-
-
16. Re: Seam Security
vk101 Feb 5, 2007 9:59 PM (in response to vk101)Why is the NotLoggedInException being swallowed? Aren't we supposed to be able to do things with this, like specify it in exceptions.xml - which isn't working for me...
19:55:48,625 ERROR [AbstractSeamPhaseListener] Swallowing exception thrown by page action org.jboss.seam.security.NotLoggedInException at org.jboss.seam.security.Identity.checkRestriction(Identity.java:161) at org.jboss.seam.pages.Page.enter(Page.java:185) at org.jboss.seam.core.Pages.enterPage(Pages.java:239) at org.jboss.seam.jsf.AbstractSeamPhaseListener.enterPage(AbstractSeamPhaseListener.java:241) at org.jboss.seam.jsf.AbstractSeamPhaseListener.beforeRender(AbstractSeamPhaseListener.java:192) at org.jboss.seam.jsf.SeamPhaseListener.beforePhase(SeamPhaseListener.java:53) at org.apache.myfaces.lifecycle.PhaseListenerManager.informPhaseListenersBefore(PhaseListenerManager.java:70) at org.apache.myfaces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:373) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:138) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.seam.servlet.SeamRedirectFilter.doFilter(SeamRedirectFilter.java:32) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.seam.servlet.SeamExceptionFilter.doFilter(SeamExceptionFilter.java:46) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) at java.lang.Thread.run(Thread.java:595)
-
17. Re: Seam Security
hstang Feb 5, 2007 10:45 PM (in response to vk101)"lightbulb432" wrote:
Why is the NotLoggedInException being swallowed? Aren't we supposed to be able to do things with this, like specify it in exceptions.xml - which isn't working for me...
http://jira.jboss.org/jira/browse/JBSEAM-752 -
18. Re: Seam Security
vk101 Feb 5, 2007 10:54 PM (in response to vk101)Aah, I see.
Regarding the authenticator.authenticate method, when you add roles to the "Set roles" in the method argument, where in the debug would you look to see that it's actually being added correctly?
I checked the identity component but there's no roles property there...where else do I look? (I'm having some troubles that seem to be related to these roles...) -
19. Re: Seam Security
gavin.king Feb 5, 2007 11:05 PM (in response to vk101)Seam's exception handling stuff is fixed/redesigned in CVS.
-
20. Re: Seam Security
vk101 Feb 6, 2007 2:55 PM (in response to vk101)Yet another problem... Is it looking for a login() method, rather than a login with the three required arguments? I dunno, but it's not working with the latest CVS of Seam and I've declared the login method in the session bean interface.
And I've declared my login method in the components.xml...12:48:56,609 ERROR [SeamLoginModule] Error invoking login method javax.faces.el.EvaluationException: Exception while invoking expression #{login.login} at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:165) at org.jboss.seam.actionparam.ActionParamBindingHelper.invokeTheExpression(ActionParamBindingHelper.java:59) at org.jboss.seam.actionparam.ActionParamMethodBinding.invoke(ActionParamMethodBinding.java:74) at org.jboss.seam.core.Expressions$2.invoke(Expressions.java:102) at org.jboss.seam.security.jaas.SeamLoginModule.login(SeamLoginModule.java:102) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703) at javax.security.auth.login.LoginContext.login(LoginContext.java:575) at org.jboss.seam.security.Identity.authenticate(Identity.java:204) at org.jboss.seam.security.Identity.authenticate(Identity.java:197) at org.jboss.seam.security.Identity.login(Identity.java:182) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at com.sun.el.parser.AstValue.invoke(AstValue.java:151) at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283) at com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68) at com.sun.facelets.el.LegacyMethodBinding.invoke(LegacyMethodBinding.java:69) at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:63) at javax.faces.component.UICommand.broadcast(UICommand.java:106) at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:94) at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:168) at org.apache.myfaces.lifecycle.LifecycleImpl.invokeApplication(LifecycleImpl.java:343) at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:86) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:137) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.seam.servlet.SeamRedirectFilter.doFilter(SeamRedirectFilter.java:29) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.seam.servlet.SeamExceptionFilter.doFilter(SeamExceptionFilter.java:43) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) at java.lang.Thread.run(Thread.java:595) Caused by: java.lang.NoSuchMethodException: com.test.session.Login$$EnhancerByCGLIB$$f3e562ee.login() at java.lang.Class.getMethod(Class.java:1581) at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:118) ... 58 more 12:48:56,609 DEBUG [Identity] Login failed for:testusername javax.security.auth.login.LoginException: Login Failure: all modules ignored at javax.security.auth.login.LoginContext.invoke(LoginContext.java:921) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703) at javax.security.auth.login.LoginContext.login(LoginContext.java:575) at org.jboss.seam.security.Identity.authenticate(Identity.java:204) at org.jboss.seam.security.Identity.authenticate(Identity.java:197) at org.jboss.seam.security.Identity.login(Identity.java:182) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at com.sun.el.parser.AstValue.invoke(AstValue.java:151) at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283) at com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68) at com.sun.facelets.el.LegacyMethodBinding.invoke(LegacyMethodBinding.java:69) at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:63) at javax.faces.component.UICommand.broadcast(UICommand.java:106) at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:94) at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:168) at org.apache.myfaces.lifecycle.LifecycleImpl.invokeApplication(LifecycleImpl.java:343) at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:86) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:137) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.seam.servlet.SeamRedirectFilter.doFilter(SeamRedirectFilter.java:29) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.seam.servlet.SeamExceptionFilter.doFilter(SeamExceptionFilter.java:43) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) at java.lang.Thread.run(Thread.java:595)
-
21. Re: Seam Security
vk101 Feb 6, 2007 3:01 PM (in response to vk101)Note that it was working fine until I upgraded to the latest CVS version to solve another problem, so I don't think the problem's within my login method or anything like that (as I didn't make changes to those after upgrading).
