServicesApplication and created custom restAuthenticator by overriding methods requestRequiresAuthentication and isRequestAuthorized. Returning always false in the overriding method requestRequiresAuthentication of restAuthenticator class by this I'm removing extra authentication. With this configuration able to remove authentication in verify method, but the problem is for each resource invocation again the authenticate method is invoked in SecuredResource class and trying to retrieve the loogedInUser name.
Here is the piece of code getting invoked in ActivitiRestApplication,
public String authenticate(Request request, Response response) {
if (!(request.getClientInfo().isAuthenticated())) {
this.authenticator.challenge(response, false);
return null;
}
return request.getClientInfo().getUser().getIdentifier();
}
So the issue I'm facing is request.getClientInfo().getUser() is returning as null always, because of this rest service is not called. I'm not sure why the request.getClientInfo().getUser() is returning null. For the new custom rest service I have used SecurityContext in resource class and able to retrieve the User Principal information. Could any one help me how to achieve the same for the existing rest services?
I'm developing a custom rest application with custom rest services on top of activiti-rest 5.13. As we have integrated siteminder(SSO) in application, all the request will go through the siteminder authentication using cookie value being passed from client to rest application, So I have removed extra authentication for activiti-rest services by customizing the ActivitiRestServicesApplication and created custom restAuthenticator by overriding methods requestRequiresAuthentication and isRequestAuthorized. Returning always false in the overriding method requestRequiresAuthentication of restAuthenticator class by this I'm removing extra authentication. With this configuration able to remove authentication in verify method, but the problem is for each resource invocation again the authenticate method is invoked in SecuredResource class and trying to retrieve the loogedInUser name.
Here is the piece of code getting invoked in ActivitiRestApplication,
public String authenticate(Request request, Response response) {
if (!(request.getClientInfo().isAuthenticated())) {
this.authenticator.challenge(response, false);
return null;
}
return request.getClientInfo().getUser().getIdentifier();
}
So the issue I'm facing is request.getClientInfo().getUser() is returning as null always, because of this rest service is not called. I'm not sure why the request.getClientInfo().getUser() is returning null. For the new custom rest service I have used SecurityContext in resource class and able to retrieve the User Principal information. Could any one help me how to achieve the same for the existing rest services?
Labels:
- Labels:
-
Archive
12 REPLIES 12
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-14-2014 06:24 AM
Is is possible for you to share the approach you followed to make explorer & rest ltpa & sso aware. I am attempting the same with open am. Appreciate your help if you could share some documents or info
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-30-2015 08:55 AM
It was a network problem. Everything is ok. In general, this
<code>
org.restlet.security.User RestletUser = new org.restlet.security.User();
RestletUser.setIdentifier(userName);
ClientInfo info = new ClientInfo();
info.setUser(RestletUser);
request.setClientInfo(info);
</code>
in combination with this:
<code>
Authentication.setAuthenticatedUserId(user.getId());
</code>
did the trick.
Best regards
Ben
<code>
org.restlet.security.User RestletUser = new org.restlet.security.User();
RestletUser.setIdentifier(userName);
ClientInfo info = new ClientInfo();
info.setUser(RestletUser);
request.setClientInfo(info);
</code>
in combination with this:
<code>
Authentication.setAuthenticatedUserId(user.getId());
</code>
did the trick.
Best regards
Ben
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-30-2015 08:56 AM
I have exactly the same issue. I followed the instructions here: http://forums.activiti.org/content/authentication-alternatives-rest-webapp
and populate the org.activiti.engine.impl.identity.Authentication.setAuthenticatedUserId() in the boolean requestRequiresAuthentication(Request request) method, to let the engine know which user is performing the REST-operation:
1. Decrypt the SSO-Token in RestAuthentiocator (this is possible with java and some keys)
2. Read out the user-id from the SSO-Cookie (Probably the LDAP CN Name)
3. Set this User-id with org.activiti.engine.impl.identity.Authentication.setAuthenticatedUserId()
4. Perform the REST-Request
Then I get the following nullpointer:
<code>
Caused by: java.lang.NullPointerException
at org.activiti.rest.common.application.ActivitiRestApplication.authenticate(ActivitiRestApplication.java:108)
at org.activiti.rest.common.api.SecuredResource.authenticate(SecuredResource.java:171)
at org.activiti.rest.common.api.SecuredResource.authenticate(SecuredResource.java:167)
at org.activiti.rest.service.api.repository.ProcessDefinitionCollectionResource.getProcessDefinitions(ProcessDefinitionCollectionResource.java:47)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.restlet.resource.ServerResource.doHandle(ServerResource.java:506)
… 62 more
</code>
This here returns null:
<code>
public String authenticate(Request request, Response response) {
if (!request.getClientInfo().isAuthenticated()) {
authenticator.challenge(response, false);
return null;
}
return request.getClientInfo().getUser().getIdentifier();
}
</code>
Even though I set the user id. I want to achieve an SSO based in LTPA. Therefore, I extract the user id from the request and set the user-id. Could I simply add a try-catch? How how can I avoid this nullpointer in this situation?
Best regards
Ben
and populate the org.activiti.engine.impl.identity.Authentication.setAuthenticatedUserId() in the boolean requestRequiresAuthentication(Request request) method, to let the engine know which user is performing the REST-operation:
1. Decrypt the SSO-Token in RestAuthentiocator (this is possible with java and some keys)
2. Read out the user-id from the SSO-Cookie (Probably the LDAP CN Name)
3. Set this User-id with org.activiti.engine.impl.identity.Authentication.setAuthenticatedUserId()
4. Perform the REST-Request
Then I get the following nullpointer:
<code>
Caused by: java.lang.NullPointerException
at org.activiti.rest.common.application.ActivitiRestApplication.authenticate(ActivitiRestApplication.java:108)
at org.activiti.rest.common.api.SecuredResource.authenticate(SecuredResource.java:171)
at org.activiti.rest.common.api.SecuredResource.authenticate(SecuredResource.java:167)
at org.activiti.rest.service.api.repository.ProcessDefinitionCollectionResource.getProcessDefinitions(ProcessDefinitionCollectionResource.java:47)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.restlet.resource.ServerResource.doHandle(ServerResource.java:506)
… 62 more
</code>
This here returns null:
<code>
public String authenticate(Request request, Response response) {
if (!request.getClientInfo().isAuthenticated()) {
authenticator.challenge(response, false);
return null;
}
return request.getClientInfo().getUser().getIdentifier();
}
</code>
Even though I set the user id. I want to achieve an SSO based in LTPA. Therefore, I extract the user id from the request and set the user-id. Could I simply add a try-catch? How how can I avoid this nullpointer in this situation?
Best regards
Ben
