1 2 Previous Next 29 Replies Latest reply on Dec 11, 2009 4:50 PM by marcgemis

    Advance authentication

    itays100

      Hi all,


      The following code was taken from a user class which has seam security annotations:


      
      @UserPrincipal
          public String getUserName() {
              return this.userName;
          }
      
      @Email
          public String getEmail() {
              return this.email;
          }
      
      



      What i want to do is allowing the user use both username and email (to authenticate). Is there a way to do this ?


      Thanks!

        • 1. Re: Advance authentication
          kapitanpetko

          Itay Sahar wrote on Nov 23, 2009 22:06:


          What i want to do is allowing the user use both username and email (to authenticate). Is there a way to do this ?



          You need to override the JpaIdentityStore, it only supports username/password authentication.

          • 2. Re: Advance authentication
            itays100

            Ok. As i see it i need to override only the lookupUser method my query is lookup for the user also by email.
            See code below:


            
            @Name("org.jboss.seam.security.identityStore")
            @Install(precedence = Install.APPLICATION, value = false)
            @Scope(APPLICATION)
            @BypassInterceptors
            public class ExpandedJpaIdentityStore extends org.jboss.seam.security.management.JpaIdentityStore {
            
                 @In private EntityManager entityManager;
                 
                 @Override
                 public Object lookupUser(String username) {
            



            The debugger doesn't stop here. Do i miss somthing ? maybe in components.xml. H


            Thanks!

            • 3. Re: Advance authentication
              kapitanpetko

              How does your components.xml look like?

              • 4. Re: Advance authentication
                itays100

                Here it is. Please note i need to override only the lookupUser method and want my application use
                the original JpaIdentityStore. I put the same name of both component and sub and give my expanded component
                higer precedence. (APPLICATION).


                
                <transaction:entity-transaction entity-manager="#{entityManager}"/>
                                  
                    <persistence:entity-manager-factory name="bookingDatabase"/>
                    
                    <persistence:managed-persistence-context name="entityManager"
                                               auto-create="true" 
                                    entity-manager-factory="#{bookingDatabase}"/>
                
                     <factory name="hibernateSession" scope="STATELESS" auto-create="true"
                    value="#{entityManager.delegate}" />
                
                                    
                     <security:jpa-identity-store user-class="com.example.User" role-class="com.example.Role"/>                   
                             
                    <security:jpa-token-store token-class="com.example.security.AutoLoginToken"/>
                    <security:remember-me mode="autoLogin"/>
                
                



                Thanks!

                • 5. Re: Advance authentication
                  kapitanpetko

                  Looks OK to me. Remove the install=false part from your component to get it installed. Otherwise the one in components.xml will be installed (the default one).


                  @Install(precedence = Install.APPLICATION)
                  


                  • 6. Re: Advance authentication
                    itays100

                    Doesn't work. Seam version is 2.1.2. I guess you need change the JpaIdentityStore and remove install annotation to make it work.
                    But i prefer to avoid that right ?


                    See link to jira. This was a bug that fixed on 2.1.0.


                    Overridden components


                    • 7. Re: Advance authentication
                      itays100

                      Taken from tomcat log:


                      java.lang.IllegalStateException: Two components with the same name and precedence - component name: org.jboss.seam.security.identityStore, component classes: com.funder.model.businessobject.security.ExpandedJpaIdentityStore, org.jboss.seam.security.management.JpaIdentityStore

                      • 8. Re: Advance authentication
                        kapitanpetko

                        Itay Sahar wrote on Nov 27, 2009 16:29:


                        Doesn't work. Seam version is 2.1.2. I guess you need change the JpaIdentityStore and remove install annotation to make it work.
                        But i prefer to avoid that right ?

                        See link to jira. This was a bug that fixed on 2.1.0.

