-
1. Re: Seam Security Question - Tomcat Valve
shane.bryzak Mar 1, 2007 12:45 PM (in response to bsmithjj)I don't think it would be too hard for Seam Security to authenticate against a Tomcat realm - if you create a JIRA issue for this and assign it to me I'll add this functionality when I get a chance.
-
2. Re: Seam Security Question - Tomcat Valve
bsmithjj Mar 1, 2007 1:01 PM (in response to bsmithjj)I create issue http://jira.jboss.com/jira/browse/JBSEAM-967. Note that what I'm really asking at the moment, is for away to establish an Identity that uses the HttpServletRequest to obtain the Principal, and check roles.
Thanks,
Brad Smith -
3. Re: Seam Security Question - Tomcat Valve
cyril.sochor Apr 2, 2007 1:39 PM (in response to bsmithjj)I need SSO with other old struts application on same server.
With this class SSO authentication works, but authorization #{s:hasRole('admin')} don't :-(
@Name("org.jboss.seam.security.identity")
@Scope(SESSION)
@Install(precedence = Install.APPLICATION)
@Intercept(NEVER)
@Startup
public class MyIdentity extends Identity {
@Override
public Principal getPrincipal() {
Principal currentUser = ((HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext()
.getRequest()).getUserPrincipal();
return currentUser;
}
} -
4. Re: Seam Security Question - Tomcat Valve
bsmithjj Apr 2, 2007 4:01 PM (in response to bsmithjj)The problem is that the Seam security model is tightly coupled to a JAAS model of security - i.e. the Subject class and friends. With CAS and our custom Tomcat Valve, the servlet container associates/manages a copy of the authenticated Principal (a.k.a. userPrincipal in Seam) with the HttpServletRequest and in the Valve, it's possible for us to make isUserInRole() work as expected as well. It would be ideal for us if Seam allowed us to provide or override the Principal and roles for a user (and even permissions too but we're not using permissions directly) to the Identity component.
I would be reluctant to use the approach you show in the previous post because that's sure to be outdated or broken with any future release of Spring - especially since there are JIRA task(s) for the Identity component now.