2 Replies Latest reply on Apr 27, 2007 7:58 AM by g00se24

Seam Security Problem

g00se24 Apr 26, 2007 6:59 AM

Hello,

i tried to deploy a minimal SEAM project which only consists of a login page. The problem is that I would like to use a own written build.xml script, which is already stable running.

The problem:

12:25:35,281 ERROR [SeamLoginModule] Error invoking login method
javax.faces.el.EvaluationException: Exception while invoking expression #{test.t
est}
 at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java
:165)
 at org.jboss.seam.actionparam.ActionParamBindingHelper.invokeTheExpressi
on(ActionParamBindingHelper.java:58)
 at org.jboss.seam.actionparam.ActionParamMethodBinding.invoke(ActionPara
mMethodBinding.java:75)
 at org.jboss.seam.core.Expressions$2.invoke(Expressions.java:148)
 at org.jboss.seam.security.jaas.SeamLoginModule.login(SeamLoginModule.ja
va:104)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
 at javax.security.auth.login.LoginContext.access$000(LoginContext.java:1
86)
 at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
 at java.security.AccessController.doPrivileged(Native Method)
 at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext
.java:703)
 at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
 at org.jboss.seam.security.Identity.authenticate(Identity.java:247)
 at org.jboss.seam.security.Identity.authenticate(Identity.java:240)
 at org.jboss.seam.security.Identity.login(Identity.java:170)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at com.sun.el.parser.AstValue.invoke(AstValue.java:174)
 at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:286)

 at com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.ja
va:68)
 at com.sun.facelets.el.LegacyMethodBinding.invoke(LegacyMethodBinding.ja
va:69)
 at org.apache.myfaces.application.ActionListenerImpl.processAction(Actio
nListenerImpl.java:63)
 at javax.faces.component.UICommand.broadcast(UICommand.java:106)
 at org.ajax4jsf.framework.ajax.AjaxViewRoot.processEvents(AjaxViewRoot.j
ava:274)
 at org.ajax4jsf.framework.ajax.AjaxViewRoot.broadcastEvents(AjaxViewRoot
.java:250)
 at org.ajax4jsf.framework.ajax.AjaxViewRoot.processApplication(AjaxViewR
oot.java:405)
 at org.apache.myfaces.lifecycle.LifecycleImpl.invokeApplication(Lifecycl
eImpl.java:343)
 at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java
:86)
 at javax.faces.webapp.FacesServlet.service(FacesServlet.java:137)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:252)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:173)
 at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.jav
a:63)
 at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
 at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.jav
a:49)
 at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:57)
 at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.jav
a:49)
 at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:79)
 at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.jav
a:49)
 at org.jboss.seam.web.SeamFilter.doFilter(SeamFilter.java:84)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:202)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:173)
 at org.ajax4jsf.framework.ajax.xmlfilter.BaseXMLFilter.doXmlFilter(BaseX
MLFilter.java:75)
 at org.ajax4jsf.framework.ajax.xmlfilter.BaseFilter.doFilter(BaseFilter.
java:213)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:202)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:173)
 at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFi
lter.java:96)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:202)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:173)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:213)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:178)
 at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Securit
yAssociationValve.java:175)
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
torBase.java:432)
 at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValv
e.java:74)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:126)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:105)
 at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConne
ctionValve.java:156)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:107)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:148)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
:869)
 at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.p
rocessConnection(Http11BaseProtocol.java:664)
 at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpo
int.java:527)
 at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWor
kerThread.java:112)
 at java.lang.Thread.run(Thread.java:595)
Caused by: javax.faces.el.PropertyNotFoundException: Base is null: test
 at org.apache.myfaces.el.ValueBindingImpl.resolveToBaseAndProperty(Value
BindingImpl.java:460)
 at org.apache.myfaces.el.MethodBindingImpl.resolveToBaseAndProperty(Meth
odBindingImpl.java:180)
 at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java
:114)
 ... 67 more

