Shane (Seam Security Master):

I'm following instructions on extending the Seam Identity component (Seam 2.2.0.GA).

Following the most absolutely basic configuration, I'm simply overriding the login() method, outputting to the log, and then calling super.login().

@Name("org.jboss.seam.security.identity")
@Scope(ScopeType.SESSION)
@Install(precedence = Install.APPLICATION)
@BypassInterceptors
@Startup
public class AppIdentity extends Identity {

    private static final LogProvider log = Logging.getLogProvider(AppIdentity.class);

    @Override
    public String login()
    {
      log.info("###### CUSTOM LOGIN CALLED ######");
      return super.login();   
    }
}

When I login, however, Identity fails on line 328, inside of the Identity.authenticate() method.

Identity.authenticate() reads:

public synchronized void authenticate() 
      throws LoginException
   {
      // If we're already authenticated, then don't authenticate again
      if (!isLoggedIn() && !credentials.isInvalid())
      {
         principal = null;
         subject = new Subject();
         authenticate( getLoginContext() );
      }      
   }

The NPE on line 328 is on Credentials.  The Seam Debug page shows that Credentials is correctly configured, but AppIdentity doesn't seem to have the right reference to Credentials, even though I'm not overriding anything about Credentials.

Would you be able to explain why this is happening?  Thank you so much.

Here is our components.xml, just in case:

 <security:identity-manager identity-store="#{jpaIdentityStore}" role-identity-store="#{jpaIdentityStore}" />
    <security:rule-based-permission-resolver security-rules="#{securityRules}"/>
    <security:jpa-identity-store user-class="com.bah.englink.ejb.User"
                                 role-class="com.bah.englink.ejb.roles.AppRole"/>
    
   <drools:rule-base name="securityRules">
       <drools:rule-files>
           <value>/security.drl</value>
       </drools:rule-files>
   </drools:rule-base>