9 Replies Latest reply on Oct 23, 2007 7:21 AM by pmuir

    JAAS Authentication and the actor

    harpritt

      Hi

      im using following to authenticate against our LDAP server

      <security:identity authenticate-method="#{authenticator.authenticate}"
       jaas-config-name="SMSLDAP"/>
      


      I would like to populate my session scoped actor at the same time, is there a prefered solution to this?


      Many thanks

      H

        • 1. Re: JAAS Authentication and the actor

          Why can't you do that in your authenticate method?

          • 2. Re: JAAS Authentication and the actor
            harpritt

            hi man

            i was under the impression (i was told by my senior ...hahah) that authenticator was a default class.

            ......

            • 3. Re: JAAS Authentication and the actor
              harpritt

              Hi again

              so am i right in saying that in the case below SMSLDAP will be used to authenticate the user trying to login and then the authenticator.authenticate method is called, and it is here that i can add my roles to the actor object.



              <security:identity authenticate-method="#{authenticator.authenticate}" jaas-config-name="SMSLDAP"/>


              because otherwise i dont see what purpose the authenticator.authenticate method serves.

              Im a noob .... i know... i hate secuirity.... i prefer unreal tournament and beer...

              cheers again lads

              • 4. Re: JAAS Authentication and the actor
                shane.bryzak

                The authenticate-method and jaas-config-name options are mutually exclusive, i.e. if you specify a jaas-config-name (instead of using the default SeamLoginModule) then JAAS authentication will be done using that configuration and the method configured with authenticate-method won't be called.

                If you just want to run some code after authentication is done you can create a org.jboss.seam.postAuthenticate event to do that. See chapter 5 of the reference docs for more info on events.

                • 5. Re: JAAS Authentication and the actor
                  harpritt

                  Shane

                  Your a flipping star

                  nice one mate!

                  youve saved me a real headache... i must have looked all over and asked everyone what the deal was with the doc examples with having BOTH the authenticate-method and jass-config-name... like this...

                  <security:identity authenticate-method="#{authenticator.authenticate}" jaas-config-name="SMSLDAP" />



                  ....its off to chapter 5 we go..... hiiiiiii hooooooooooooooooooo

                  Cheers again

                  • 6. Re: JAAS Authentication and the actor
                    harpritt

                    Done and double done

                    <!--security:identity authenticate-method="#{login.login}"/-->
                     <security:identity jaas-config-name="SMSLDAP"/>
                    
                     <!-- this is cool, it allows us to specify a method to call after the user is authenticated
                     we will use this to populate our actor object-->
                     <event type="org.jboss.seam.postAuthenticate">
                     <action expression="#{login.login}"/>
                     </event>


                    • 7. Re: JAAS Authentication and the actor
                      harpritt

                      Hope this helps another poor sole...

                      this is how i populate my actor object from the identity

                      public boolean login() {
                      actor.setId(identity.getUsername());
                      Iterator principleItr = identity.getSubject().getPrincipals().iterator();
                      while(principleItr.hasNext()){
                      Object principle = principleItr.next();
                      if (principle instanceof SimpleGroup){
                      SimpleGroup simpleGroup = (SimpleGroup) principle;
                      Enumeration simpleGroupMembers = simpleGroup.members();
                      while(simpleGroupMembers.hasMoreElements()){
                      SimplePrincipal aPrincipal = (SimplePrincipal)simpleGroupMembers.nextElement();
                      actor.getGroupActorIds().add(aPrincipal.getName());
                      }
                      }
                      }
                      return true;
                      }

                      • 8. Re: JAAS Authentication and the actor

                        Thank you for helping this poor sole :)

                        I think this should go into documentation ...



                        Best regards,


                        Jo

                        • 9. Re: JAAS Authentication and the actor
                          pmuir

                          Fee free to create a page on the wiki to hold this information.