1 Reply Latest reply on Oct 30, 2010 4:33 PM by marcelkolsteren

Extending the openId login procedure

egulfi Oct 29, 2010 11:30 AM

Hello,

I have integrated openId as an authentication method in a Seam 2.2 application as suggested in the documentation. So far so good. Now I'd like to add the authorization part which requires retrieving the user roles from the database using the user id. For that purpose I have added the following bean to the project:

@Name("myopenid")
@Install(precedence = Install.BUILT_IN, classDependencies = "org.openid4java.consumer.ConsumerManager")
@Scope(ScopeType.SESSION)
public class CustomOpenId {

    @In Identity identity;
    @In @Out OpenId openId;
    @In(create=true) UserList userList;
     
    public boolean loginImmediately() {
        if (openId.loginImmediately()) {
             
       userList.getUser().setName(openId.getValidatedId());
       User aUser = userList.getSingleResult();
       if (aUser != null) {
           identity.addRole(aUser.getRole().getName());
           return true;
       } else {
           try {
                   openId.logout();
               } catch (ConsumerException e) {
                   e.printStackTrace();
               }
               identity.logout();
           }
       }
       return false;
   }
}

and created the following openid.page.xml

<?xml version="1.0" encoding="UTF-8"?>
<page xmlns="http://jboss.com/products/seam/pages"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.2.xsd">
 
    <navigation evaluate="#{myopenid.loginImmediately()}">
        <rule if-outcome="true">
            <redirect view-id="/home.xhtml">
                <message>OpenID login successful...</message>
            </redirect>
        </rule>
        <rule if-outcome="false">
            <redirect view-id="/home.xhtml">
                <message>OpenID login rejected...</message>
            </redirect>
        </rule>
    </navigation>

</page>

Unfortunately, when logging in, after a successful identity verification, I get the following exception

16:47:12,465 WARNING [lifecycle] JSF1053: (Listener: org.jboss.seam.security.openid.OpenIdPhaseListener.beforePhase(),
Phase ID: RENDER_RESPONSE 6,  View ID: /openid.xhtml) 
Exception thrown during phase-listener execution: 
javax.el.ELException: org.jboss.seam.RequiredException: @In attribute requires non-null value: myopenid.openId

and an HTTP 404 error on the browser for not being able to retrieve the openid.seam page.

Questions:

- is this the right approach for extending the openid login process?

- why is the myopenid.openid null?

Thanks in advance,

Enrico

1. Re: Extending the openId login procedure

marcelkolsteren Oct 30, 2010 4:33 PM (in response to egulfi)

I think that the name of the injected field openId should be openid (Seam component names are case sensitive).

By the way, did you also consider using the JBoss PicketLink Seam module, which supports the external authentication methods SAML and OpenID? It's described in this article:

How to add SAML and OpenID authentication to your Seam application

It has an extension point for adding roles to the principal (Step 6 in the article).
Actions