9 Replies Latest reply on Jul 4, 2006 4:07 AM by gekorob

    Problem with security and Seam

    gekorob

      Hi all,
      I have a problem with security authentication using Jaas and Seam. What I'd like to do is to authenticate a user programmatically from a Stateless Bean acting as a Seam component named "login"

      public String login() {
       SecurityAssociationHandler handler = new SecurityAssociationHandler();
       SimplePrincipal user = new SimplePrincipal(userid);
       handler.setSecurityInfo(user, password.toCharArray());
       loginContext = new LoginContext("atlasAuthenticationPolicy",(CallbackHandler)handler);
       loginContext.login();
       Subject subject = loginContext.getSubject();
       Set principals = subject.getPrincipals();
       principals.add(user);
       SecurityAssociation.setSubject(subject);
      
      ....
      
      


      Authentication process via DatabaseLoginModule it's ok and, after that, any call to other protected ejb goes well.
      What I'm not able todo is to propagate the autenthication to the view layer, so any link that call a jsf action takes me to the authentication form again.
      I've set security domain correctly also in jboss-web.xml

      <?xml version="1.0" encoding="UTF-8"?>
      <jboss-web>
       <security-domain>java:/jaas/atlasAuthenticationPolicy</security-domain>
       <context-root>/atlasweb</context-root>
      </jboss-web>
      


      Why the web layer can't see credentials and principals (the security domain is the same)?
      Is this authentication process wrong? What I have todo if I want to avoid the use of j_security_check?

      Thank's in advance for any help,
      bye
      Roby