-
1. Re: Identity problem
msystems Mar 23, 2008 11:45 AM (in response to alex_ro_bv)Please post more information, like pages.xml and some Java and JSF code.
-
2. Re: Identity problem
alex_ro_bv Mar 23, 2008 11:59 AM (in response to alex_ro_bv)This is a seam feature, security option in the components.xml. I have to disable it somehow but I haven't yet figured out how.
in components.xml for generated projects with seam, I have :<drools:rule-base name="securityRules"> <drools:rule-files> <value>/security.drl</value> </drools:rule-files> </drools:rule-base> <security:identity security-rules="#{securityRules}" remember-me="true"/> <event type="org.jboss.seam.security.notLoggedIn"> <action execute="#{redirect.captureCurrentView}"/> </event> <event type="org.jboss.seam.security.loginSuccessful"> <action execute="#{redirect.returnToCapturedView}"/> </event>
and in the page.xml I have :
<exception class="org.jboss.seam.security.NotLoggedInException"> <redirect view-id="/login.xhtml"> <message>Please log in first</message> </redirect> </exception>
I've made my own login controller but if I'm logged in the seam security thinks I'm not and whenever I try to access a page with a protected by seam security, it returns me to the login.xhtml .
I have to disable it from components or page but don't know how. -
3. Re: Identity problem
alex_ro_bv Mar 23, 2008 12:17 PM (in response to alex_ro_bv)According to seam documentation, I should replace the security section from components.xml with the folllowing line
<security:identity authenticate-method="#{loginCtrl.loggedIn}"/>
where loginCtrl :
package beans.session.login; import javax.ejb.Stateless; import javax.faces.context.FacesContext; import javax.servlet.http.HttpSession; import org.jboss.seam.annotations.Name; import beans.session.listener.Constants; @Stateless @Name("loginCtrl") public class LoginController implements Login { public boolean isLoggedIn(){ HttpSession session = (HttpSession)FacesContext.getCurrentInstance().getExternalContext().getSession(true); if(session.getAttribute(Constants.LOGGED_USER)!=null){ return true; }else{ return false; } } }
even doing so, the result is the same... It stills redirects me to the login.xhtml.
-
4. Re: Identity problem
msystems Mar 23, 2008 12:19 PM (in response to alex_ro_bv)Have you read http://docs.jboss.com/seam/2.0.1.GA/reference/en/html_single/#security ?
And where is your authenticate method? And are you really using security rules?
Here is a snippet of the components.xml I'm using:
<drools:rule-base name="securityRules"> <drools:rule-files> <value>/META-INF/security.drl</value> </drools:rule-files> </drools:rule-base> <security:identity authenticate-method="#{authenticatorService.authenticate}" security-rules="#{securityRules}"/>
If you're not using security rules:
<security:identity authenticate-method="#{<component name>.<method name>}"/>
-
5. Re: Identity problem
msystems Mar 23, 2008 12:34 PM (in response to alex_ro_bv)
alex ardelean wrote on Mar 23, 2008 12:17 PM:
According to seam documentation, I should replace the security section from components.xml with the folllowing line<security:identity authenticate-method="#{loginCtrl.loggedIn}"/>
authenticate-method is a method-expression and not a value-expression - you need:
<security:identity authenticate-method="#{loginCtrl.isLoggedIn}"/>
-
6. Re: Identity problem
alex_ro_bv Mar 23, 2008 12:44 PM (in response to alex_ro_bv)I've tried with
<security:identity authenticate-method="#{loginCtrl.isLoggedIn}"/>
And still no result. I don't understand why it still redirects me to login.xhtml since I've deleted the
<drools:rule-base name="securityRules"> <drools:rule-files> <value>/security.drl</value> </drools:rule-files> </drools:rule-base> <security:identity security-rules="#{securityRules}" remember-me="true"/> <event type="org.jboss.seam.security.notLoggedIn"> <action execute="#{redirect.captureCurrentView}"/> </event> <event type="org.jboss.seam.security.loginSuccessful"> <action execute="#{redirect.returnToCapturedView}"/> </event>
from components.xml. I've deleted even the content of security.drl, and still nothing happens.
