The Identity Management API is new in Seam 2.1. what version are you using? In pre-2.1 Seam apps, you specified the authenticator method in the components.xml:
Most likely you're talking about Seam 2.1 b/c of the reference to @org.jboss.seam.annotations.security.management.UserPrincipal
You can use JpaIdentityStore for both authentication (verify credentials) and authorization (role restriction). You can also use LdapIdentityStore (e.g. to access data in Active Directory) in conjunction with JpaIdentityStore (e.g. the seamspace example uses this approach). Unfortunately, it is difficult to fully understand the example apps and the new security API. Your best bet is to implement authent/author using JpaIdentityStore only at first to keep things simple so you only have to deal with one repository at a time (in this case it's RDBMS tables).
BTW, it's not SEAM (it's not an acronym)...
Yes, I am using Seam 2.1 and JpaIdentityStore for both users and roles defined in a MySQL database. However, I am getting a 'Login Failed' message when using a valid username and password. I am attempting to debug the situation but do not know what is being executed after I call identity.login() from the command button. I found the message in the message properites but I am not sure what code detected that it was an unautherized login.
I have commented out the authenticate-method in my components.xml since I am using Seam 2.1. What code is adding the login failed message to the message queue?
You have to provide user entity and role entity for using JpaIdentitystore. If you want authenticate user according to jpaidentitystore you can find how to here . If you want more custom authentication and role based security you'd better write an identitystore which implements org.jboss.seam.security.management.IdentityStore .
I have looked at the documentation you referred to and it is still not obvious to me what happens. I have created and annotated the user and role classes, but the command button in my login.xhtml executes identity.login(). The documentation you refer to references the JpaIdentityStore.EVENTUSERAUTHENTICATED event. It does not go into 'Login Failed'
Do I need an @Observer. What black box am I going into when I call identity.login()? Does it somehow execute the authenicate method in the jpaIdentityStore and what catches an invalid login?
i bumped into same thing a while back. problem was username and password was not that valid. i mean i had added these values into the database manually, while they seem completely correct (tried both encrypted and plain) identityManager always disagreed. i overcame it by adding a user over identityManager.createUser in a utility function prior to try logging in. it may work for you too if you've added your users manually as well. if not you should provide more information, like your components.xml and some sources etc.
Busted. Yes I did add them manually into the db. Thanks alot. I still do not understand how the login process works, but it sounds like I have a new postive direction. Thanks again Erdem.
Jpa Identity store has its' own methods for nearly everything possible on a user. You can find them here. If you like to change/add/remove stg you have to do it using your identitymanager for consistency. If you want to provide these functionality by yourself you better write your own identity store and use it.
hi all, i'm using the same example and i have a problem with hash mode. In first I added username and password manually into db with hash="none", and login it's ok. when i change hash mode in md5 login failed! the same thing is with registering a new user. I can register a new user when hash="none" everythink is ok, when i change in hash="md5" or hash="sha" in annotation @UserPassword(hash = "md5") it doesn't work, i have this Exception java.lang.IllegalStateException: Could not commit transaction.
Enyone have i idea of this problem?