2 Replies Latest reply on Apr 12, 2007 10:09 PM by markfoerstein

    security pattern

    laksu

      This is a pattern question:
      I have implemented something similar to the login and authentication through the security chapter. I have a User class myself and I authenticate through querying it from the database. Both Seam provided Identity and my User classes have members like username, password etc. and basically they refer to the same notion.
      How is it recommended that I relate Identity with the user I got from the database? Should I extend Identity to build my User class perhaps?

        • 1. Re: security pattern
          shane.bryzak

          Look at the Booking or Seamspace examples, they both place a user object in session scope as part of authentication. I think this is what you want?

          • 2. Re: security pattern
            markfoerstein

            You mean extend Identity from your User class like this?:

            ...class User extends Identity {
            ...
            


            I don't think it is the right approach (although Im not the expert here :-P)

            You use Identity whenever you want to restrict access to a class or method and to query if the user is logged in or not. By "user" I don't mean your class "User".

            When you authenticate, Seam will flag the Identity with loggedIn = true, and you can restrict access to classes or methods:
            @Restrict("#{identity.loggedIn}")
            public class ...
            
            (OR)
            
            @Restrict("#{identity.loggedIn}")
            public String create() {
            ...
            


            Also, when you authenticate (through querying the database) you can @Out your authenticated "User" class so you can @In it wherever you want and get the members (username, nickname, etc). Just see the examples Shane told you...

            Hope this could be helpful...