                        Overridden components



                        It wasn't actually fixed: 'Cannot Reproduce Bug'. You can simply remove the <security:jpa-identity-store> from components.xml and install your class instead. Something like (check the exact syntax):


                        <component class="mypackage.ExpandedJpaIdentityStore name="org.jboss.seam.security.identityStore" scope="APPLICATION" user-class="com.example.User" role-class="com.example.Role"/>   
                        

                        • 9. Re: Advance authentication
                          itays100

                          This work arround is working and i had to change the jpa-token-store
                          as well to:


                          
                          <component name="org.jboss.seam.security.tokenStore" scope="APPLICATION" class="org.jboss.seam.security.JpaTokenStore" token-class="com.example.security.AutoLoginToken"/>
                          
                          



                          It is not the best solution but the maximum we can do right?


                          • 10. Re: Advance authentication
                            itays100

                            It seams to me that override jpa-token-store is a must and i realy don't want to do it and i'm not sure what should be override.
                            I'm afraid seam security model create token from the annotated UserPrincipal and that's why remember me won't work.
                            See tomcat stack:


                            
                            javax.servlet.ServletException: #{identity.login}: java.lang.IllegalArgumentException: Control character in cookie value, consider BASE64 encoding your value
                                    at javax.faces.webapp.FacesServlet.service(FacesServlet.java:277)
                                    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
                                    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                                    at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
                                    at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40)
                            
                            

                            • 11. Re: Advance authentication
                              kapitanpetko

                              Is this the whole stack? What exactly is in your cookie?

                              • 12. Re: Advance authentication
                                itays100

                                First Cookie after launch the application (before login):


                                
                                name: JSESSIONID
                                info: C4C92082228DEBD2DD6242E40A6FED5E
                                host: localhost
                                path: /jboss-seam-jpa
                                
                                



                                After login with username (and remember me) another cookie for
                                localhost:


                                org.jboss.seam.security.authtoken
                                info: C4C92082228DEBD2DD6242E40A6FED5E
                                host: localhost
                                path: /jboss-seam-jpa
                                
                                



                                After logout (the cookie(the second) was deleted) i tried to login (with remember me) but now with email and remember me.
                                now that's failed full stack below:


                                
                                javax.servlet.ServletException: #{identity.login}: java.lang.IllegalArgumentException: Control character in cookie value, consider BASE64 encoding your value
                                     javax.faces.webapp.FacesServlet.service(FacesServlet.java:277)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
                                     org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                                     org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                                     org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                                     org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                                     org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178)
                                     org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)
                                     org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:390)
                                     org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:517)
                                     org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                                     org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
                                
                                root cause
                                
                                javax.faces.FacesException: #{identity.login}: java.lang.IllegalArgumentException: Control character in cookie value, consider BASE64 encoding your value
                                     com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:118)
                                     javax.faces.component.UICommand.broadcast(UICommand.java:387)
                                     org.ajax4jsf.component.AjaxViewRoot.processEvents(AjaxViewRoot.java:321)
                                     org.ajax4jsf.component.AjaxViewRoot.broadcastEvents(AjaxViewRoot.java:296)
                                     org.ajax4jsf.component.AjaxViewRoot.processPhase(AjaxViewRoot.java:253)
                                     org.ajax4jsf.component.AjaxViewRoot.processApplication(AjaxViewRoot.java:466)
                                     com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82)
                                     com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
                                     com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
                                     javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
                                     org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                                     org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                                     org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                                     org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                                     org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178)
                                     org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)
                                     org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:390)
                                     org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:517)
                                     org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                                     org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
                                
                                root cause
                                
                                javax.faces.el.EvaluationException: java.lang.IllegalArgumentException: Control character in cookie value, consider BASE64 encoding your value
                                     javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:102)
                                     com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
                                     javax.faces.component.UICommand.broadcast(UICommand.java:387)
                                     org.ajax4jsf.component.AjaxViewRoot.processEvents(AjaxViewRoot.java:321)
                                     org.ajax4jsf.component.AjaxViewRoot.broadcastEvents(AjaxViewRoot.java:296)
                                     org.ajax4jsf.component.AjaxViewRoot.processPhase(AjaxViewRoot.java:253)
                                     org.ajax4jsf.component.AjaxViewRoot.processApplication(AjaxViewRoot.java:466)
                                     com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82)
                                     com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
                                     com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
                                     javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
                                     org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                                     org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                                     org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                                     org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                                     org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178)
                                     org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)
                                     org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:390)
                                     org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:517)
                                     org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                                     org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
                                
