-
1. Re: Advance authentication
kapitanpetko Nov 24, 2009 3:35 AM (in response to itays100)
Itay Sahar wrote on Nov 23, 2009 22:06:
What i want to do is allowing the user use both username and email (to authenticate). Is there a way to do this ?You need to override the JpaIdentityStore, it only supports username/password authentication.
-
2. Re: Advance authentication
itays100 Nov 26, 2009 12:03 AM (in response to itays100)Ok. As i see it i need to override only the lookupUser method my query is lookup for the user also by email.
See code below:@Name("org.jboss.seam.security.identityStore") @Install(precedence = Install.APPLICATION, value = false) @Scope(APPLICATION) @BypassInterceptors public class ExpandedJpaIdentityStore extends org.jboss.seam.security.management.JpaIdentityStore { @In private EntityManager entityManager; @Override public Object lookupUser(String username) {
The debugger doesn't stop here. Do i miss somthing ? maybe in components.xml. H
Thanks!
-
3. Re: Advance authentication
kapitanpetko Nov 26, 2009 3:50 AM (in response to itays100)How does your components.xml look like?
-
4. Re: Advance authentication
itays100 Nov 26, 2009 4:15 PM (in response to itays100)Here it is. Please note i need to override only the lookupUser method and want my application use
the original JpaIdentityStore. I put the same name of both component and sub and give myexpanded
component
higer precedence. (APPLICATION).<transaction:entity-transaction entity-manager="#{entityManager}"/> <persistence:entity-manager-factory name="bookingDatabase"/> <persistence:managed-persistence-context name="entityManager" auto-create="true" entity-manager-factory="#{bookingDatabase}"/> <factory name="hibernateSession" scope="STATELESS" auto-create="true" value="#{entityManager.delegate}" /> <security:jpa-identity-store user-class="com.example.User" role-class="com.example.Role"/> <security:jpa-token-store token-class="com.example.security.AutoLoginToken"/> <security:remember-me mode="autoLogin"/>
Thanks!
-
5. Re: Advance authentication
kapitanpetko Nov 27, 2009 2:57 AM (in response to itays100)Looks OK to me. Remove the install=false part from your component to get it installed. Otherwise the one in components.xml will be installed (the default one).
@Install(precedence = Install.APPLICATION)
-
6. Re: Advance authentication
itays100 Nov 27, 2009 4:29 PM (in response to itays100)Doesn't work. Seam version is 2.1.2. I guess you need change the JpaIdentityStore and remove install annotation to make it work.
But i prefer to avoid that right ?See link to jira. This was a bug that fixed on 2.1.0.
-
7. Re: Advance authentication
itays100 Nov 27, 2009 4:31 PM (in response to itays100)Taken from tomcat log:
java.lang.IllegalStateException: Two components with the same name and precedence - component name: org.jboss.seam.security.identityStore, component classes: com.funder.model.businessobject.security.ExpandedJpaIdentityStore, org.jboss.seam.security.management.JpaIdentityStore
-
8. Re: Advance authentication
kapitanpetko Nov 28, 2009 4:44 AM (in response to itays100)
Itay Sahar wrote on Nov 27, 2009 16:29:
Doesn't work. Seam version is 2.1.2. I guess you need change the JpaIdentityStore and remove install annotation to make it work.
But i prefer to avoid that right ?
See link to jira. This was a bug that fixed on 2.1.0.
Overridden componentsIt wasn't actually fixed: 'Cannot Reproduce Bug'. You can simply remove the <security:jpa-identity-store> from components.xml and install your class instead. Something like (check the exact syntax):
<component class="mypackage.ExpandedJpaIdentityStore name="org.jboss.seam.security.identityStore" scope="APPLICATION" user-class="com.example.User" role-class="com.example.Role"/>
-
9. Re: Advance authentication
itays100 Nov 29, 2009 1:03 AM (in response to itays100)This work arround is working and i had to change the jpa-token-store
as well to:<component name="org.jboss.seam.security.tokenStore" scope="APPLICATION" class="org.jboss.seam.security.JpaTokenStore" token-class="com.example.security.AutoLoginToken"/>
It is not the best solution but the maximum we can do right?
-
10. Re: Advance authentication
itays100 Nov 29, 2009 1:21 AM (in response to itays100)It seams to me that override jpa-token-store is a must and i realy don't want to do it and i'm not sure what should be override.
I'm afraid seam security model create token from the annotated UserPrincipal and that's why remember me won't work.
See tomcat stack:javax.servlet.ServletException: #{identity.login}: java.lang.IllegalArgumentException: Control character in cookie value, consider BASE64 encoding your value at javax.faces.webapp.FacesServlet.service(FacesServlet.java:277) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40)
-
11. Re: Advance authentication
kapitanpetko Nov 29, 2009 5:01 AM (in response to itays100)Is this the whole stack? What exactly is in your cookie?
