12 Replies Latest reply on Mar 23, 2008 6:41 PM by alex_ro_bv

    Identity problem

    alex_ro_bv

      Hi to all,
      I have a problem with identity check. I've made my own login, but even though I'm logged in, it still redirects me to login.xhtml when I hit the create button of any form. The site is generated with seam generate-entities and I've already tried to delete the section with org.jboss.seam.security.NotLoggedInException from pages.xml but still doesn't work
      Can anyone help me and tell me what to do to skip this redirect to the login.xhtml?

        • 1. Re: Identity problem
          msystems

          Please post more information, like pages.xml and some Java and JSF code.

          • 2. Re: Identity problem
            alex_ro_bv

            This is a seam feature, security option in the components.xml. I have to disable it somehow but I haven't yet figured out how.
            in components.xml for generated projects with seam, I have :


            <drools:rule-base name="securityRules">
                   <drools:rule-files>
                       <value>/security.drl</value>
                   </drools:rule-files>
               </drools:rule-base>
            
               <security:identity security-rules="#{securityRules}" remember-me="true"/>
               
               <event type="org.jboss.seam.security.notLoggedIn">
                   <action execute="#{redirect.captureCurrentView}"/>
               </event>
               <event type="org.jboss.seam.security.loginSuccessful">
                   <action execute="#{redirect.returnToCapturedView}"/>
               </event>
            



            and in the page.xml I have :


            <exception class="org.jboss.seam.security.NotLoggedInException">
                    <redirect view-id="/login.xhtml">
                        <message>Please log in first</message>
                    </redirect>
                </exception>
            



            I've made my own login controller but if I'm logged in the seam security thinks I'm not and whenever I try to access a page with a protected by seam security, it returns me to the login.xhtml .
            I have to disable it from components or page but don't know how.

            • 3. Re: Identity problem
              alex_ro_bv

              According to seam documentation, I should replace the security section from components.xml with the folllowing line


                 <security:identity authenticate-method="#{loginCtrl.loggedIn}"/>
              



              where loginCtrl :


              package beans.session.login;
              
              import javax.ejb.Stateless;
              import javax.faces.context.FacesContext;
              import javax.servlet.http.HttpSession;
              import org.jboss.seam.annotations.Name;
              import beans.session.listener.Constants;
              
              @Stateless 
              @Name("loginCtrl")
              public class LoginController implements Login {
                 
                  public boolean isLoggedIn(){
                       HttpSession session = (HttpSession)FacesContext.getCurrentInstance().getExternalContext().getSession(true);
                       if(session.getAttribute(Constants.LOGGED_USER)!=null){
                            return true;
                       }else{
                            return false;
                       }
                  }
              
              }
              



              even doing so, the result is the same... It stills redirects me to the login.xhtml.

              • 4. Re: Identity problem
                msystems

                Have you read http://docs.jboss.com/seam/2.0.1.GA/reference/en/html_single/#security ?


                And where is your authenticate method? And are you really using security rules?


                Here is a snippet of the components.xml I'm using:


                    <drools:rule-base name="securityRules">
                        <drools:rule-files>
                            <value>/META-INF/security.drl</value>
                        </drools:rule-files>
                    </drools:rule-base>
                    <security:identity authenticate-method="#{authenticatorService.authenticate}" security-rules="#{securityRules}"/>
                



                If you're not using security rules:


                <security:identity authenticate-method="#{<component name>.<method name>}"/>
                

                • 5. Re: Identity problem
                  msystems

                  alex ardelean wrote on Mar 23, 2008 12:17 PM:


                  According to seam documentation, I should replace the security section from components.xml with the folllowing line

                     <security:identity authenticate-method="#{loginCtrl.loggedIn}"/>
                  




                  authenticate-method is a method-expression and not a value-expression - you need:


                  <security:identity authenticate-method="#{loginCtrl.isLoggedIn}"/>
                  

                  • 6. Re: Identity problem
                    alex_ro_bv

                    I've tried with


                    <security:identity authenticate-method="#{loginCtrl.isLoggedIn}"/>
                    



                    And still no result. I don't understand why it still redirects me to login.xhtml since I've deleted the


                    <drools:rule-base name="securityRules">
                           <drools:rule-files>
                               <value>/security.drl</value>
                           </drools:rule-files>
                       </drools:rule-base>
                    
                       <security:identity security-rules="#{securityRules}" remember-me="true"/>
                       
                       <event type="org.jboss.seam.security.notLoggedIn">
                           <action execute="#{redirect.captureCurrentView}"/>
                       </event>
                       <event type="org.jboss.seam.security.loginSuccessful">
                           <action execute="#{redirect.returnToCapturedView}"/>
                       </event>
                    


                    from components.xml. I've deleted even the content of security.drl, and still nothing happens.

