6 Replies Latest reply on Jun 3, 2008 9:18 PM by infinity2heaven

    Seam security - identity login never gets invoked

    infinity2heaven
    infinity2heaven Jun 3, 2008 1:50 AM

      I've followed Seam Security Reference (also Seam in Action), step by step, however I'm stuck with this rather bizzare problem the whole day. the action #{identity.login} never gets invoked from the login page. However changing it to #{authenticator.authenticat} works.


      login.xhtml 


      
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"

    xmlns:h="http://java.sun.com/jsf/html"

    xmlns:f="http://java.sun.com/jsf/core"

    xmlns:s="http://jboss.com/products/seam/taglib">


     <h:form id="login">

          <h:panelGrid columns="2">

          <h:outputLabel for="username">Username</h:outputLabel>

          <h:inputText id="username" value="#{identity.username}"/>

          <h:outputLabel for="password">Password</h:outputLabel>

          <h:inputSecret id="password" value="#{identity.password}"/>

     </h:panelGrid>

     <div>

     <h:commandButton value="Login" action="#{identity.login}"/>

     </div>

     </h:form>


</html>



      Authenticator 


      

@Name("authenticator")

public class AuthenticatorAction

{

    @In     

    private EntityManager entityManager;

    

    public boolean authenticate()

    {      

       try {              

      entityManager.createQuery("from User where username = :username ")               

     .setParameter("username", Identity.instance().getUsername()).getSingleResult();     

       }      

       catch (NoResultException ex) {              

     return false;

       } 

       return true;        

     }

}



      pages.xml 


      
<?xml version="1.0" encoding="UTF-8"?>

<pages xmlns="http://jboss.com/products/seam/pages"

       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

       xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.0.xsd"

       login-view-id="/login.xhtml">

   

  <page view-id="/*" login-required="true"/>

  

  

  <!-- other navigations -->

  

  <exception class="org.jboss.seam.security.NotLoggedInException">

       <redirect view-id="/login.xhtml">

           <message severity="INFO">You must be logged in to perform this action</message>

       </redirect>

  </exception>

    

</pages>


      components.xml 


      
<?xml version="1.0" encoding="UTF-8"?>

<components xmlns="http://jboss.com/products/seam/components"

     xmlns:core="http://jboss.com/products/seam/core"

     xmlns:web="http://jboss.com/products/seam/web"

     xmlns:security="http://jboss.com/products/seam/security"

     xmlns:persistence="http://jboss.com/products/seam/persistence"

     xmlns:framework="http://jboss.com/products/seam/framework"    

     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

     xsi:schemaLocation=  "http://jboss.com/products/seam/core http://jboss.com/products/seam/core-2.0.xsd               

                 http://jboss.com/products/seam/web http://jboss.com/products/seam/web-2.0.xsd

                 http://jboss.com/products/seam/persistence http://jboss.com/products/seam/persistence-2.0.xsd

                 http://jboss.com/products/seam/security http://jboss.com/products/seam/security-2.0.xsd

                 http://jboss.com/products/seam/components http://jboss.com/products/seam/components-2.0.xsd

                 http://jboss.com/products/seam/framework http://jboss.com/products/seam/framework-2.0.xsd">


     <core:init jndi-pattern="evg-asr-1.0/#{ejbName}/local" debug="true" 

        transaction-management-enabled="true"/>


     <core:manager conversation-timeout="120000" concurrent-request-timeout="500" conversation-id-parameter="cid" />          


     <persistence:managed-persistence-context name="entityManager" auto-create="true" 

          persistence-unit-jndi-name="java:/EntityManagerFactories/asrDatasource" />       

    

    <component name="org.jboss.seam.ui.EntityConverter"/>

    

    <security:identity authenticate-method="#{authenticator.authenticate}"/>     

     

    <event type="org.jboss.seam.notLoggedIn">

       <action execute="#{redirect.captureCurrentView}"/>

    </event>

    <event type="org.jboss.seam.security.postAuthenticate">

        <action execute="#{redirect.returnToCapturedView}"/>

    </event>

  

    <framework:entity-query name="fofsQuery" ejbql="from Fof" />

     

    <framework:entity-home name="fofHome" entity-class="com.evergreen.asr.entity.Fof" />

     <factory name="fof" value="#{fofHome.instance}" />   

       

</components>




      It says, Seam security should work out of the box, well not in my case. Pl suggest if I'm missing something trivial ...

      • 438 Views
      • Tags:
        • 1. Re: Seam security - identity login never gets invoked
          shane.bryzak
          shane.bryzak Jun 3, 2008 1:57 AM (in response to infinity2heaven)

          So what does happen when you click the button?  Have you tried debugging to see what's happening?