-
22. Re: Seam Security
fernando_jmt Feb 6, 2007 3:11 PM (in response to vk101)The authentication way was changed in the CVS version.
You should use it as follows sample:... @In private Identity identity; public boolean authenticate() { try { Member member = (Member) entityManager.createQuery( "from Member where username = :username") .setParameter("username", identity.getUsername()) .setParameter("password", identity.getPassword()) .getSingleResult(); for ( MemberRole mr : member.getRoles() ) { identity.addRole(mr.getName()); } return true; } catch (NoResultException ex) { return false; } }
-
23. Re: Seam Security
vk101 Feb 6, 2007 3:49 PM (in response to vk101)Oh, I didn't realize that, thanks.
When catching NotLoggedInException in exceptions.xml, I have a<redirect view-id="/login.xhtml">Not logged in</redirect>
for the NotLoggedInException.
While the redirect works correctly, the message "Not logged in" doesn't display in login.xhtml's<h:messages globalOnly="true" />
Why won't this message appear?
My next question is how can the exception object be accessed from within a page? I looked up the Seam documentation under the Seam pre-installed components but nothing related to exceptions comes up...I'm thinking of some kind of #{exception.stackTrace} or something... -
24. Re: Seam Security
fernando_jmt Feb 6, 2007 4:55 PM (in response to vk101)I also have the same problem related to NotLoggedInException
Using the non CVS version I had:<redirect view-id="/login.xhtml">#{messages['User.notLoggedIn']}</redirect>
And it was working well, a message was shown in the login page.
But it seems there's a problem with the CVS version, because now I can't get the message in the login message. The message is not shown.
Is there something new or changed in the CVS version? somebody knows it? -
25. Re: Seam Security
gavin.king Feb 6, 2007 5:33 PM (in response to vk101)In CVS you should wrap the message in a element. Check the new pages.xml DTD.
-
26. Re: Seam Security
vk101 Feb 6, 2007 8:15 PM (in response to vk101)I wrapped the message in an element according to the new pages.xml DTD, but there's no change...it still doesn't appear for me.
Also, how can I override the default org.jboss.seam.loginFailed and org.jboss.seam.loginSuccessful messages? I tried putting them in my properties files (e.g. org.jboss.seam.loginSuccessful=My Message) that I've added in components.xml, but the default messages still appear!
I'm not having any luck with Seam and messages, I guess... -
27. Re: Seam Security
vk101 Feb 7, 2007 12:47 AM (in response to vk101)Never mind my previous post; the first problem magically disappeared and the second was solved by adding "messages" to the list of resource bundles in components.xml.
How do I debug roles? I've added the roles to the "identity" component in my login method but the debug page doesn't list roles for the identity component! It only lists the following properties, but nothing like "roles":
authenticateMethod
class
cookieEnabled
cookieMaxAge
jaasConfigName
loggedIn
password
principal
rememberMe
securityContext
securityRules
subject
username
toString()
How can I see why s:hasRole('...') isn't working correctly? I'd like to know what roles identity actually has added and whether they've been added correctly from my code... -
28. Re: Seam Security
shane.bryzak Feb 7, 2007 3:12 AM (in response to vk101)There's two places where roles are kept. The first, more traditional location is in the subject in a group called "roles". The second place is in the securityContext where they are accessible by the drools-based security rules.
-
29. Re: Seam Security
venkateshbr Feb 7, 2007 8:31 AM (in response to vk101)does the seam security support multiple authentication modes in the same application such as Digital Certificate login and Username/Password login.