-
12. Re: Advance authentication
itays100 Nov 29, 2009 10:27 PM (in response to itays100)First Cookie after launch the application (before login):
name: JSESSIONID info: C4C92082228DEBD2DD6242E40A6FED5E host: localhost path: /jboss-seam-jpa
After login with username (and remember me) another cookie for
localhost:org.jboss.seam.security.authtoken info: C4C92082228DEBD2DD6242E40A6FED5E host: localhost path: /jboss-seam-jpa
After logout (the cookie(the second) was deleted) i tried to login (with remember me) but now with email and remember me.
now that's failed full stack below:javax.servlet.ServletException: #{identity.login}: java.lang.IllegalArgumentException: Control character in cookie value, consider BASE64 encoding your value javax.faces.webapp.FacesServlet.service(FacesServlet.java:277) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178) org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290) org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:390) org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:517) org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) root cause javax.faces.FacesException: #{identity.login}: java.lang.IllegalArgumentException: Control character in cookie value, consider BASE64 encoding your value com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:118) javax.faces.component.UICommand.broadcast(UICommand.java:387) org.ajax4jsf.component.AjaxViewRoot.processEvents(AjaxViewRoot.java:321) org.ajax4jsf.component.AjaxViewRoot.broadcastEvents(AjaxViewRoot.java:296) org.ajax4jsf.component.AjaxViewRoot.processPhase(AjaxViewRoot.java:253) org.ajax4jsf.component.AjaxViewRoot.processApplication(AjaxViewRoot.java:466) com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82) com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100) com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118) javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178) org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290) org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:390) org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:517) org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) root cause javax.faces.el.EvaluationException: java.lang.IllegalArgumentException: Control character in cookie value, consider BASE64 encoding your value javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:102) com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102) javax.faces.component.UICommand.broadcast(UICommand.java:387) org.ajax4jsf.component.AjaxViewRoot.processEvents(AjaxViewRoot.java:321) org.ajax4jsf.component.AjaxViewRoot.broadcastEvents(AjaxViewRoot.java:296) org.ajax4jsf.component.AjaxViewRoot.processPhase(AjaxViewRoot.java:253) org.ajax4jsf.component.AjaxViewRoot.processApplication(AjaxViewRoot.java:466) com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82) com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100) com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118) javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178) org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290) org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:390) org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:517) org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) root cause java.lang.IllegalArgumentException: Control character in cookie value, consider BASE64 encoding your value org.apache.tomcat.util.http.ServerCookie.maybeQuote2(ServerCookie.java:365) org.apache.tomcat.util.http.ServerCookie.maybeQuote2(ServerCookie.java:358) org.apache.tomcat.util.http.ServerCookie.appendCookieValue(ServerCookie.java:268) org.apache.catalina.connector.Response.addCookieInternal(Response.java:976) org.apache.catalina.connector.Response.addCookie(Response.java:945) org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:343) javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:58) org.ajax4jsf.webapp.FilterServletResponseWrapper.addCookie(FilterServletResponseWrapper.java:627) javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:58) org.jboss.seam.faces.Selector.setCookieValueIfEnabled(Selector.java:119) org.jboss.seam.security.RememberMe$UsernameSelector.setCookieValueIfEnabled(RememberMe.java:70) org.jboss.seam.security.RememberMe.postAuthenticate(RememberMe.java:388) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:585) org.jboss.seam.util.Reflections.invoke(Reflections.java:22) org.jboss.seam.util.Reflections.invokeAndWrap(Reflections.java:144) org.jboss.seam.Component.callComponentMethod(Component.java:2253) org.jboss.seam.core.Events.raiseEvent(Events.java:85) org.jboss.seam.security.Identity.postAuthenticate(Identity.java:397) org.jboss.seam.security.Identity.authenticate(Identity.java:345) org.jboss.seam.security.Identity.authenticate(Identity.java:332) org.jboss.seam.security.Identity.login(Identity.java:259) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:585) org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:335) org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:348) org.jboss.el.parser.AstPropertySuffix.invoke(AstPropertySuffix.java:58) org.jboss.el.parser.AstValue.invoke(AstValue.java:96) org.jboss.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276) com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68) javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88) com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102) javax.faces.component.UICommand.broadcast(UICommand.java:387) org.ajax4jsf.component.AjaxViewRoot.processEvents(AjaxViewRoot.java:321) org.ajax4jsf.component.AjaxViewRoot.broadcastEvents(AjaxViewRoot.java:296) org.ajax4jsf.component.AjaxViewRoot.processPhase(AjaxViewRoot.java:253) org.ajax4jsf.component.AjaxViewRoot.processApplication(AjaxViewRoot.java:466) com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82) com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100) com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118) javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178) org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290) org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:390) org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:517) org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56) org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
-
13. Re: Advance authentication
kapitanpetko Nov 30, 2009 3:10 AM (in response to itays100)This might have to do with the username having an '@' character in it. Set a breakpoint at RememberMe.java:70 to see what exactly gets set as a cookie. The output is supposed to be Base64 (Cf. RememberMe.encodeToken, so no control chars, but apparently something's wrong...
-
14. Re: Advance authentication
itays100 Nov 30, 2009 10:11 AM (in response to itays100)It might be the case! cause once i login with email and rememberMe i got the exception.Seam failed on setting the cookie in case of email address. It looks to me that the encoding being used on remember is not useful.
Override remember me as well ? if yes which encoding should we use instead.
In addition, we should add a bug to jira about this as well.