-
1. Re: Instance.hasRole()...
bulloncito Jul 6, 2007 11:13 PM (in response to garypinkham)I use
Identity identity = Identity.instance() ;
.. (no @In) and then
identity.addRole( someString ) ;
... for each role and everything works fine.
Maybe all those Identity.instance() aren't apropiate (they should be) -
2. Re: Instance.hasRole()...
garypinkham Jul 7, 2007 8:59 AM (in response to garypinkham)"bulloncito" wrote:
I use
Identity identity = Identity.instance() ;
.. (no @In) and then
identity.addRole( someString ) ;
... for each role and everything works fine.
Maybe all those Identity.instance() aren't apropiate (they should be)
I actually tried it all three ways.. With Identity.instance() everywhere.. with @In and with Identity ident = Identity.instance(). None of them work. So I'm guessing I missed something in the config. As an extra note.. This is a default configuration. I did seam new-project and seam generate-entities. then modifed the Authenticator. So it's quite possible I missed a step from the docs... -
3. Re: Identity.hasRole()...
garypinkham Jul 8, 2007 12:52 PM (in response to garypinkham)first I realized the subject said Instance.hasRole() in stead of Identity. That was just a typo in the forum by me.
So I have followed all the instructions and I can't seem to find where I'm going wrong.. It's basic security no drools. Seamgen created the components.xml with a basic drools file.. I tried with and with out that file.. With @In Identity, with Identity ident = Identity.instance() and Identity.instance() everywhere.
This is Seam 2.0Beta with JBoss 4.2.0GA. Windows XP and M$SQL Server for the DB.
Funny thing is I used seam generate-entities which enables security for the Edit actions on entities. This works just fine with my Authenticator module so I'm guessing I'm doing something right. :-)
By the way.. Does anyone know what the security is for the edit pages created by generate-entity? Is it loggedIn? or hasRole("admin")???
Many Thanks!!!
Gary
Here's the output of log.info messages:12:42:01,392 INFO [Authenticator] adding role: ROLE_VIEW to user: superuser 12:42:01,392 INFO [Authenticator] adding role: ROLE_RUN_LINK to user: superuser 12:42:01,392 INFO [Authenticator] customer:3 12:42:01,392 INFO [Authenticator] Has Role: No 12:42:01,392 INFO [Authenticator] has Role2: No
Here's my Components.xml:<?xml version="1.0" encoding="UTF-8"?> <components xmlns="http://jboss.com/products/seam/components" xmlns:core="http://jboss.com/products/seam/core" xmlns:persistence="http://jboss.com/products/seam/persistence" xmlns:drools="http://jboss.com/products/seam/drools" xmlns:security="http://jboss.com/products/seam/security" xmlns:mail="http://jboss.com/products/seam/mail" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation= "http://jboss.com/products/seam/core http://jboss.com/products/seam/core-2.0.xsd http://jboss.com/products/seam/persistence http://jboss.com/products/seam/persistence-2.0.xsd http://jboss.com/products/seam/drools http://jboss.com/products/seam/drools-2.0.xsd http://jboss.com/products/seam/security http://jboss.com/products/seam/security-2.0.xsd http://jboss.com/products/seam/mail http://jboss.com/products/seam/mail-2.0.xsd http://jboss.com/products/seam/components http://jboss.com/products/seam/components-2.0.xsd"> <core:init debug="@debug@" jndi-pattern="@jndiPattern@"/> <core:manager concurrent-request-timeout="500" conversation-timeout="120000" conversation-id-parameter="cid"/> <persistence:filter name="customerFilter" enabled="#{identity.loggedIn}"> <persistence:name>customerFilter</persistence:name> <persistence:parameters> <key>customerId</key> <value>#{customerId}</value> </persistence:parameters> </persistence:filter> <persistence:managed-persistence-context name="entityManager" auto-create="true" entity-manager-factory="#{knxseamEntityManagerFactory}"> <persistence:filters> <value>#{customerFilter}</value> </persistence:filters> </persistence:managed-persistence-context> <persistence:entity-manager-factory name="knxseamEntityManagerFactory" persistence-unit-name="knxseam"/> <security:identity authenticate-method="#{authenticator.authenticate}" remember-me="true"/> <event type="org.jboss.seam.notLoggedIn"> <action expression="#{redirect.captureCurrentView}"/> </event> <event type="org.jboss.seam.postAuthenticate"> <action expression="#{redirect.returnToCapturedView}"/> </event> <mail:mail-session host="localhost" port="2525" username="test" password="test" /> </components>
Here's my Authenticator code:@Name("authenticator") public class Authenticator { @Logger Log log; @In EntityManager entityManager; public boolean authenticate() { try { UserAccount user = (UserAccount) entityManager .createQuery( "from UserAccount where name = :username and authenticationCredentials = :password") .setParameter("username", Identity.instance().getUsername()) .setParameter("password", Identity.instance().getPassword()) .getSingleResult(); if (user.getAuthoritieses() != null) { for (Authorities role : user.getAuthoritieses()) { log.info("adding role: #0 to user: #1", role.getAuthority(), Identity.instance().getUsername()); Identity.instance().addRole(role.getAuthority()); } } Identity.instance().addRole("admin"); log.info("customer:#0", user.getCustomer().getCustomerId()); log.info("Has Role: #0", (Identity.instance().hasRole("ROLE_RUN_LINK"))?"Yes":"No"); log.info("has Role2: #0", (Identity.instance().hasRole("admin"))?"Yes":"No"); Contexts.getSessionContext().set("customerId", user.getCustomer().getCustomerId()); return true; } catch (NoResultException ex) { FacesMessages.instance().add("Invalid username/password"); return false; } } }
-
4. Re: Instance.hasRole()...
shane.bryzak Jul 8, 2007 8:23 PM (in response to garypinkham)Calling addRole() when you are not authenticated yet puts the roles into a temporary list. They only become real roles once authentication is complete, which is why calling hasRole() in the authenticator method returns false.
-
5. Re: Instance.hasRole()...
garypinkham Jul 9, 2007 9:27 AM (in response to garypinkham)"shane.bryzak@jboss.com" wrote:
Calling addRole() when you are not authenticated yet puts the roles into a temporary list. They only become real roles once authentication is complete, which is why calling hasRole() in the authenticator method returns false.
That explains it! I did the log messages in another action and see that the user is indeed in the appropriate roles.
Thanks!