1 2 3 Previous Next 44 Replies Latest reply on Feb 16, 2007 6:10 PM by shane.bryzak Go to original post
      • 15. Re: Seam Security
        pmuir

        you can already :)

        • 16. Re: Seam Security

          Why is the NotLoggedInException being swallowed? Aren't we supposed to be able to do things with this, like specify it in exceptions.xml - which isn't working for me...

          19:55:48,625 ERROR [AbstractSeamPhaseListener] Swallowing exception thrown by page action
          org.jboss.seam.security.NotLoggedInException
           at org.jboss.seam.security.Identity.checkRestriction(Identity.java:161)
           at org.jboss.seam.pages.Page.enter(Page.java:185)
           at org.jboss.seam.core.Pages.enterPage(Pages.java:239)
           at org.jboss.seam.jsf.AbstractSeamPhaseListener.enterPage(AbstractSeamPhaseListener.java:241)
           at org.jboss.seam.jsf.AbstractSeamPhaseListener.beforeRender(AbstractSeamPhaseListener.java:192)
           at org.jboss.seam.jsf.SeamPhaseListener.beforePhase(SeamPhaseListener.java:53)
           at org.apache.myfaces.lifecycle.PhaseListenerManager.informPhaseListenersBefore(PhaseListenerManager.java:70)
           at org.apache.myfaces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:373)
           at javax.faces.webapp.FacesServlet.service(FacesServlet.java:138)
           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
           at org.jboss.seam.servlet.SeamRedirectFilter.doFilter(SeamRedirectFilter.java:32)
           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
           at org.jboss.seam.servlet.SeamExceptionFilter.doFilter(SeamExceptionFilter.java:46)
           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
           at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
           at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
           at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
           at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
           at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
           at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
           at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
           at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
           at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
           at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
           at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
           at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
           at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
           at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
           at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
           at java.lang.Thread.run(Thread.java:595)


          • 17. Re: Seam Security

             

            "lightbulb432" wrote:
            Why is the NotLoggedInException being swallowed? Aren't we supposed to be able to do things with this, like specify it in exceptions.xml - which isn't working for me...

            http://jira.jboss.org/jira/browse/JBSEAM-752

            • 18. Re: Seam Security

              Aah, I see.

              Regarding the authenticator.authenticate method, when you add roles to the "Set roles" in the method argument, where in the debug would you look to see that it's actually being added correctly?

              I checked the identity component but there's no roles property there...where else do I look? (I'm having some troubles that seem to be related to these roles...)

              • 19. Re: Seam Security
                gavin.king

                Seam's exception handling stuff is fixed/redesigned in CVS.

                • 20. Re: Seam Security

                  Yet another problem... Is it looking for a login() method, rather than a login with the three required arguments? I dunno, but it's not working with the latest CVS of Seam and I've declared the login method in the session bean interface.

                  And I've declared my login method in the components.xml...


