8 Replies Latest reply: Jun 23, 2010 6:01 AM by bledar aga RSS

    Authentication using IdentityManager

    Mike Brooks Newbie

      I am a SEAM newbie (as will become more obvious) and am trying to use IdentityManager for username/password authentication.  It was my understanding that you did not need to write your own authenticator method, since I was using @USERPRINCIPAL etc.  When I ran my code I got a 'Login Failed' message.  It is not obvious to me where this message came from.  I did have a command button which call identity.login() but again it is not obvious to me what code is getting called and what if any observers are catching the login failed message.  I looked at the tutorial and the seamspace app but I still do not understand what is going on.  I appreciate any light anyone can shed on this matter.  Thanks.

        • 1. Re: Authentication using IdentityManager
          Arbi Sookazian Master

          The Identity Management API is new in Seam 2.1.  what version are you using?  In pre-2.1 Seam apps, you specified the authenticator method in the components.xml:

          <security:identity authenticate-method="#{authenticator.authenticate}"/>

          Most likely you're talking about Seam 2.1 b/c of the reference to @org.jboss.seam.annotations.security.management.UserPrincipal

          You can use JpaIdentityStore for both authentication (verify credentials) and authorization (role restriction).  You can also use LdapIdentityStore (e.g. to access data in Active Directory) in conjunction with JpaIdentityStore (e.g. the seamspace example uses this approach).  Unfortunately, it is difficult to fully understand the example apps and the new security API.  Your best bet is to implement authent/author using JpaIdentityStore only at first to keep things simple so you only have to deal with one repository at a time (in this case it's RDBMS tables).

          BTW, it's not SEAM (it's not an acronym)...

          • 2. Re: Authentication using IdentityManager
            Mike Brooks Newbie

            Yes, I am using Seam 2.1 and JpaIdentityStore for both users and roles defined in a MySQL database.  However, I am getting a 'Login Failed' message when using a valid username and password.  I am attempting to debug the situation but do not know what is being executed after I call identity.login() from the command button.  I found the message in the message properites but I am not sure what code detected that it was an unautherized login.
            I have commented out the authenticate-method in my components.xml since I am using Seam 2.1.  What code is adding the login failed message to the message queue?

            • 3. Re: Authentication using IdentityManager
              Oguzhan YALCIN Newbie

              You have to provide user entity and role entity for using JpaIdentitystore. If you want authenticate user according to jpaidentitystore you can find how to here . If you want more custom authentication and role based security you'd better write an identitystore which implements org.jboss.seam.security.management.IdentityStore .

              • 4. Re: Authentication using IdentityManager
                Mike Brooks Newbie

                I have looked at the documentation you referred to and it is still not obvious to me what happens.  I have created and annotated the user and role classes, but the command button in my login.xhtml executes identity.login().  The documentation you refer to references the JpaIdentityStore.EVENTUSERAUTHENTICATED event.  It does not go into 'Login Failed'
                Do I need an @Observer.  What black box am I going into when I call identity.login()?  Does it somehow execute the authenicate method in the jpaIdentityStore and what catches an invalid login?

                • 5. Re: Authentication using IdentityManager
                  Erdem Agaoglu Newbie

                  i bumped into same thing a while back. problem was username and password was not that valid. i mean i had added these values into the database manually, while they seem completely correct (tried both encrypted and plain) identityManager always disagreed. i overcame it by adding a user over identityManager.createUser in a utility function prior to try logging in. it may work for you too if you've added your users manually as well. if not you should provide more information, like your components.xml and some sources etc.

                  • 6. Re: Authentication using IdentityManager
                    Mike Brooks Newbie

                    Busted.  Yes I did add them manually into the db.  Thanks alot.  I still do not understand how the login process works, but it sounds like I have a new postive direction.  Thanks again Erdem.

                    • 7. Re: Authentication using IdentityManager
                      Oguzhan YALCIN Newbie

                      Hi mike,
                      Jpa Identity store has its' own methods for nearly everything possible on a user. You can find them here. If you like to change/add/remove stg you have to do it using your identitymanager for consistency. If you want to provide these functionality by yourself you better write your own identity store and use it.

                      • 8. Re: Authentication using IdentityManager
                        bledar aga Newbie
                        hi all, i'm using the same example and i have a problem with hash mode. In first I added username and password manually into db with hash="none", and login it's ok. when i change hash mode in md5 login failed! the same thing is with registering a new user. I can register a new user when hash="none" everythink is ok, when i change in hash="md5" or hash="sha" in annotation @UserPassword(hash = "md5") it doesn't work, i have this Exception java.lang.IllegalStateException: Could not commit transaction.
                        Enyone have i idea of this problem?