4 Replies Latest reply on Feb 22, 2010 7:25 AM by twhitehead.twhiteheadjm.hotmail.com

login failed, about identity manager, is there any thing I missed?

stenlylee Jan 15, 2009 9:13 PM

I followed the reference to config the identity manager

<security:identity remember-me="true"/>
<security:identity-manager identity-store="#{ldapIdentityStore}" role-identity-store="#{jpaIdentityStore}"/>
<security:jpa-identity-store user-class="com.city6life.nife.session.entity.Person" role-class="com.city6life.nife.session.entity.Role"/>
<security:jpa-permission-store user-permission-class="com.city6life.nife.session.entity.Permission"/>
<security:rule-based-permission-resolver security-rules="#{securityRules}"/>

and the database is completed.(when jboss startup, there is not errors)

the entities and the annotations are also written.

there is a record in my database: username-admin ,password-11

but whatever I input in the login.xhtml, there always a login failed message

is there any thing I missed?

thx for any help!

1. Re: login failed, about identity manager, is there any thing I missed?

stenlylee Jan 16, 2009 5:13 AM (in response to stenlylee)

I know what is the problem

the password in my database is "11"

but I forget to config the hash="none" in the password annotation

so seam can't find the MD5 password

but there is another problem

when I create a new project, and the first user I insert to the table manual

I can't know what's to input in the password field

I try to get the MD5 of "11":
MD5(11,32) = 6512bd43d9caa6e02c990b0a82652dca
MD5(11,16) = d9caa6e02c990b0a

and insert the value into the table manual(both 16 and 32 char I've tried )

it still tell me login failed
Actions
2. Re: login failed, about identity manager, is there any thing I missed?

buckmin.erdem.agaoglu.gmail.com Jan 16, 2009 11:33 AM (in response to stenlylee)
i've had the same exact problem just yesterday,
although i could not find exact cause, i managed a workaround. i was using JpaIdentityStore for both user and role but might give an idea.

written a small bean that just creates a user by means of identity manager but bypassing permission checks through direct access to identitystore. then i added a control to login which creates the user, simply

#{someComponent.createUser} ---- @In Credentials credentials; @In IdentityManager identityManager; public void createUser(){ identityManager.getIdentityStore().createUser( credentials.getUsername(),credentials.getPassword(),null,null); }

users created this way are able to login while manual additions to database are not. i double checked database entries for both md5 password hashes and plain texts. there seems to be no problem at that end, but i did not check details.
Actions
3. Re: login failed, about identity manager, is there any thing I missed?

rave Jan 19, 2009 5:01 PM (in response to stenlylee)

Maybe this helps:

Passwords are hashed by default using the user's username as the salt. This is easily overridden by extending JpaIdentityStore and overriding the getUserAccountSalt() method. Oh, and password hashes are themselves generated by a new Seam component called called PasswordHash, which is itself overridable too. So no matter what you want to do, it's customisable at every step.

[found @ http://in.relation.to/Bloggers/SeamSecurityGetsAnUpgrade]
Actions
4. Re: login failed, about identity manager, is there any thing I missed?

twhitehead.twhiteheadjm.hotmail.com Feb 22, 2010 7:25 AM (in response to stenlylee)
I see you have

identity-store="#{ldapIdentityStore}"

implying you want to authenticate agains ldap not your database.
Actions

Go to original post