The project ist structured like:
dist/
META-INF/
application.xml
jboss-app.xml
view.war/
WEB-INF/
components.xml
faces-config.xml
web.xml
index.html -> Redirect index.seam
index.xhtml
index.page.xml

web.xml

<?xml version="1.0" ?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
 version="2.4">

 <!-- Ajax4jsf (must come first!) -->

 <filter>
 <display-name>Ajax4jsf Filter</display-name>
 <filter-name>ajax4jsf</filter-name>
 <filter-class>org.ajax4jsf.Filter</filter-class>
 </filter>

 <filter-mapping>
 <filter-name>ajax4jsf</filter-name>
 <url-pattern>*.seam</url-pattern>
 </filter-mapping>

 <context-param>
 <param-name>org.ajax4jsf.VIEW_HANDLERS</param-name>
 <param-value>org.jboss.seam.ui.facelet.SeamFaceletViewHandler</param-value>
 </context-param>

 <!-- Seam -->

 <listener>
 <listener-class>org.jboss.seam.servlet.SeamListener</listener-class>
 </listener>

 <filter>
 <filter-name>Seam Filter</filter-name>
 <filter-class>org.jboss.seam.web.SeamFilter</filter-class>
 </filter>

 <filter-mapping>
 <filter-name>Seam Filter</filter-name>
 <url-pattern>/*</url-pattern>
 </filter-mapping>

 <servlet>
 <servlet-name>Seam Resource Servlet</servlet-name>
 <servlet-class>org.jboss.seam.servlet.ResourceServlet</servlet-class>
 </servlet>

 <servlet-mapping>
 <servlet-name>Seam Resource Servlet</servlet-name>
 <url-pattern>/seam/resource/*</url-pattern>
 </servlet-mapping>

 <!-- MyFaces -->

 <listener>
 <listener-class>org.apache.myfaces.webapp.StartupServletContextListener</listener-class>
 </listener>

 <!-- Facelets development mode (disable in production) -->

 <context-param>
 <param-name>facelets.DEVELOPMENT</param-name>
 <param-value>true</param-value>
 </context-param>

 <!-- JSF -->

 <context-param>
 <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
 <param-value>client</param-value>
 </context-param>

 <context-param>
 <param-name>javax.faces.DEFAULT_SUFFIX</param-name>
 <param-value>.xhtml</param-value>
 </context-param>

 <servlet>
 <servlet-name>Faces Servlet</servlet-name>
 <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
 <load-on-startup>1</load-on-startup>
 </servlet>

 <servlet-mapping>
 <servlet-name>Faces Servlet</servlet-name>
 <url-pattern>*.seam</url-pattern>
 </servlet-mapping>

 <security-constraint>
 <display-name>Restrict raw XHTML Documents</display-name>
 <web-resource-collection>
 <web-resource-name>XHTML</web-resource-name>
 <url-pattern>*.xhtml</url-pattern>
 </web-resource-collection>
 <auth-constraint>
 <role-name>NONE</role-name>
 </auth-constraint>
 </security-constraint>

</web-app>

components.xml

<?xml version="1.0" encoding="UTF-8"?>
<components xmlns="http://jboss.com/products/seam/components"
 xmlns:core="http://jboss.com/products/seam/core"
 xmlns:drools="http://jboss.com/products/seam/drools"
 xmlns:security="http://jboss.com/products/seam/security"
 xmlns:mail="http://jboss.com/products/seam/mail"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation=
 "http://jboss.com/products/seam/core http://jboss.com/products/seam/core-1.2.xsd
 http://jboss.com/products/seam/drools http://jboss.com/products/seam/drools-1.2.xsd
 http://jboss.com/products/seam/security http://jboss.com/products/seam/security-1.2.xsd
 http://jboss.com/products/seam/mail http://jboss.com/products/seam/mail-1.2.xsd
 http://jboss.com/products/seam/components http://jboss.com/products/seam/components-1.2.xsd">

