2 Replies Latest reply on Mar 5, 2012 2:11 AM by alessandro.montanari

    How to get the current logged in user from jsf using seam and jboss security?

    alessandro.montanari
    alessandro.montanari Mar 2, 2012 11:34 AM

      Hi everyone,

      I'm quite new in jboss and seam development and maybe I'm missing something very easy but I read a lot of posts here and I still can not get the solution, so thanks for help me

       

      The situation:

      I created an EJB application with a method level security, so I wrote my application policy like this:

      <application-policy xmlns="urn:jboss:security-beans:1.0" name="myalma-security-domain">
 <authentication>

  <login-module code="org.jboss.security.ClientLoginModule" flag="required">
       <module-option name="restore-login-identity">true</module-option>
  </login-module>

  <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
  <module-option name="dsJndiName">java:/myalma-ds</module-option>
                                        ...
  </login-module>
  </authentication>
  </application-policy>

       

      And then I annoted all EJB's methods in the proper way. Everything works here.

       

      Then I created a web app that uses the EJB components and Seam, now I removed all settings about Seam security beacuse I want to use the same policy as before, so I added to web.xml those lines

      <security-constraint>
  <display-name>Restrict raw XHTML Documents</display-name>
  <web-resource-collection>
  <web-resource-name>XHTML</web-resource-name>
  <url-pattern>/*</url-pattern>
  <url-pattern>/layout/*</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name>admin</role-name>
  </auth-constraint>
  </security-constraint>

  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/MyLogin.xhtml</form-login-page>
  <form-error-page>/error.xhtml</form-error-page>
  </form-login-config>
  </login-config>

  <security-role>
  <role-name>admin</role-name>
  </security-role>

       

      I also added this line in jboss-web.xml

        <security-domain>java:/jaas/myalma-security-domain</security-domain>

       

      And MyLogin.xhtml is:

       

      ...
<body>
  <form name="loginForm" method="post" action="j_security_check">
  <table>
                              <tr>
                                        <td>User Name:</td>
  <td><input type="text" name="j_username"/></td>
                              </tr>
                              <tr>
                                        <td>Password:</td>
  <td><input type="password" name="j_password"/></td>
                              </tr>
  <tr colspan="2">
  <td><input type="submit" value="login"/></td>
                              </tr>
  </table>
  </form>
</body>
...

       

      The login works fine: i can access to pages only if the user has the admin role.

       

      My question now is: how can I get the username of the current logged in user from a jsf?

      I tried in many different ways like:

      - #{request.userPrincipal.name}

      - #{servletContexts.request.userPrincipal.name}

      - #{servletContexts.request.remoteUser}

      - etc.

      but I get always null.

       

      I'm using jboss 6.1.0.Final and Seam 2.2.2.Final

       

      Really thanks for help.

        • 1. Re: How to get the current logged in user from jsf using seam and jboss security?
          kragoth
          kragoth Mar 4, 2012 7:04 PM (in response to alessandro.montanari)

          I'm really no expert in the area you are dealing with here but, have you tried just the standard "#{identity.username}"?

            • Actions
          • 2. Re: How to get the current logged in user from jsf using seam and jboss security?
            alessandro.montanari
            alessandro.montanari Mar 5, 2012 2:11 AM (in response to kragoth)

            Yes I tried, but I think that way works only if you use the Seam security and, instead, I'm using the Jboss security, so it doesn't work.

             

            Now I found a kind of work around using a SLSB like this:

            @Name("userHelper")
            @Stateless
            @Remote(IUserHelper.class)
            public class UserHelper implements IUserHelper
            {
                   @Resource
                      SessionContext context;
              
                      public String getMail()
                      {
                                return context.getCallerPrincipal().getName();
                      }
              
                      public boolean isLogged()
                      {
                                return context.getCallerPrincipal() != null;
                      }
             
                   @Override
                      public boolean isUserInRole(String roleName) 
                      {
                                return context.isCallerInRole(roleName);
                      }
             
            }

             

            However I think there is an easier way to do that.

              • Actions