                    • 7. Re: Identity problem
                      msystems

                      Try to debug - set a breakpoint in LoginController.isLoggedIn.


                      You need to navigate to another page after login - e.g. using pages.xml.


                      If you have a pages.xml, then please show it.

                      • 8. Re: Identity problem
                        alex_ro_bv

                        LoginController works fine. I know this because it is used as  a rendered condition of some items of the menu. The content of pages.xml is the following:


                        <?xml version="1.0" encoding="UTF-8"?>
                        <pages xmlns="http://jboss.com/products/seam/pages"
                               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                               xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.1.xsd"
                        
                               no-conversation-view-id="/home.xhtml"
                               login-view-id="/login.xhtml">
                        
                            <page view-id="*">
                                <navigation>
                                    <rule if-outcome="home">
                                        <redirect view-id="/home.xhtml"/>
                                    </rule>
                                </navigation>
                            </page> 
                        
                            <exception class="org.jboss.seam.framework.EntityNotFoundException">
                                <redirect view-id="/error.xhtml">
                                    <message>Not found</message>
                                </redirect>
                            </exception>
                            
                            <exception class="javax.persistence.EntityNotFoundException">
                                <redirect view-id="/error.xhtml">
                                    <message>Not found</message>
                                </redirect>
                            </exception>
                            
                            <exception class="javax.persistence.OptimisticLockException">
                                <end-conversation/>
                                <redirect view-id="/error.xhtml">
                                    <message>Another user changed the same data, please try again</message>
                                </redirect>
                            </exception>
                            
                            <exception class="org.jboss.seam.security.AuthorizationException">
                                <redirect view-id="/error.xhtml">
                                    <message>You don't have permission to do this</message>
                                </redirect>
                            </exception>
                            
                            <exception class="org.jboss.seam.security.NotLoggedInException">
                                <redirect view-id="/login.xhtml">
                                    <message>Please log in first</message>
                                </redirect>
                            </exception>
                            
                            <exception class="javax.faces.application.ViewExpiredException">
                                <redirect view-id="/error.xhtml">
                                    <message>Your session has timed out, please try again</message>
                                </redirect>
                            </exception>
                             
                            <exception>
                                <redirect view-id="/error.xhtml">
                                    <message>Unexpected error, please try again</message>
                                </redirect>
                            </exception>
                            
                        </pages>
                        
                        


                        After a quick debug, I've noticed that when deployed, the log contains this line


                        org.jboss.seam.security.identity.authenticateMethod=#{loginCtrl.isLoggedIn}
                        



                        but LoginCtrl.isLoggedIn it is not called when it redirects me. It is not called when I try to access a page and sends me to the login.xhtml.

                        • 9. Re: Identity problem
                          shane.bryzak

                          You could try renaming the method to something that doesn't start with is.

                          • 10. Re: Identity problem
                            msystems

                            Looks like you have a login.xhtml page - are you sure you're calling #{identity.login} from the login.xhtml?


                            You need to trigger the login.


                            Or you could try:


                                <page view-id="*">
                                    <action execute="#{identity.login}" if="#{!identity.loggedIn}"/>
                            
                                    <navigation>
                                        <rule if-outcome="home">
                                            <redirect view-id="/home.xhtml"/>
                                        </rule>
                                    </navigation>
                                </page> 
                            



                            Your login control/logic is a lot different from mine and its a little bit odd to use:


                            <action execute="#{identity.login}" if="#{!identity.loggedIn}"/>



                            But maybe with your login control/logic it will work just fine.


                            I will recommend you to read more about security.

                            • 11. Re: Identity problem
                              alex_ro_bv

                              I've built my own login, I hoped I didn't have to use identity. This was my whole point... to bypass somehow identity from seam, and to replace it with my own class. But I hit this problem unfortunally. Now it seems that I have to trigger somehow the identity.login after all. How can I override the login method to do what I wish to do?

                              • 12. Re: Identity problem
                                alex_ro_bv

                                ok, resolved. In my login method I've put identity.setUsername, identity.setPassword, identity.login() and it worked. I will look for a simpler method in the future cause this seems to be a workaround but does the trick, thanks.