-
1. Re: JAAS login without JSF or JSP
dhinojosa Feb 14, 2008 3:48 PM (in response to dhartford)This is worth a try. Complete the setup in 13.4.8.1 in the seam documentation which will use your container's JAAS configuration You can just create an HTML/XHTML file with something like the following:
<form id='security_check' action='j_security_check'> Username: <input type='text' id='j_username'/> Password: <input type='password' id='j_password'/> </form>
and then implement your Authenticator which Seam will call on for you.
-
2. Re: JAAS login without JSF or JSP
dhartford Feb 14, 2008 3:59 PM (in response to dhartford)yup, already tried that, and I still can't get it to work.
The project I can not get to work is here (showing how much stuff I've already tried):
http://jira.jboss.org/jira/browse/JBSEAM-2325Call me an idiot, I don't care, I need a full, working example to make sure nothing is missed.
.html/.xhtml
component.xml
web.xml
seam classes (like the authenticator) -
3. Re: JAAS login without JSF or JSP
dhinojosa Feb 14, 2008 4:45 PM (in response to dhartford)So....just checking on some other stuff. I assume you already put all the security-constraints, web-resource-collections, and auth-constraints into the web.xml? Another thing that I know is that if you use the jboss/tomcat combination or any tomcat based app, the JAAS security is challenge-based only.
P.S. I won't call you an idiot, it's just not my style....Plus I tend to f**k things up more than a lot of people (just the way I learn) so I'd be a complete hypocrite in doing so. ;)
-
4. Re: JAAS login without JSF or JSP
dhartford Feb 14, 2008 10:47 PM (in response to dhartford)<blockquote>
_Daniel Hinojosa wrote on Feb 14, 2008 04:45 PM:_<br/>I assume you already put all the security-constraints, web-resource-collections, and auth-constraints into the web.xml
</blockquote>
yes, setup with web.xml <security-constraints>, tried without, and tried many other combinations -- one such implemented attempt with actual code and config files is at:
http://jira.jboss.org/jira/browse/JBSEAM-2325
Another forum thread I started couple months ago with no feedback here, but some discoveries that may or may not be correct:
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4109370#4109370
And after this many months, still no idea how to handle JAAS without JSF/JSP. -
5. Re: JAAS login without JSF or JSP
dhartford Feb 14, 2008 10:51 PM (in response to dhartford)uh - WTF? The forum just clipped all my content :-(
To repeat:
Yes, setup security contraint on web.xml. Tried without security constraint. Tried a variety of combinations without success. One sample implementation that I tried, with actual code and config files, is here:
http://jira.jboss.org/jira/browse/JBSEAM-2325
Old forum post with some info, but probably not useful as no one responded:
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4109370#4109370 -
6. Re: JAAS login without JSF or JSP
christian.bauer Feb 14, 2008 11:39 PM (in response to dhartford)Did the text preview work? Did you use it? Did you use the formatting dropdown or the HELP? We need to know what the problem is.
-
7. Re: JAAS login without JSF or JSP
dhinojosa Feb 21, 2008 5:06 PM (in response to dhartford)Forgot to ask, did you also set up the JAAS on your app server, in login-config.xml?
-
8. Re: JAAS login without JSF or JSP
dhartford Feb 21, 2008 5:11 PM (in response to dhartford)yes, I setup the JAAS realm in the login-config.xml.
You can also dynamically load the JAAS realms through a jboss SAR approach, which is what I do (this is proven again and again, this works correctly).
<mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="com.domain.app:service=DynamicLoginConfig">
<attribute name="AuthConfig">myapp-login-config.xml</attribute>
<depends optional-attribute-name="LoginConfigService">jboss.security:service=XMLLoginConfig</depends>
<depends optional-attribute-name="SecurityManagerService">jboss.security:service=JaasSecurityManager</depends>
</mbean>However, the dynamic login approach has no bearing, as I've tested with directly changed login-config.xml as well just to make triple sure.
-
9. Re: JAAS login without JSF or JSP
dhartford Feb 21, 2008 5:22 PM (in response to dhartford)If someone could create a working sample project that uses the JAAS login approach without JSF or JSP, it would be very easy to move forward from there -- avoid a lot of question/answers about a capability or feature that may not exist.
The documentation has proven very clearly (to me) to be insufficient. If someone feels the documentation is sufficient, prove me wrong with a working example :-)
-
10. Re: JAAS login without JSF or JSP
dhartford May 5, 2008 3:58 PM (in response to dhartford)Seam login with JAAS without JSF or JSP (i.e. normal HTML/XHTML). Intent is to incorporate with GWT (or, if you have a GWT example, that'll be great as well).
-
11. Re: JAAS login without JSF or JSP
amit.u.purohit Dec 1, 2008 9:00 AM (in response to dhartford)Hi Darren,
I too need implement JAAS security with HTML/JSP pages in JBOSS-Seam application. Do you have any sample application that you can share with me.
Thanks in advance,
Amit