1 ) Issue i am facing is , seam application has a external component , here without authentication i am able to access the external component, i tried with the below approach ,
tried adding the below authentication filter in components.xml , but even this didn't work
<web:authentication-filter url-pattern="/test/resource/rest/*" auth-type="basic"/> ,
is there a way to restrict seam servlet (AbstractResource Class) from un-authorized users,
@Scope(ScopeType.APPLICATION)
@Name("imageProcessor")
/* @BypassInterceptors */
public class ImageProcessor extends AbstractResource {
is there any way pages.xml to add restrictions?
The above approach tried at frame work level , below I tried with other approach using sessionID ‘s which is at server level ,
2) I tried using sessionID to authenticate, but seam action is having a different sessionID and external component is having a different sessionID , then i tried adding the JsessionID in the response header as below , to sustain the same sessionID across the application , but here i was able to achieve getting same sessionID across the application, but being ideal for few minutes and then click the external component , then i am getting new sessionID , though i have configured session time out to 30 min .. which means the external component does not deal with session time out configured in web.xml.
- response.addHeader("SET-COOKIE", "JSESSIONID=" + request.getSession().getId() + ";path=/;");
the above issue is related to server side , which is Jboss EPP 4.3 , please suggest if there is a way to overcome the above issues , looking forward for the valuable inputs for the above issue ,
Thanks in advance!
