I have a Seam application that have to use an external one to login. The logic is as follows:
- My app sends user to external SSO URL
- User provides credentials there and what it takes
- On success, the external app redirects user back to my app with a random token
- My code should contact the external app via HTTP with the passed token and get complete user information in return
Pretty straightforward. But I'm stuck.
The redirect is coming to /seam/resources/token. I was intended to get Identity from the session, populate it with token, and authenticate. But in the resource handler the user session is apparently not visible: session context is null. :(
I tried to do LifeCycle.beginCall there, and it works in a sense: authentication logic works, but the result never get available to the user (user's session still has empty Identity).
What do I do wrong?
P.S. Here is more or less complete code of my resource handler. Logging and other unrelated stuff removed for brevety.
@Scope(ScopeType.APPLICATION) @Name("tokenResource") // @BypassInterceptors public class TokenResource extends AbstractResource { @Override public String getResourcePath() { return "/token"; } @Override public void getResource(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException { String token = request.getParameter("token"); // woot? Lifecycle.beginCall(); Identity identity = Identity.instance(); MyIdentity mid = (MyIdentity) identity; mid.setToken(token); mid.login(); response.sendRedirect("/home.seam"); } }