3 Replies Latest reply on Jan 22, 2010 10:12 PM by cbensemann

    Seam Security Question

    jpalmer1026.jpalmer1026.mchsi.com

      I have some custom logic that I would like to execute during authentication, so I created the following class.



      public class LoginObserver {
      
           @In
           AdventUser adventUser;
      
           @Observer("org.jboss.seam.security.postAuthenticate")
           public void updateUserStats() {
                adventUser.setLastLogin(Calendar.getInstance().toString());
                adventUser.setNumVisits(adventUser.getNumVisits() + 1);
           }
      }



      The problem that I'm facing is that the observer method doesn't appear to be getting called. Perhaps I'm misunderstanding the documentation, but shouldn't this method be getting called at the end of the authentication process, when the security subject is fully initialized? Is there a different even that I should be calling instead?

        • 1. Re: Seam Security Question
          jpalmer1026.jpalmer1026.mchsi.com

          I figured out part of the problem. I forgot to make the LoginObserver class a component by adding @Name, so at least now the updateUserStats() method is getting called. The problem I'm now experiencing is related to getting a handle to the user object. When I try to inject the user using the @In annotation, I receive an exception stating that the In attribute requires a non-null value. Does anyone know how I can get a handle to the user object in this scenario?

          • 2. Re: Seam Security Question
            lvdberg

            Hi,


            For every  @In in LoginObserver you should have an @Out somewhere else. Or you should autocreate the object. Because you're stating that you're doing this in the authenticator, the thing which occurs me is that you're sending the event too early. Try using raise the event after transaction succesfully completed  Another  option is sending the object together with the event.


            Leo 

            • 3. Re: Seam Security Question
              cbensemann

              I do a similar thing in some of my projects. I need to perform some action on the User object after logging in. I use the JpaIdentityStore.EVENT_USER_AUTHENTICATED event as it passes the User object in the event.


              You would probably want to do something like:


              @Observer(value = { JpaIdentityStore.EVENT_USER_AUTHENTICATED })
                  public void postAuthenticateListener(final User user) {
                      // do stuff with user.....
                  }