Getting started on seam-security, picketlink IDM and JPAIdentityStore

I love how JBoss 7(.1) has everything working out of the box – not much fiddling with jars or suchlike and with Arquillian, everything really was a treat to get started on a new project. This was until I had to sort out security with seam-security.

To be fair, the main issue was just poor documentation. It took me a day to sort out what should essentially have taken an hour(or two)

The documentation you get to from seems to be out of date. The fact that the page referes to version 3.0.0.Alpha1 and Alpha2 should have tipped me off but the url for the doc suggested it was the latest.

The more up to date documentation I found was at

I followed chapter 33 on there and I won’t repeat it here for the sake of brevity.

What follows are the additional steps I had to take to get it to work.

I ran into a javax.enterprise.inject.CreationException, the relevant part of the stack trace being:

Caused by: java.lang.IllegalArgumentException: targetClass parameter may not be null
	at [solder-impl-3.1.0.Final.jar:3.1.0.Final]
	at [solder-impl-3.1.0.Final.jar:3.1.0.Final]
	at [seam-security-3.1.0.Final.jar:3.1.0.Final]
	at [seam-security-3.1.0.Final.jar:3.1.0.Final]
	at [seam-security-3.1.0.Final.jar:3.1.0.Final]
	at org.picketlink.idm.impl.configuration.IdentityConfigurationImpl.createRealmMap( [picketlink-idm-core-1.5.0.Alpha02.jar:1.5.0.Alpha02]
	at org.picketlink.idm.impl.configuration.IdentityConfigurationImpl.buildIdentitySessionFactory( [picketlink-idm-core-1.5.0.Alpha02.jar:1.5.0.Alpha02]
	... 109 more

To resolve this,  I had to add in the @IdentityEntity Annotation to the IdentityObjectType class

public class IdentityObjectType {

The next exception was org.picketlink.idm.common.exception.IdentityException: Error creating identity object. The relevant part of the strack trace being:

Caused by: java.lang.NullPointerException
	at [seam-security-3.1.0.Final.jar:3.1.0.Final]
	at [seam-security-3.1.0.Final.jar:3.1.0.Final]
	... 87 more

It turned out that the entitymanager was not being picked up and it was null. This part was probably in the documentation earlier with regards to configuring seam but I had skipped directly to the security section so missed it. We need to define the persistence unit with the beans.xml. I have included my full file below.

<?xml version="1.0"?>
<beans xmlns=""


		<s:Produces />
		<em:PersistenceContext unitName="invision-users" />

This brought us further forward still. The next exception was:

javax.persistence.NoResultException: No entity found for query
	at org.hibernate.ejb.QueryImpl.getSingleResult( [hibernate-entitymanager-4.0.1.Final.jar:4.0.1.Final]
	at org.hibernate.ejb.criteria.CriteriaQueryCompiler$3.getSingleResult( [hibernate-entitymanager-4.0.1.Final.jar:4.0.1.Final]
	at [seam-security-3.1.0.Final.jar:3.1.0.Final]
	at [seam-security-3.1.0.Final.jar:3.1.0.Final]
	at org.picketlink.idm.impl.repository.WrapperIdentityStoreRepository.updateCredential( [picketlink-idm-core-1.5.0.Alpha02.jar:1.5.0.Alpha02]
	at org.picketlink.idm.impl.api.session.managers.AttributesManagerImpl.updatePassword( [picketlink-idm-core-1.5.0.Alpha02.jar:1.5.0.Alpha02]

This was related to missing data in the database. It needed a credential type. I created one for password.

INSERT INTO CredentialType(id, name) VALUES (1, 'password');

This brought us forward on to the next exception: org.picketlink.idm.common.exception.IdentityException: Exception creating relationship

with the relevant part of

Caused by: javax.persistence.NoResultException: No entity found for query
	at org.hibernate.ejb.QueryImpl.getSingleResult( [hibernate-entitymanager-4.0.1.Final.jar:4.0.1.Final]
	at org.hibernate.ejb.criteria.CriteriaQueryCompiler$3.getSingleResult( [hibernate-entitymanager-4.0.1.Final.jar:4.0.1.Final]
	at [seam-security-3.1.0.Final.jar:3.1.0.Final]
	at [seam-security-3.1.0.Final.jar:3.1.0.Final]
	... 86 more

This was solved by adding in a relationship type


Both the sql statements were put into import.sql and hibernate is configured to create tables. My test case is as follows. It was taken from and modified.

public class LoginIntegrationTest {

	private IdentitySession identitySession;

	private Identity identity;

	SeamTransaction tx;

	@Deployment(name = "authentication")
	public static Archive createLoginDeployment() {
		// This is the simplest way to test the full archive as you will be
		// deploying it
		final MavenDependencyResolver resolver =

		Archive archive = ShrinkWrap
				.addPackages(true, "")
				.addAsResource("META-INF/test-persistence.xml", "META-INF/persistence.xml")
				.addAsResource("META-INF/beans.xml", "META-INF/beans.xml")
				.addAsResource("test-import.sql", "import.sql")


		return archive;


	public void setupTestUser() throws IdentityException, SystemException,
			NotSupportedException, RollbackException,
			HeuristicRollbackException, HeuristicMixedException {

		if (!tx.isActive())

		final PersistenceManager pm = identitySession.getPersistenceManager();
		final AttributesManager am = identitySession.getAttributesManager();
		final RelationshipManager rm = identitySession.getRelationshipManager();

		// Setup the group we want our user to belong to
		final Group memberGroup = pm.createGroup("member2", "USER2");
		final User user = pm.createUser("test");

		am.updatePassword(user, "password");

		rm.associateUser(memberGroup, user);


	public void assertUserCanAuthenticate(Credentials credentials) {
		credentials.setCredential(new PasswordCredential("password"));
		assertEquals(identity.login(), Identity.RESPONSE_LOGIN_SUCCESS);

Do comment and let me know if it helped 😀

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s