AuthenticationStatus return NOT_DONE when use a custom form and a basebase identity store

Question

I have spent days on updating myself to Java EE 8, there is a problem I'v encountered when used @CustomFormAuthenticationMechanismDefinition and @DatabaseIdentityStoreDefinition together.

I am using Glassfish v5, NetBeans 9 nightly and Java 8.

What I did is just want to update the app-mem-customform sample in the security-soteria(Java EE Security 1.0 RI) test folder, and what I have changed is using @DatabaseIdentityStoreDefinition to replace the memory based dummy IdentityStore.

When I starts up the application, and try to login, got the following info from the NetBeans console.

Info:   Activating javax.security.enterprise.identitystore.DatabaseIdentityStoreDefinition identity store from com.hantsylabs.example.ee8.security.ApplicationConfig class
Info:   Activating javax.security.enterprise.authentication.mechanism.http.CustomFormAuthenticationMechanismDefinition authentication mechanism from com.hantsylabs.example.ee8.security.ApplicationConfig class
Warning:   RAR8705: Invalid value for property dynamic-reconfiguration-wait-timeout-in-seconds : null
Info:   initializing database...
Info:   RAR7115: Unable to set ClientInfo for connection
Info:   RAR7115: Unable to set ClientInfo for connection
Info:   RAR7115: Unable to set ClientInfo for connection
Info:   RAR7115: Unable to set ClientInfo for connection
Info:   RAR7115: Unable to set ClientInfo for connection
Info:   RAR7115: Unable to set ClientInfo for connection
Info:   RAR7115: Unable to set ClientInfo for connection
Info:   RAR7115: Unable to set ClientInfo for connection
Info:   RAR7115: Unable to set ClientInfo for connection
Info:   RAR7115: Unable to set ClientInfo for connection
Info:   RAR7115: Unable to set ClientInfo for connection
Info:   RAR7115: Unable to set ClientInfo for connection
Info:   RAR7115: Unable to set ClientInfo for connection
Info:   RAR7115: Unable to set ClientInfo for connection
Info:   RAR7115: Unable to set ClientInfo for connection
Info:   RAR7115: Unable to set ClientInfo for connection
Info:   RAR7115: Unable to set ClientInfo for connection
Info:   Initializing Soteria 1.0 for context '/security-custom-form-db'
Info:   Registering WebSocket filter for url pattern /*
Info:   Initializing Mojarra 2.3.2 ( 20170627-2139 e63598abf2ed2bb1a24674f308a734e0dce18a72) for context '/security-custom-form-db'
Info:   Monitoring jndi:/server/security-custom-form-db/WEB-INF/faces-config.xml for modifications
Info:   Loading application [_Security_1.0:_Custom_Form_Authentication_with__DatabaseIdentityStoreDefinition] at [/security-custom-form-db]
Info:   _Security_1.0:_Custom_Form_Authentication_with__DatabaseIdentityStoreDefinition was successfully deployed in 3,288 milliseconds.
Warning:   RAR8705: Invalid value for property dynamic-reconfiguration-wait-timeout-in-seconds : null
Info:   RAR7115: Unable to set ClientInfo for connection
Info:   authentication result:NOT_DONE

Info: authentication result:NOT_DONE from my LoginBean, print the returned AuthenticationStatus.

My security config file is:

@CustomFormAuthenticationMechanismDefinition(
        loginToContinue = @LoginToContinue(
                loginPage = "/login.faces",
                errorPage = "" // DRAFT API - must be set to empty for now
        )
)
@DatabaseIdentityStoreDefinition(
        dataSourceLookup = "${'java:global/MyDS'}",
        callerQuery = "#{'select password from caller where name = ?'}",
        groupsQuery = "select group_name from caller_groups where caller_name = ?",
        hashAlgorithm = Pbkdf2PasswordHash.class,
        priorityExpression = "#{100}",
        hashAlgorithmParameters = {
            "Pbkdf2PasswordHash.Iterations=3072",
            "${applicationConfig.dyna}"
        } // just for test / example
)
@ApplicationScoped
@Named
public class ApplicationConfig {

    public String[] getDyna() {
        return new String[]{"Pbkdf2PasswordHash.Algorithm=PBKDF2WithHmacSHA512", "Pbkdf2PasswordHash.SaltSizeBytes=64"};
    }

}

I also included the DatabaseSetup to insert users at the application starts up. The file is copied from app-db sample.

My complete codes can be found here.

What is the correct way to use @CustomFormAuthenticationMechanismDefinition and @DatabaseIdentityStoreDefinition seamlessly in projects?

Update, I have just tried to use @FormAuthenticationMechanismDefinition and @DatabaseIdentityStoreDefinition, it works, the codes is here. So is this a bug of @CustomFormAuthenticationMechanismDefinition.

score 1 · Answer 1 · edited Apr 01 '20 at 18:55

1

I had the same problem in my app. Adding .newAuthentication(true)); to authenticate parameters helped me.

edited Apr 01 '20 at 18:55

M--

25,431
8
61
93

answered Mar 31 '20 at 09:50

Zangatsu

11
1

Nikita Zinoviev · Answer 2 · 2022-05-17T12:49:59.617

0

It works for me with custom form and JSF with Glassfish 6.2.5, at first same NOT_DONE thing happened to me as well, but then I figured out that I had errors in SQL statements for @DatabaseIdentityStoreDefinition. Unfurtunately in this case it just silently returns NOT_DONE, no clues in glassfish logs, etc.

Maybe something was fixed since that time.

edited May 17 '22 at 12:49

answered May 08 '22 at 14:23

Nikita Zinoviev

1
2

AuthenticationStatus return NOT_DONE when use a custom form and a basebase identity store

2 Answers2