3 Replies Latest reply on Feb 7, 2007 7:56 AM by shane.bryzak

    Problems with Seam Security

    m.schuetz Feb 6, 2007 10:21 AM

      I just tried out the example from the seam reference documentation to do a JAAS login via the SeamLoginModule and Identity object. Therefore I left out any declaration of a Security Context (none of my EJBs, components, ... is part of some), initialized the Identity component in components.xml (see code below) and created an appropriate login form (exactly like in the documentation).

      components.xml

      <security:identity authenticate-method="#{authenticator.seamAuthenticate}"/>


      The mentioned authenticator component is a stateless session bean. So when accessing the login page, the following error message occurs.

      error message: 
      15:59:31,017 ERROR [Exceptions] redirecting to debug page
javax.ejb.EJBTransactionRolledbackException: java.lang.IllegalStateException: No valid security context for the caller identity


      Did I miss anything ?

      Thx in advance !

      • 2492 Views
      • Tags:
        • 1. Re: Problems with Seam Security
          shane.bryzak
          shane.bryzak Feb 6, 2007 11:41 AM (in response to m.schuetz)

          Seam security only uses JAAS for authentication, and does not integrate with container security at this point in time. I'm guessing you are using the @RolesAllowed annotation on your bean? If so, you need to replace it with @Restrict (a Seam annotation) - see the docs for usage.

            • Actions
          • 2. Re: Problems with Seam Security
            stony
            stony Feb 7, 2007 5:52 AM (in response to m.schuetz)

            Is it planned to integrate seam with container security in future ? What about the jaasConfigName attribute ?

            <security:identity authenticate-method="#{myAuthenticator.authenticate}" jaasConfigName="myDomain" />


            After deploying this (using the last nightly build 06-02-07) and using the Identity object for authentification, the container didn't recognize the new principal anyway.

              • Actions
            • 3. Re: Problems with Seam Security
              shane.bryzak
              shane.bryzak Feb 7, 2007 7:56 AM (in response to m.schuetz)

              It is planned for a future release. Setting the jaasConfigName property will allow Seam to authenticate using a different jaas configuration (other than the built-in one), it won't allow the container to authenticate using Seam security.

                • Actions