0

I have a simple login system with token using PicketLin (stateless)k + WildFly + Angular.

The problems is: when I put a wrong password, the server sends to me the header:

WWW-Authenticate:Basic realm="PicketLink Default Realm"

And this causes the browser to open the basic authentication windows. I need to use a form, not the default browse authentication window; I tried to create a interceptor in angular to try stop, but the browser intercepts and interprets the header before anything.

This is the configuration of PicketLink:

SecurityConfigurationBuilder builder = event.getBuilder();
builder.identity().stateless().http()
        .forPath("/api/*").authenticateWith().token();

This is the code of Realm and certificate (for token generating) code: (Irrelevant methods are omitted)

...
private void createDefaultPartition(PartitionManager partitionManager) {

    Realm partition = partitionManager.getPartition(Realm.class, Realm.DEFAULT_REALM);

    if (partition == null) {
        try {
            partition = new Realm(Realm.DEFAULT_REALM);
            partition.setAttribute(new Attribute<byte[]>("PublicKey", getPublicKey()));
            partition.setAttribute(new Attribute<byte[]>("PrivateKey",getPrivateKey()));
            partitionManager.add(partition);
        } catch (Exception e) {
            //log...
        }
    }
}


public void createAdminAccount(PartitionManager partitionManager) {
    IdentityManager identityManager = partitionManager.createIdentityManager();
    User user = new User("symon");
    user.setEmail("symoncc@gmail.com");
    user.setFirstName("Symon");
    user.setLastName("Lopes");
    identityManager.add(user);
    identityManager.updateCredential(user, new Password("123456"));
}

Login code:

...
<body ng-app="app" >
    <div ng-controller="LoginController">

        <label>Usuário</label><br />
        <input type="text" id="usuario" ng-model="usuario.nome" /> <br />

        <label>Senha</label><br />
        <input type="text" id="senha" ng-model="usuario.senha" /> <br />

        <input type="button" value="logar" ng-click="logar()" />

        <div ng-show="loginResult">
            {{loginResult}}
        </div>
    </div>
</body>
...

app js code:

  (function(){

var app = angular.module('app',['ngRoute']);
var session = {};

app.config(['$routeProvider',function($routeProvider) {
    $routeProvider
        .when('/protected', {templateUrl:'partials/protected.html', controller: 'ProtectedController' })
}]);


app.controller('LoginController', ['$scope','$http',function($scope,$http) {
    $scope.usuario =  {nome:'symon', senha:'123456'};

    $scope.logar = function(){
        //$http.defaults.headers.common.Authorization = 'Basic ' + btoa($scope.usuario.nome + ':' + $scope.usuario.senha);
        $http.post('api/private/authc', {},{headers: { 'Authorization' : 'Basic ' + btoa($scope.usuario.nome + ':' + $scope.usuario.senha) }})
            .success(function(auth){
                $scope.loginResult = 'Autenticação efetuada com sucesso';
                session.token =auth.authctoken
                $http.get('api/pessoas',{headers: { 'Authorization' : 'Token ' +  session.token }}).success(
                        function(dados){
                            console.log(dados);
                        });             
            })
            .error(function(data){
                $scope.loginResult = 'Falha ao tentar fazer login: ' + data;                    
            });
    };      
}]);

})();
LisaMM
  • 675
  • 1
  • 16
  • 28
Symon Moura Lopes
  • 19
  • 3

1 Answers1

2

To get work, you should add another header in the login resource like this: "X-Requested-With": "XMLHttpRequest". Modify your angular security.js file like this:

.factory('LoginResource', ['$resource', function($resource) {  
   return function(newUser) {  
   return $resource('rest/private/:dest', {}, {  
   login: {method: 'POST', params: {dest:"authc"}, headers:{"Authorization": "Basic " + btoa(newUser.userId + ":" + newUser.password), "X-Requested-With": "XMLHttpRequest"  
   } }  
  });  
}}]);

I hope this helps. ;)

rodrix
  • 470
  • 6
  • 17