1 ) Issue i am facing is , seam application has a external component , here without authentication i am able to access the external component, i tried with the below approach ,
tried adding the below authentication filter in components.xml , but even this didn't work
<web:authentication-filter url-pattern="/test/resource/rest/*" auth-type="basic"/> ,
is there a way to restrict seam servlet (AbstractResource Class) from un-authorized users,
@Scope(ScopeType.APPLICATION)
@Name("imageProcessor")
/* @BypassInterceptors */
public class ImageProcessor extends AbstractResource {
is there any way pages.xml to add restrictions?
The above approach tried at frame work level , below I tried with other approach using sessionID ‘s which is at server level ,
2) I tried using sessionID to authenticate, but seam action is having a different sessionID and external component is having a different sessionID , then i tried adding the JsessionID in the response header as below , to sustain the same sessionID across the application , but here i was able to achieve getting same sessionID across the application, but being ideal for few minutes and then click the external component , then i am getting new sessionID , though i have configured session time out to 30 min .. which means the external component does not deal with session time out configured in web.xml.
the above issue is related to server side , which is Jboss EPP 4.3 , please suggest if there is a way to overcome the above issues , looking forward for the valuable inputs for the above issue ,
Thanks in advance!