1 2 3 Previous Next 36 Replies Latest reply on Jan 18, 2007 9:57 AM by Thomas März

    Invitation to try new Seam authentication features

    Shane Bryzak Master

      I'd like to invite people to try out (and hopefully provide some feedback) on the security features that are currently under development in CVS. At this stage the authentication features are in a usable form and the next step is to determine the best way to implement authorization. I've been keeping an eye on the various discussions on the forum about how authorization should work (permissions vs jaas roles, etc) and would like to produce a definitive set of requirements that hopefully can be satisfied by an eventual implementation.

      I've put together a rough guide on the wiki on how to configure authentication here: http://wiki.jboss.org/wiki/Wiki.jsp?page=SeamAuthenticationGuide

      There is also a very basic example of this stuff in the /examples/security directory.

      I'm looking forward to hearing from people's experience.

        • 1. Re: Invitation to try new Seam authentication features
          None None Master

          Wow, I was just now sitting down and thinking, "Ok, I have all these cool roles (customers, admin, salesmen, etc) in my app, and now I need to make sure they can only do the things they are allowed to do. I am dreading learning JAAS."

          Should I try out your system? Is there a Seam build I can use for this, or do I need to grab the cvs and build it?

          • 2. Re: Invitation to try new Seam authentication features
            Shane Bryzak Master

            This stuff only exists in CVS at the moment, and yes, you should try it :)

            • 3. Re: Invitation to try new Seam authentication features
              Michael Steiner Newbie

              I've followed instructions on wiki and I get exceptions:

              10:05:14,037 ERROR [ExceptionInterceptor] redirecting to debug page
              java.lang.IllegalStateException: No Authentication could be created, make sure the Component exists in session scope
               at org.jboss.seam.security.Authentication.instance(Authentication.java:35)
               at org.jboss.seam.security.adapter.jboss.JBossAuthenticationAdapter.beginRequest(JBossAuthenticationAdapter.java:23)
               at org.jboss.seam.security.authenticator.Authenticator.beginRequest(Authenticator.java:84)
               at org.jboss.seam.security.authenticator.ProviderAuthenticator$$EnhancerByCGLIB$$1599b0c6.CGLIB$beginRequest$3(<generated>)
               at org.jboss.seam.security.authenticator.ProviderAuthenticator$$EnhancerByCGLIB$$1599b0c6$$FastClassByCGLIB$$4d718543.invoke(<generated>)
               at net.sf.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:167)
               at org.jboss.seam.interceptors.JavaBeanInterceptor$1.proceed(JavaBeanInterceptor.java:87)
               at org.jboss.seam.interceptors.SeamInvocationContext.proceed(SeamInvocationContext.java:54)
               at org.jboss.seam.interceptors.ValidationInterceptor.validateTargetComponent(ValidationInterceptor.java:64)
               at sun.reflect.GeneratedMethodAccessor179.invoke(Unknown Source)
               at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
               at java.lang.reflect.Method.invoke(Method.java:585)
               at org.jboss.seam.util.Reflections.invoke(Reflections.java:17)
               at org.jboss.seam.interceptors.Interceptor.aroundInvoke(Interceptor.java:125)
               at org.jboss.seam.interceptors.SeamInvocationContext.proceed(SeamInvocationContext.java:61)
               at org.jboss.seam.interceptors.OutcomeInterceptor.interceptOutcome(OutcomeInterceptor.java:21)
               at sun.reflect.GeneratedMethodAccessor178.invoke(Unknown Source)
               at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
               at java.lang.reflect.Method.invoke(Method.java:585)
               at org.jboss.seam.util.Reflections.invoke(Reflections.java:17)
               at org.jboss.seam.interceptors.Interceptor.aroundInvoke(Interceptor.java:125)
               at (...)


              Where could be a problem ?




              • 4. Re: Invitation to try new Seam authentication features
                Carsten Hoehne Master

                Hello,
                when deploying the sample application i got an exception:

                13:25:09,078 ERROR [[/seam-security]] Exception sending context initialized event to listener instance of class org.jboss.seam.servlet.SeamListener
                java.lang.RuntimeException: error while reading components.xml
                 at org.jboss.seam.init.Initialization.initPropertiesFromXml(Initialization.java:332)
                 at org.jboss.seam.init.Initialization.<init>(Initialization.java:228)
                 at org.jboss.seam.servlet.SeamListener.contextInitialized(SeamListener.java:32)
                 at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3729)
                 at
                [...]
                Caused by: java.lang.ClassNotFoundException: No ClassLoaders found for: org.jboss.seam.security.ThreadLocalAuthenticationContext
                 at org.jboss.mx.loading.LoadMgr3.beginLoadTask(LoadMgr3.java:306)
                 at org.jboss.mx.loading.RepositoryClassLoader.loadClassImpl(RepositoryClassLoader.java:511)
                 at org.jboss.mx.loading.RepositoryClassLoader.loadClass(RepositoryClassLoader.java:405)
                 at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
                 at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
                 at java.lang.Class.forName0(Native Method)
                 at java.lang.Class.forName(Class.java:164)
                 at org.jboss.seam.util.Reflections.classForName(Reflections.java:123)
                 at org.jboss.seam.init.Initialization.installComponent(Initialization.java:376)
                 at org.jboss.seam.init.Initialization.initPropertiesFromXml(Initialization.java:292)
                 ... 140 more
                