-
7. Re: Identity problem
msystems Mar 23, 2008 2:07 PM (in response to alex_ro_bv)Try to debug - set a breakpoint in LoginController.isLoggedIn.
You need to navigate to another page after login - e.g. using pages.xml.
If you have a pages.xml, then please show it.
-
8. Re: Identity problem
alex_ro_bv Mar 23, 2008 2:43 PM (in response to alex_ro_bv)LoginController works fine. I know this because it is used as a rendered condition of some items of the menu. The content of pages.xml is the following:
<?xml version="1.0" encoding="UTF-8"?> <pages xmlns="http://jboss.com/products/seam/pages" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.1.xsd" no-conversation-view-id="/home.xhtml" login-view-id="/login.xhtml"> <page view-id="*"> <navigation> <rule if-outcome="home"> <redirect view-id="/home.xhtml"/> </rule> </navigation> </page> <exception class="org.jboss.seam.framework.EntityNotFoundException"> <redirect view-id="/error.xhtml"> <message>Not found</message> </redirect> </exception> <exception class="javax.persistence.EntityNotFoundException"> <redirect view-id="/error.xhtml"> <message>Not found</message> </redirect> </exception> <exception class="javax.persistence.OptimisticLockException"> <end-conversation/> <redirect view-id="/error.xhtml"> <message>Another user changed the same data, please try again</message> </redirect> </exception> <exception class="org.jboss.seam.security.AuthorizationException"> <redirect view-id="/error.xhtml"> <message>You don't have permission to do this</message> </redirect> </exception> <exception class="org.jboss.seam.security.NotLoggedInException"> <redirect view-id="/login.xhtml"> <message>Please log in first</message> </redirect> </exception> <exception class="javax.faces.application.ViewExpiredException"> <redirect view-id="/error.xhtml"> <message>Your session has timed out, please try again</message> </redirect> </exception> <exception> <redirect view-id="/error.xhtml"> <message>Unexpected error, please try again</message> </redirect> </exception> </pages>
After a quick debug, I've noticed that when deployed, the log contains this line
org.jboss.seam.security.identity.authenticateMethod=#{loginCtrl.isLoggedIn}
but LoginCtrl.isLoggedIn it is not called when it redirects me. It is not called when I try to access a page and sends me to the login.xhtml.
-
9. Re: Identity problem
shane.bryzak Mar 23, 2008 3:23 PM (in response to alex_ro_bv)You could try renaming the method to something that doesn't start with
is
. -
10. Re: Identity problem
msystems Mar 23, 2008 4:54 PM (in response to alex_ro_bv)Looks like you have a login.xhtml page - are you sure you're calling #{identity.login} from the login.xhtml?
You need to trigger the login.
Or you could try:
<page view-id="*"> <action execute="#{identity.login}" if="#{!identity.loggedIn}"/> <navigation> <rule if-outcome="home"> <redirect view-id="/home.xhtml"/> </rule> </navigation> </page>
Your login control/logic is a lot different from mine and its a little bit odd to use:
<action execute="#{identity.login}" if="#{!identity.loggedIn}"/>
But maybe with your login control/logic it will work just fine.
I will recommend you to read more about security.
-
11. Re: Identity problem
alex_ro_bv Mar 23, 2008 6:36 PM (in response to alex_ro_bv)I've built my own login, I hoped I didn't have to use identity. This was my whole point... to bypass somehow identity from seam, and to replace it with my own class. But I hit this problem unfortunally. Now it seems that I have to trigger somehow the identity.login after all. How can I override the login method to do what I wish to do?
-
12. Re: Identity problem
alex_ro_bv Mar 23, 2008 6:41 PM (in response to alex_ro_bv)ok, resolved. In my login method I've put identity.setUsername, identity.setPassword, identity.login() and it worked. I will look for a simpler method in the future cause this seems to be a workaround but does the trick, thanks.