            • Actions
          • 2. Re: Seam security - identity login never gets invoked
            infinity2heaven
            infinity2heaven Jun 3, 2008 2:05 AM (in response to infinity2heaven)

            Here goes the complete Request Params and Seam debug logs 


            
20:02:52,300 INFO  [RequestDumper] doFilter( )

20:02:52,300 INFO  [RequestDumper] request.getRequestURI=/asr/login.seam

20:02:52,300 INFO  [RequestDumper] request.getRequestURL=http://localhost:8080/afoo/login.seam

20:02:52,300 INFO  [RequestDumper] request.getAuthType=null

20:02:52,300 INFO  [RequestDumper] request.getRemoteUser=null

20:02:52,300 INFO  [RequestDumper] request.getUserPrincipal=null

20:02:52,315 INFO  [RequestDumper] 

************Request Parameters************

20:02:52,315 INFO  [RequestDumper] javax.faces.ViewState = j_id2...(truncated)...

20:02:52,315 INFO  [RequestDumper] login:username =  asdsada

20:02:52,315 INFO  [RequestDumper] login =  login

20:02:52,315 INFO  [RequestDumper] login:password =  

20:02:52,315 INFO  [RequestDumper] login:j_id8 =  Login

20:02:52,315 INFO  [RequestDumper] ------------------------------------------------------------------------------------------------------------------------


20:02:52,331 DEBUG [Manager] No stored conversation, or concurrent call to the stored conversation

20:02:52,409 INFO  [lifecycle] WARNING: FacesMessage(s) have been enqueued, but may not have been displayed.

sourceId=null[severity=(INFO 0), summary=(Welcome, asdsada), detail=(Welcome, asdsada)]

20:02:52,409 DEBUG [Manager] Discarding conversation state: 5



            The example above doesn't have logs. but I tried it with logs, my method never gets invoked. I don't understand why it says Welcome ... for all scenarios.

              • Actions
            • 3. Re: Seam security - identity login never gets invoked
              shane.bryzak
              shane.bryzak Jun 3, 2008 2:37 AM (in response to infinity2heaven)

              It should only produce the 'welcome' message if authentication is successful.  I recommend you set a breakpoint in Identity.login() (and in your authentication method) to see what's actually happening.

                • Actions
              • 4. Re: Seam security - identity login never gets invoked
                infinity2heaven
                infinity2heaven Jun 3, 2008 4:47 AM (in response to infinity2heaven)

                I'll try that tom, when I'm back at work, but as I mentioned earlier, it doesnt print the logs in the method if I call #{identity.login} . I can confirm that.


                Strange, I know -- that's why I'm stuck

                  • Actions
                • 5. Re: Seam security - identity login never gets invoked
                  infinity2heaven
                  infinity2heaven Jun 3, 2008 5:40 PM (in response to infinity2heaven)

                  Alrite, so here is the root cause.


                  1) I tried with the same code in Seam Registration example and it WORKS like a charm. So there is nothing wrong with my Seam security related code.


                  2) After a lot of debugging, I decided to discard my JBoss which is our corporate custom version of 4.2.1 with some security related customization (SSO, certificates etc ..). I'm not using any of them for my app, the jars and the configs are just lying in case any corporate app needs them. Also, I really don't have in depth knowledge of these customizations. (I could possibly find out, though)


                  I downloaded a fresh copy of 4.2.1 from jboss, and guess what
                  -- The same code works! Security works in my application!



                  Now, I have emailed this to our Architecture team but I'm guessing they wouldn't have much idea either. My question is -- is this a normal behaviour? I don't think so -- because if a server side functionality should heavily depend on a version of the same app server, then it should be clearly documented in Seam unlike giving an impression that it works out of the box.


                  Shane -- Could you please give me some hints on what config files I should look for in my jboss version to debug this? Any logs .. etc, I'd be willing to share.


                  Any help is greatly appreciated.

                    • Actions
                  • 6. Re: Seam security - identity login never gets invoked
                    infinity2heaven
                    infinity2heaven Jun 3, 2008 9:18 PM (in response to infinity2heaven)

                    Finally fixed the problem, This is nothing to do with Seam. We had another jar in our JBoss distribution that had an SSO implementation of Seam's Identity. Since that component's name was Identity too, my app never called Seam's in built Identity.


                    Finally, JBoss debug logs helped me to see the instance of Seam Identity ...


                    Seam Security works great now!

                      • Actions