7 Replies Latest reply on Apr 30, 2009 7:47 PM by bgroeneveld

Use IdentityStore and JPA authentication

chris.simons Nov 13, 2008 2:55 PM

I'm reading up on the new Seam security features.

Is it possible to configure Seam to point to an IdentityStore (such as LDAP) but also provide authentication via JPA? Ex. Giving the user the option to login using Exchange password or internal authentication. Would doing so exclude the ability to use the new IdentityStore?

Also, I'm having trouble getting my page to redirect after login. This worked before upgrading to Seam 2.1.SP1. Any ideas of what I may be missing?

Thanks.

1. Re: Use IdentityStore and JPA authentication

andre.eugenio Nov 13, 2008 3:00 PM (in response to chris.simons)
You can provide your custom authentication method configuring in components.xml

<security:identity authenticate-method="#{customBean.customMethod}" />
Actions
2. Re: Use IdentityStore and JPA authentication

chris.simons Nov 13, 2008 3:05 PM (in response to chris.simons)

Andre,

I do have that in my components.xml. I assume you're saying that within the customMethod, I would be providing the means to check both authentication systems. However, would this preclude the ability to define an IdentityStore?

Thanks.
Actions
3. Re: Use IdentityStore and JPA authentication

andre.eugenio Nov 13, 2008 6:25 PM (in response to chris.simons)

I guess not because the identityStore it's responsible for a lot more of things than just authenticate the user.
Actions
4. Re: Use IdentityStore and JPA authentication

shane.bryzak Nov 13, 2008 6:58 PM (in response to chris.simons)

The easiest way to achieve what you want is probably to extend IdentityManager and override the authenticate() method so that it attempts to authenticate with both of your identity stores. Of course for all other identity management-related functionality you're going to be limited to just one identity store. This means that for user management (if you have it in your app) you'll only see the usernames provided by your chosen identity store implementation. Oh, and you'll only be able to load roles from one identity store also.
Actions
5. Re: Use IdentityStore and JPA authentication

chris.simons Nov 13, 2008 7:21 PM (in response to chris.simons)

Thanks, Shane, that's the answer I needed.
Actions
6. Re: Use IdentityStore and JPA authentication

bgroeneveld Apr 29, 2009 6:37 PM (in response to chris.simons)

Extending the JpaIdentityStore to override the authenticate() method works great - thanks! Now it would be nice to be able to provide our own user and role entities using the components.xml definition. We would still like to read our roles from persistent storage. Assumedly, some form of:

<security:jpa-identity-store user-class="com.company.security.User" role-class="com.company.security.Role" />

Looking at the JpaIdentityStore it isn't even clear to us how to set the User and Role entity classes otherwise - can you provide us with some direction? Thanks!
Actions

7. Re: Use IdentityStore and JPA authentication

bgroeneveld Apr 30, 2009 7:47 PM (in response to chris.simons)

Overriding JpaIdentityStore.init() does provide a solid workaround:

|
    @Create
    @Override
    public void init()
    {          
       setUserClass(com.company.security.User.class);
       setRoleClass(com.company.security.Role.class);
       super.init();
       return;
    }
|

Go to original post