                                root cause
                                
                                java.lang.IllegalArgumentException: Control character in cookie value, consider BASE64 encoding your value
                                     org.apache.tomcat.util.http.ServerCookie.maybeQuote2(ServerCookie.java:365)
                                     org.apache.tomcat.util.http.ServerCookie.maybeQuote2(ServerCookie.java:358)
                                     org.apache.tomcat.util.http.ServerCookie.appendCookieValue(ServerCookie.java:268)
                                     org.apache.catalina.connector.Response.addCookieInternal(Response.java:976)
                                     org.apache.catalina.connector.Response.addCookie(Response.java:945)
                                     org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:343)
                                     javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:58)
                                     org.ajax4jsf.webapp.FilterServletResponseWrapper.addCookie(FilterServletResponseWrapper.java:627)
                                     javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:58)
                                     org.jboss.seam.faces.Selector.setCookieValueIfEnabled(Selector.java:119)
                                     org.jboss.seam.security.RememberMe$UsernameSelector.setCookieValueIfEnabled(RememberMe.java:70)
                                     org.jboss.seam.security.RememberMe.postAuthenticate(RememberMe.java:388)
                                     sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                                     sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                                     sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                                     java.lang.reflect.Method.invoke(Method.java:585)
                                     org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
                                     org.jboss.seam.util.Reflections.invokeAndWrap(Reflections.java:144)
                                     org.jboss.seam.Component.callComponentMethod(Component.java:2253)
                                     org.jboss.seam.core.Events.raiseEvent(Events.java:85)
                                     org.jboss.seam.security.Identity.postAuthenticate(Identity.java:397)
                                     org.jboss.seam.security.Identity.authenticate(Identity.java:345)
                                     org.jboss.seam.security.Identity.authenticate(Identity.java:332)
                                     org.jboss.seam.security.Identity.login(Identity.java:259)
                                     sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                                     sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                                     sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                                     java.lang.reflect.Method.invoke(Method.java:585)
                                     org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:335)
                                     org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:348)
                                     org.jboss.el.parser.AstPropertySuffix.invoke(AstPropertySuffix.java:58)
                                     org.jboss.el.parser.AstValue.invoke(AstValue.java:96)
                                     org.jboss.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276)
                                     com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68)
                                     javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88)
                                     com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
                                     javax.faces.component.UICommand.broadcast(UICommand.java:387)
                                     org.ajax4jsf.component.AjaxViewRoot.processEvents(AjaxViewRoot.java:321)
                                     org.ajax4jsf.component.AjaxViewRoot.broadcastEvents(AjaxViewRoot.java:296)
                                     org.ajax4jsf.component.AjaxViewRoot.processPhase(AjaxViewRoot.java:253)
                                     org.ajax4jsf.component.AjaxViewRoot.processApplication(AjaxViewRoot.java:466)
                                     com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82)
                                     com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
                                     com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
                                     javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
                                     org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                                     org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                                     org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                                     org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                                     org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178)
                                     org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)
                                     org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:390)
                                     org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:517)
                                     org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)
                                     org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                                     org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
                                
                                
                                


                                • 13. Re: Advance authentication
                                  kapitanpetko

                                  This might have to do with the username having an '@' character in it. Set a breakpoint at RememberMe.java:70 to see what exactly gets set as a cookie. The output is supposed to be Base64 (Cf. RememberMe.encodeToken, so no control chars, but apparently something's wrong...

                                  • 14. Re: Advance authentication
                                    itays100

                                    It might be the case! cause once i login with email and rememberMe i got the exception.Seam failed on setting the cookie in case of email address. It looks to me that the encoding being used on remember is not useful.


                                    Override remember me as well ? if yes which encoding should we use instead.
                                    In addition, we should add a bug to jira about this as well.

                                    1 2 Previous Next