1 Reply Latest reply on Mar 20, 2009 11:06 AM by pdepaepe

    HTTP Basic Authentication & mod_proxy

    pdepaepe
      Hello,

      I have some troubles with the following case. My customer want to keep full control on authentication. The facts are:

      Frontal Apache VirtualHost with mod_proxy rules to my seam application.
      Mod_authz_ldap on this VirtualHost to require valid-user againts customer directory.


      So my wish is to auto-login any accepted user from this proxified VirtualHost on the seam application.

      I set this on pages.xml

      `<page view-id="*">
         <execute action="{identity.login()}" if="{!identity.loggedIn}"/>
      </page>`

      And my Authenticator.Authenticate method simply decode the authorization http header String to get the username. Accept it if it exists in local databse, send 403 Faces context Response if not.

      Well everything works fine (pages.xml, Restrict annotations ...), except that i have serious problems with EntityManager and Session Scoped Bean throwings multiple MethodNotSupportedException on EntityManager.merge() calls.

      Using the entityManager.delegate() methods instead will work but it is certainly not secure at all.

      So my questions are :

      - is there a simpliest method to authenticate users against an HTTP authorization token herited from a proxy?
      - why entityManager.merge() (not persist, delete or update), throws me on each call a MethodNotSupportedException when everything else seems to work perfectly.

      Thank you very much for your help.