problem with security and login
mnrz May 5, 2007 3:26 AMHi
I have a problem with security.
I am using JBoss Seam 1.1.6
when I press login button I encounter following exception:
ERROR Servlet.service() for servlet Faces Servlet threw exception javax.faces.FacesException: Error calling action method of component with id login:_id13 at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:72) at javax.faces.component.UICommand.broadcast(UICommand.java:109) at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:97) at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:171) at org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:32) at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:95) at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:70) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:139) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:100) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:147) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.seam.servlet.SeamRedirectFilter.doFilter(SeamRedirectFilter.java:29) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.seam.servlet.SeamCharacterEncodingFilter.doFilter(SeamCharacterEncodingFilter.java:41) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:595) Caused by: javax.faces.el.EvaluationException: /pages/main/login.xhtml @35,71 action="#{identity.login}": java.lang.IllegalStateException: no security rule base available - please install a RuleBase with the name 'securityRules' at com.sun.facelets.el.LegacyMethodBinding.invoke(LegacyMethodBinding.java:73) at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:61) ... 33 more Caused by: java.lang.IllegalStateException: no security rule base available - please install a RuleBase with the name 'securityRules' at org.jboss.seam.security.Identity.assertSecurityContextExists(Identity.java:276) at org.jboss.seam.security.Identity.populateSecurityContext(Identity.java:245) at org.jboss.seam.security.Identity.postAuthenticate(Identity.java:223) at org.jboss.seam.security.Identity.authenticate(Identity.java:207) at org.jboss.seam.security.Identity.authenticate(Identity.java:199) at org.jboss.seam.security.Identity.login(Identity.java:184) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at com.sun.el.parser.AstValue.invoke(AstValue.java:151) at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283) at com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68) at com.sun.facelets.el.LegacyMethodBinding.invoke(LegacyMethodBinding.java:69) ... 34 more
and this is the authenticator class:
@Name("authenticator") public class Authenticator { @PersistenceContext (unitName="SearchEngineDB") @In private EntityManager entityManager; @Out(required = false, scope = SESSION) private User user; @In private Identity identity; public boolean authenticate() { try{ User user = (User) entityManager.createQuery( "from User where username = :username and password = :password") .setParameter("username", Identity.instance().getUsername()) .setParameter("password", Identity.instance().getPassword()) .getSingleResult(); if (user.getRoles() != null) { for (UserRole mr : user.getRoles()){ Identity.instance().addRole(mr.getRoleName()); } } return true; } catch (NoResultException ex) { FacesMessages.instance().add("Invalid username/password"); ex.printStackTrace(); return false; } }
and security-rules.drl:
package SearchEnginePermissions; import java.security.Principal; import org.jboss.seam.security.PermissionCheck; import org.jboss.seam.security.Role; rule AdminIsAUser salience 10 no-loop when Role(name == "admin") then assert(new Role("admin")); end;
component.xml:
<?xml version="1.0" encoding="UTF-8"?> <components xmlns="http://jboss.com/products/seam/components" xmlns:core="http://jboss.com/products/seam/core" xmlns:security="http://jboss.com/products/seam/security" xmlns:drools="http://jboss.com/products/seam/drools" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation= "http://jboss.com/products/seam/core http://jboss.com/products/seam/core-1.1.xsd http://jboss.com/products/seam/components http://jboss.com/products/seam/components-1.1.xsd http://jboss.com/products/seam/security http://jboss.com/products/seam/security-1.1.xsd http://jboss.com/products/seam/drools http://jboss.com/products/seam/drools-1.1.xsd"> <core:init jndi-pattern="#{ejbName}/local" my-faces-lifecycle-bug="false" /> <core:ejb installed="true"/> <core:manager conversation-timeout="1200000" concurrent-request-timeout="500" conversation-id-parameter="cid" conversation-is-long-running-parameter="clr"/> <security:identity authenticate-method="#{authenticator.authenticate}" /> <drools:rule-base name="securityRules"> <drools:rule-files><value>/META-INF/security-rules.drl</value></drools:rule-files> </drools:rule-base> <component name="entityManager" auto-create="true" class="org.jboss.seam.core.ManagedPersistenceContext"> <property name="persistenceUnitJndiName">java:/searchengineEntityManagerFactory</property> </component> </components>
lots of Thanks