Seam's Identity and Authenticator

tonylmai May 3, 2007 9:21 PM

Can someone tell me the correlation between Seam's Identity and Authenticator?

It is my understanding that we can declare/override the RuleBasedIdentity as followed:

@Name("org.jboss.seam.security.identity")
@Scope(ScopeType.SESSION)
@Intercept(InterceptionType.AFTER_RESTORE_VIEW)
public class MyIdentity extends RuleBasedIdentity {
...
 @Override
 public String login() {
 super.login(); /* Ignore outcome from super */

...
 return "nextPage";
 }

And use it in our web page as followed:

<h:commandButton value="Login" action="#{identity.login}"/>

Then I also see code using Authenticator as followed:

component.xml

<security:identity authenticate-method="#{authenticator.authenticate}" security-rules="#{securityRules}"/>

with

@Name("authenticator")
public class Authenticator {
 @In
 Identity identity;

 public boolean authenticate() {
...
 return true;
 }

Is there an implicit correlation between these two component? Or are they mutually exclusive? Is one better than the other?

Thanks for your help.
-tony

1. Re: Seam's Identity and Authenticator

shane.bryzak May 3, 2007 9:47 PM (in response to tonylmai)

These classes work in concert with each other - by default, the Identity class will use JAAS to authenticate the user, via SeamLoginModule (which is a standard JAAS login module). SeamLoginModule performs authentication by invoking a MethodExpression - i.e, the authenticate-method configured in Identity.
Actions
2. Re: Seam's Identity and Authenticator

christian.bauer May 3, 2007 9:49 PM (in response to tonylmai)

Usually "security" means two things:

- Authentication: Who are you, can you identify yourself and what are your roles/privileges?

- Authorization: An action/display requires a permission, do you have the right roles/privileges for that?

The authenticator does Authentication, the Identity component is responsible for Authorization.
Actions

Go to original post