-
1. Re: Seam 2.1GA + plain J2EE security: userPrinicpal is null..
xnejp03.pnejedly.ondemand.co.uk Oct 24, 2008 12:34 PM (in response to titou09)I'd like to know about this too. Something like this:
@In UserPrincipal principal;
is not working. It is because the http request is wrapped in IdentityRequestWrapper (in IdentityFilter) and its getUserPrincipal() method is reading principal variable on Identity component.
Is there a way of disabling Seam's Identity management altogether, in order not to wrap the request? Or is there another solution (e.g. configuring Identity component to work the same way Seam worked in pre 2.1 )?
Many thanks,
Petr
-
2. Re: Seam 2.1GA + plain J2EE security: userPrinicpal is null..
xnejp03.pnejedly.ondemand.co.uk Oct 24, 2008 1:55 PM (in response to titou09)I made it work by extending IdentityFilter component and using it instead of the built-in one.
@Scope(ScopeType.APPLICATION) @Name("org.jboss.seam.web.identityFilter") @BypassInterceptors @Filter(within = {"org.jboss.seam.web.multipartFilter"}) public class IdentityFilter extends AbstractFilter { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { chain.doFilter(request, response); } }
<component name="org.jboss.seam.web.identityFilter" class="mypackage.IdentityFilter" precedence="20" startupDepends="org.jboss.seam.security.identity"/>
Is this going to break anything if I don't want to use Seam's Identity management? -
3. Re: Seam 2.1GA + plain J2EE security: userPrinicpal is null..
shane.bryzak Oct 24, 2008 4:31 PM (in response to titou09)You are not forced to use Seam Security if you don't want to - Seam is all about choice :) I'm quite certain that Seam Security won't interfere if you want to use plain EJB security, however if you come across any issues with security breakage because of it please raise it here on the forums.
-
4. Re: Seam 2.1GA + plain J2EE security: userPrinicpal is null..
titou09 Oct 24, 2008 5:09 PM (in response to titou09)JIRA JBSEAM-3629 created
(Petr, I copy/pastedd some of your sentences) -
5. Re: Seam 2.1GA + plain J2EE security: userPrinicpal is null..
titou09 Oct 27, 2008 5:47 PM (in response to titou09)Petr,
I found another (better?)(official?) workaround.
Add<web:identity-filter disabled="true" />
in components.xml
I don't know if this is officialy the correct way to use seam v2.1GA with plain J2EE security
Shane,
If this is the correct way to use seam v2.1.0GA with plain J2EE security, then please add this to themigration guide
and also to the documentation, if so I'll downgrade the opened JIRA
If not, then please check the JIRA -
6. Re: Seam 2.1GA + plain J2EE security: userPrinicpal is null..
xnejp03.pnejedly.ondemand.co.uk Oct 27, 2008 7:39 PM (in response to titou09)Brilliant, Denis. Thanks.
-
7. Re: Seam 2.1GA + plain J2EE security: userPrinicpal is null..
eirirlar Nov 14, 2008 1:57 PM (in response to titou09)I've deployed on Tomcat 6 and have the same issue when installing the seam filter. The following always return null:
facesContext.getExternalContext().getUserPrincipal()
1 to get this fixed asap :)
I'm rolling back to seam-2.0 for now.
-
8. Re: Seam 2.1GA + plain J2EE security: userPrinicpal is null..
shane.bryzak Nov 16, 2008 12:04 AM (in response to titou09)Did you disable IdentityFilter?
-
9. Re: Seam 2.1GA + plain J2EE security: userPrinicpal is null..
jeckhart Mar 18, 2009 6:29 PM (in response to titou09)Another mechanism to get to the underlying container Principal (ServletRequest.getUserPrincipal()) and username (ServletRequest.getRemoteName()) is to disable Seam security altogether:
ie: In components.xml:
<core:init security-enabled="false" />