                As of now i have the latest cvs code base, but i can not find org.jboss.seam.security.ThreadLocalAuthenticationContext

                Ciao,
                Carsten


                • 5. Re: Invitation to try new Seam authentication features
                  Shane Bryzak Master

                   

                  "msteiner" wrote:
                  I've followed instructions on wiki and I get exceptions:


                  When does this exception occur? Does the example app work?

                  • 6. Re: Invitation to try new Seam authentication features
                    Shane Bryzak Master

                     

                    "baz" wrote:

                    As of now i have the latest cvs code base, but i can not find org.jboss.seam.security.ThreadLocalAuthenticationContext

                    Ciao,
                    Carsten


                    I still had a reference to this deleted class in the example app which I've now removed. You can either delete this line from components.xml or get latest from CVS.

                    • 7. Re: Invitation to try new Seam authentication features
                      Michael Steiner Newbie

                       


                      When does this exception occur?

                      Each time when I access any page in my application

                      Does the example app work?


                      Yes it works perfect.

                      Where Authentication component should be created ?

                      • 8. Re: Invitation to try new Seam authentication features
                        Carsten Hoehne Master

                        Thanks,
                        the example app is now working.

                        A questiion: Is this security framework applicable in a pure tomcat environment.
                        I do have a seam app running on a tomcat where hibernate is running in the jboss microcontainer. This app was dewrived from the seam hibernate example.
                        Ciao,
                        Carsten

                        • 9. Re: Invitation to try new Seam authentication features
                          Shane Bryzak Master

                           

                          "msteiner" wrote:

                          When does this exception occur?

                          Each time when I access any page in my application

                          Does the example app work?


                          Yes it works perfect.

                          Where Authentication component should be created ?


                          Authenticator.beginRequest() should only ever be called from the Lifecycle class, and currently if it throws any exceptions they are simply swallowed by a try..catch block. Would it be possible for you to submit a simple test case to JIRA that replicates this exception?

                          • 10. Re: Invitation to try new Seam authentication features
                            Shane Bryzak Master

                             

                            "baz" wrote:
                            Thanks,
                            the example app is now working.

                            A questiion: Is this security framework applicable in a pure tomcat environment.
                            I do have a seam app running on a tomcat where hibernate is running in the jboss microcontainer. This app was dewrived from the seam hibernate example.
                            Ciao,
                            Carsten


                            To work in Tomcat it would require a custom Realm that could authenticate against the Seam security API. This wouldn't be too hard to write, and I'll probably look at providing this as part of the security API once I get all the other stuff nailed down (unless you want to volunteer :).

                            • 11. Re: Invitation to try new Seam authentication features
                              Michael Steiner Newbie

                               

                              "sbryzak2" wrote:

                              Authenticator.beginRequest() should only ever be called from the Lifecycle class, and currently if it throws any exceptions they are simply swallowed by a try..catch block. Would it be possible for you to submit a simple test case to JIRA that replicates this exception?


                              Ok I know where is the problem.

                              To replicate exception take security example from cvs, set property debug of org.jboss.seam.core.init = true in components.xml like this:
                              true
                              add seam-debug.jar to web-inf/lib in war.

                              When I turned off debug in my application and it started working fine.




                              • 12. Re: Invitation to try new Seam authentication features
                                Gus Gu Expert

                                I downloaded jboss-seam-CVS.20060822, but I could not find the security example in the examples directory. Can anybody give me a direction? Thank you.

                                • 13. Re: Invitation to try new Seam authentication features
                                  Shane Bryzak Master

                                   

                                  "gus888" wrote:
                                  I downloaded jboss-seam-CVS.20060822, but I could not find the security example in the examples directory. Can anybody give me a direction? Thank you.


                                  The nightly build seems to be missing some other stuff too, not sure why. If you want you could get the project straight from CVS, instructions are here on the wiki:

                                  http://wiki.jboss.org/wiki/Wiki.jsp?page=CVSRepository

                                  • 14. Re: Invitation to try new Seam authentication features
                                    Shane Bryzak Master

                                    If you have trouble accessing CVS, the next nightly build should include the security example.

                                    1 2 3 Previous Next