 <core:init debug="true" jndi-pattern="alert/#{ejbName}/local"/>

 <core:manager concurrent-request-timeout="500"
 conversation-timeout="120000"
 conversation-id-parameter="cid"
 conversation-is-long-running-parameter="clr"/>

 <core:managed-persistence-context name="entityManager"
 auto-create="true"
 persistence-unit-jndi-name="java:/DefaultDS"/>

 <core:ejb installed="false"/>

 <security:identity authenticate-method="#{test.test}"/>

 <event type="org.jboss.seam.notLoggedIn">
 <action expression="#{redirect.captureCurrentView}"/>
 </event>
 <event type="org.jboss.seam.postAuthenticate">
 <action expression="#{redirect.returnToCapturedView}"/>
 </event>

</components>

faces-config.xml

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE faces-config PUBLIC
 "-//Sun Microsystems, Inc.//DTD JavaServer Faces Config 1.1//EN"
 "http://java.sun.com/dtd/web-facesconfig_1_1.dtd">

<faces-config>

 <application>
 <message-bundle>messages</message-bundle>
 <!-- Disabled when using Ajax4JSF -->
 <!--
 <view-handler>org.jboss.seam.ui.facelet.SeamFaceletViewHandler</view-handler>
 -->
 </application>

 <!-- Seam transaction management -->
 <lifecycle>
 <phase-listener>org.jboss.seam.jsf.TransactionalSeamPhaseListener</phase-listener>
 </lifecycle>

</faces-config>

application.xml

<?xml version="1.0" encoding="UTF-8"?>
<application xmlns="http://java.sun.com/xml/ns/javaee"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_5.xsd"
 version="5">

 <display-name>alert</display-name>

 <module>
 <web>
 <web-uri>view.war</web-uri>
 <context-root>/alert</context-root>
 </web>
 </module>

 <module>
 <ejb>bean.jar</ejb>
 </module>

 <module>
 <java>jboss-seam.jar</java>
 </module>

 <!-- Remove these lines for JSF 1.2 -->

 <module>
 <java>el-api.jar</java>
 </module>

 <module>
 <java>el-ri.jar</java>
 </module>
</application>

Authenticator.class

package de.alert.session;

import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.log.Log;
import org.jboss.seam.security.Identity;


@Name("test")
public class Authenticator
{
 @Logger Log log;

 @In Identity identity;

 public boolean test()
 {
 log.info("authenticating #0", identity.getUsername());
 //write your authentication logic here,
 //return true if the authentication was
 //successful, false otherwise
 identity.addRole("admin");
 return true;
 }
}

index.xhtml

 <h:outputLabel for="username">Username</h:outputLabel>
 <h:inputText id="username" value="#{identity.username}"/>
 <h:outputLabel for="password">Password</h:outputLabel>
 <h:inputSecret id="password" value="#{identity.password}"/>
 <h:outputLabel for="rememberMe">Remember me</h:outputLabel>
 <h:selectBooleanCheckbox id="rememberMe" value="#{identity.rememberMe}"/>
 <h:commandButton value="Login" action="#{identity.login}"/>

What am I doing wrong? All neccessary libaries are in place. Am I missing some configuration files? Has anybody an idea?
If neccessary I would send you my full project structure.

Thank in advance

1. Re: Seam Security Problem

shane.bryzak Apr 27, 2007 1:59 AM (in response to g00se24)

From the log it looks like component "test" cannot be found. When your app starts up, is it listed among the other components? Do you have a seam.properties in your jar file?
Actions
2. Re: Seam Security Problem

g00se24 Apr 27, 2007 7:58 AM (in response to g00se24)

Thanks, but
i have packed the seam.properties into the root of jar...

Yesterday evening I recreated my workspace with a seam-gen.
I know it's a workaround...

Would you like to at the source of the old project?
Actions

Go to original post