12 Replies Latest reply on Oct 18, 2011 6:05 PM by numerico

    call seam authenticate within javabean

    scphantm.scphantm.gmail.com

      in my app, i have a special requirement.  each copy of it is configurable to either log in automatically with a user and pass in the faces-config.xml (its a parameter on a managed bean).  the home.xhtml is set to require a login in the pages.xml which automatically routs the person to the login page the first time.  then for the login.xhtml page in my pages.xml i added this line



      <action execute="#{configBean.authenticateConfigUser}" if="#{configBean.autoLogin}"/>




      configBean is an old school managed javabean that is packaged in the war within the ear.  one other special requirement of my app is the ear has to host multiple, possibly dozens of war files within it, thats why i used the faces-config method, that way i can change the setting for each copy of the ear.


      so i have all of this configured and running great so far.  so my authenticateConfigUser method in my old school javabean will be fired if autologin is true as soon as the login.xhtml is called and that method will authenticate my user automatically thru the standard seam pojo. 


      now my problem, how do i make that method work?  what i have to do is have an old school javabean create the credentials and identity object, inject them into the seam authenticate pojo, authenticate my user using the user/pass combo contained in my old school javabean, and forward him back to the home.xhtml.


      the last requirement is if the autologin is false, it has to work the old fashioned way, which is no problem.  i have that working great, but i need it to work automatically as well.


      thanks


        • 1. Re: call seam authenticate within javabean
          scphantm.scphantm.gmail.com

          i tried converting the authenticator into an EJB3.  my managed bean calls the ejb correctly and runs the authenticate method.  it authenticates correctly but for some reason i can't figure out why the seam framework won't recognize the fact the authenticator was run.  im sure its because im bypassing seam in the process but i need to know how to make this work.  this is pretty critical for my project.

          • 2. Re: call seam authenticate within javabean
            swd847

            Seam does not really support multiple wars in ears. A summary of the issues can be found in my post here. This will hopefully be fixed soon.

            • 3. Re: call seam authenticate within javabean
              scphantm.scphantm.gmail.com

              well even if i go to the one war per, i still need the ability to have it automatically log in like this.  in this app security is being done by hardware in some cases and via web login in others.  i can live with multiple ears instead of wars, but when i have this hosted in an appliance system, i need it to log in automatically when powered on.

              • 4. Re: call seam authenticate within javabean
                scphantm.scphantm.gmail.com

                come on guys, please, there's got to be a way to authenticate a user without using a web form.  ideas?  how do i call this ejb3 and have it authenticate the user i send it.

                • 5. Re: call seam authenticate within javabean
                  niox.nikospara.yahoo.com

                  Hello,


                  I am no expert in this, but it probably works like this: As per Seam specs, par.15.3.1 Seam uses a built-in JAAS login module, SeamLoginModule, which delegates authentication to one of your own Seam components. So you have to have an authenticator component with the boolean authenticate() method to do manual authentication through Seam.


                  In your case however, you would need an additional method, say customAuthenticate(), that would acquire the active SeamLoginModule (JNDI? this is app-server specific), provide it with the necessary Callbacks, and call login(). Then login() would delegate to the authenticator component as normally and the entire Seam mechanism would be called, so that manual authentication should succeed.


                  Finally I suggest you put the customAuthenticate() method in a Seam component, not a plain JSF managed bean, just to be on the safe side.

                  • 6. Re: call seam authenticate within javabean
                    scphantm.scphantm.gmail.com

                    I have a customAuthenticate method already.  didn't think to pull the SeamLoginModule.  i will check the jndi tree for the app and see if its listed there. 


                    is there any documentation written on how to work with that module directly?  maybe in the dev documents somewhere?

                    • 7. Re: call seam authenticate within javabean
                      niox.nikospara.yahoo.com

                      Hello again,


                      Investigating a little further shows that the class org.jboss.seam.security.Identity implements this kind of logic. It also says in the class Javadocs: Subclasses may add more sophisticated permissioning mechanisms. Perhaps you should write a component that extends this class and replaces the default Identity.

                      • 8. Re: call seam authenticate within javabean
                        scphantm.scphantm.gmail.com

                        i don't think thats my problem.  i can already create the identity and authenticate it against my database using the managed bean and the authenticator as an ebj3.  my problem is once its authenticated, i guess, that ejb3 does not inject that identity into the seam framework, or maybe its not injecting it into jaas.


                        least i think thats the problem im having.


                        if i do the authentication directly into jaas, would that trickle down into seam correctly?

                        • 9. Re: call seam authenticate within javabean
                          niox.nikospara.yahoo.com
                          if i do the authentication directly into jaas, would that trickle down into seam correctly?


                          I guess it should. But this is what Identity is doing.


                          As I said before, I am not an expert on this. If I were you, I would deploy a Seam example with authentication and debug into Seam classes a little. And play a bit with Identity.login() method.


                          Sorry I have no more ideas on this.

                          • 10. Re: call seam authenticate within javabean
                            scphantm.scphantm.gmail.com

                            my answer ended up coming from the seam Identity source code.



                                 public String authenticateConfigUser()
                                 {
                                      PageNames returnpage;
                            
                                      logger.debug("The authenticator fired");
                            
                                      Identity idt = Identity.instance();
                                      Credentials credentials = (Credentials) Component.getInstance(Credentials.class);
                            
                                      credentials.setUsername("Admin");
                                      credentials.setPassword("pass");
                                      String val = idt.login();
                            
                                      if (val == null)
                                           returnpage = PageNames.ERROR;
                                      else
                                           returnpage = PageNames.HOME;
                            
                                      return returnpage.toString();
                                 }



                            • 11. Re: call seam authenticate within javabean
                              numerico

                              What about this very same on Seam 3?
                              As apparently you cannot instance Identity any more, and injecting Credentials setUsername is still available but not setPassword, which I guess must have been deprecated in favour of setCredential.
                              However setCredential will receive an object of type org.picketlink.idm.api.Credential which cannot be instantiated...
                              May be i'm just confused being a seam rookie... any ideas would be welcome.
                              Thanks!

                              • 12. Re: call seam authenticate within javabean
                                numerico

                                Update: Nor can it be casted from CredentialImpl which's the default implementation of the Credential interface; though the class does have setPassword method, it won't do.