Seam and security context
chawax Apr 28, 2008 2:29 PMHi,
I have a Seam application using EJB components. Some EJB components have an interceptor to check security, so I need to retrieve the principal. I did it this way :
public class SecurityInterceptor { @javax.annotation.Resource protected javax.ejb.SessionContext context; @javax.interceptor.AroundInvoke public Object execute(javax.interceptor.InvocationContext ctx) throws Exception { try { if (context != null) { if (context.getCallerPrincipal() != null) { System.out.println(context.getCallerPrincipal().getName()); } } return ctx.proceed(); } catch (Exception e) { e.printStackTrace(); throw e; } } }
This interceptor works well when I run unit tests with JBoss microcontainer. But it fails when I call EJBs from a Seam component, with a No valid security context for the caller identity message.
I wrote an authenticator Seam component, with this authenticate method :
public boolean authenticate() throws java.lang.Exception { String username = Identity.instance()getUsername(); String password = Identity.instance().getPassword(); VOCompteUtilisateur utilisateur = getServiceUtilisateur().getCompteUtilisateur(username); if (utilisateur != null && utilisateur.getPassword().equals(password)) { this.utilisateur = utilisateur; this.actor.setId(utilisateur.getMatriculeEmploye()); this.actor.getGroupActorIds().add(utilisateur.getMatriculeEmploye()); StringTokenizer roles = new StringTokenizer(utilisateur.getRoles(),","); while (roles.hasMoreTokens()) { String role = roles.nextToken(); identity.addRole(role); } return true; } else return false; }
I guess I have something to do before returning true to integrate Seam identity and EJB security context. I saw there's a authenticate method in org.jboss.seam.security.Identity class, waiting for a javax.security.auth.login.LoginContext parameter. Is it the method I should use ? And where can I retrieve this login context ?
Thanks in advance for your help ;)