-
1. Re: Problem with security and Seam
j2ee_junkie Jun 27, 2006 1:23 PM (in response to gekorob)Roby,
Why the web layer can't see credentials and principals (the security domain is the same)?
Because you have not logged into a security domain (i.e. a JBoss SecurityManger.)
By creating your own LoginContext, and calling login() yourself, you have by passed JBoss' security layer (i.e. container managed security.) Setting the SecurityAssociation.setSubject() is only valid for the thread that the login occured, and is not a recommended why to propagate authenticated subject.
You will need to do customization to Tomcat's security system if you do not want to use Java Servlet spec. defined authentication methods.
cgriffith -
2. Re: Problem with security and Seam
gekorob Jun 28, 2006 4:06 AM (in response to gekorob)Thank's a lot for your reply,
could you suggest a link or some documentation that explain how to extend Tomcat's security system?
With the expression "do customization to Tomcat's security system" do you mean to create a custom Authenticator?
I'm sorry for my questions but I'm quite new to security in JBoss and I'd like to integrate security authentication process using Seam framework and jsf with facelets.
Thank's a lot,
Roby -
3. Re: Problem with security and Seam
j2ee_junkie Jun 28, 2006 8:44 AM (in response to gekorob)Roby,
There is not much documentation. Your best source is Tomcat code as well as JBoss wiki at
http://wiki.jboss.org/wiki/Wiki.jsp?page=Tomcat.
Also, if you have special security needs, you may want to post them on thread
http://www.jboss.com/index.html?module=bb&op=viewtopic&t=74435
or if you think your work would be useful to Seam project, you should post on thread
http://www.jboss.com/index.html?module=bb&op=viewforum&f=231.
good luck, cgriffith -
4. Re: Problem with security and Seam
gekorob Jun 28, 2006 9:13 AM (in response to gekorob)Thank you very much for your help, I hope to find a good solution that can be useful also for other.
Bye,
Roby -
5. Re: Problem with security and Seam
starksm64 Jun 28, 2006 9:41 AM (in response to gekorob)The integration security code is in the tomcat module of the jbossas source tree. Fisheye can been used to browse it online.
http://fisheye.jboss.com/viewrep/JBoss/jboss-tomcat/src/main/org/jboss/web/tomcat/security -
6. Re: Problem with security and Seam
starksm64 Jun 28, 2006 9:42 AM (in response to gekorob)The way this should be done in the current architecture is to create an alternate or modified org.jboss.security.ClientLoginModule that propagates the login state to the web container layer.
-
7. Re: Problem with security and Seam
gekorob Jun 28, 2006 12:34 PM (in response to gekorob)Thanks Scott,
I'm trying to find a solution reading Seam forum, to check if someone has the same problem. I'm looking also at jboss source code, to see how to modify ClientLoginModule to propagate credential on web container, but at them moment it seems to me not so simple.
Thanks a lot for replies,
Bye
Roby -
8. Re: Problem with security and Seam
alexioc Jun 30, 2006 5:17 AM (in response to gekorob)I got the same problem.
Roby, did you figure out how to modify ClientLoginModule in order to propgate the credentials?
TIA
Alexio -
9. Re: Problem with security and Seam
gekorob Jul 4, 2006 4:07 AM (in response to gekorob)Hi Alexio,
I didn't find a good solution in modifying ClientLoginModule, so I'm trying to use jpdl and servlet redirection like I've seen in another post.
Bye
Roby