                  12:48:56,609 ERROR [SeamLoginModule] Error invoking login method
                  javax.faces.el.EvaluationException: Exception while invoking expression #{login.login}
                   at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:165)
                   at org.jboss.seam.actionparam.ActionParamBindingHelper.invokeTheExpression(ActionParamBindingHelper.java:59)
                   at org.jboss.seam.actionparam.ActionParamMethodBinding.invoke(ActionParamMethodBinding.java:74)
                   at org.jboss.seam.core.Expressions$2.invoke(Expressions.java:102)
                   at org.jboss.seam.security.jaas.SeamLoginModule.login(SeamLoginModule.java:102)
                   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                   at java.lang.reflect.Method.invoke(Method.java:585)
                   at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
                   at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
                   at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
                   at java.security.AccessController.doPrivileged(Native Method)
                   at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
                   at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
                   at org.jboss.seam.security.Identity.authenticate(Identity.java:204)
                   at org.jboss.seam.security.Identity.authenticate(Identity.java:197)
                   at org.jboss.seam.security.Identity.login(Identity.java:182)
                   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                   at java.lang.reflect.Method.invoke(Method.java:585)
                   at com.sun.el.parser.AstValue.invoke(AstValue.java:151)
                   at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283)
                   at com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68)
                   at com.sun.facelets.el.LegacyMethodBinding.invoke(LegacyMethodBinding.java:69)
                   at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:63)
                   at javax.faces.component.UICommand.broadcast(UICommand.java:106)
                   at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:94)
                   at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:168)
                   at org.apache.myfaces.lifecycle.LifecycleImpl.invokeApplication(LifecycleImpl.java:343)
                   at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:86)
                   at javax.faces.webapp.FacesServlet.service(FacesServlet.java:137)
                   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
                   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
                   at org.jboss.seam.servlet.SeamRedirectFilter.doFilter(SeamRedirectFilter.java:29)
                   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
                   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
                   at org.jboss.seam.servlet.SeamExceptionFilter.doFilter(SeamExceptionFilter.java:43)
                   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
                   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
                   at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
                   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
                   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
                   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
                   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
                   at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
                   at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
                   at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
                   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
                   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
                   at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
                   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
                   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
                   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
                   at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
                   at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
                   at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
                   at java.lang.Thread.run(Thread.java:595)
                  Caused by: java.lang.NoSuchMethodException: com.test.session.Login$$EnhancerByCGLIB$$f3e562ee.login()
                   at java.lang.Class.getMethod(Class.java:1581)
                   at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:118)
                   ... 58 more
                  12:48:56,609 DEBUG [Identity] Login failed for:testusername
                  javax.security.auth.login.LoginException: Login Failure: all modules ignored
                   at javax.security.auth.login.LoginContext.invoke(LoginContext.java:921)
                   at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
                   at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
                   at java.security.AccessController.doPrivileged(Native Method)
                   at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
                   at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
                   at org.jboss.seam.security.Identity.authenticate(Identity.java:204)
                   at org.jboss.seam.security.Identity.authenticate(Identity.java:197)
                   at org.jboss.seam.security.Identity.login(Identity.java:182)
                   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                   at java.lang.reflect.Method.invoke(Method.java:585)
                   at com.sun.el.parser.AstValue.invoke(AstValue.java:151)
                   at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283)
                   at com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68)
                   at com.sun.facelets.el.LegacyMethodBinding.invoke(LegacyMethodBinding.java:69)
                   at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:63)
                   at javax.faces.component.UICommand.broadcast(UICommand.java:106)
                   at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:94)
                   at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:168)
                   at org.apache.myfaces.lifecycle.LifecycleImpl.invokeApplication(LifecycleImpl.java:343)
                   at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:86)
                   at javax.faces.webapp.FacesServlet.service(FacesServlet.java:137)
                   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
                   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
                   at org.jboss.seam.servlet.SeamRedirectFilter.doFilter(SeamRedirectFilter.java:29)
                   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
                   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
                   at org.jboss.seam.servlet.SeamExceptionFilter.doFilter(SeamExceptionFilter.java:43)
                   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
                   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
                   at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
                   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
                   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
                   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
                   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
                   at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
                   at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
                   at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
                   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
                   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
                   at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
                   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
                   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
                   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
                   at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
                   at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
                   at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
                   at java.lang.Thread.run(Thread.java:595)


                  • 21. Re: Seam Security

                    Note that it was working fine until I upgraded to the latest CVS version to solve another problem, so I don't think the problem's within my login method or anything like that (as I didn't make changes to those after upgrading).

                    • 22. Re: Seam Security
                      fernando_jmt

                      The authentication way was changed in the CVS version.

                      You should use it as follows sample:

                       ...
                       @In
                       private Identity identity;
                      
                       public boolean authenticate()
                       {
                       try
                       {
                       Member member = (Member) entityManager.createQuery(
                       "from Member where username = :username")
                       .setParameter("username", identity.getUsername())
                       .setParameter("password", identity.getPassword())
                       .getSingleResult();
                       for ( MemberRole mr : member.getRoles() )
                       {
                       identity.addRole(mr.getName());
                       }
                      
                       return true;
                       }
                       catch (NoResultException ex)
                       {
                       return false;
                       }
                       }
                      
                      


                      • 23. Re: Seam Security

                        Oh, I didn't realize that, thanks.


                        When catching NotLoggedInException in exceptions.xml, I have a

                        <redirect view-id="/login.xhtml">Not logged in</redirect>
                        for the NotLoggedInException.

                        While the redirect works correctly, the message "Not logged in" doesn't display in login.xhtml's
                        <h:messages globalOnly="true" />


                        Why won't this message appear?


                        My next question is how can the exception object be accessed from within a page? I looked up the Seam documentation under the Seam pre-installed components but nothing related to exceptions comes up...I'm thinking of some kind of #{exception.stackTrace} or something...

                        • 24. Re: Seam Security
                          fernando_jmt

                          I also have the same problem related to NotLoggedInException
                          Using the non CVS version I had:

                          <redirect view-id="/login.xhtml">#{messages['User.notLoggedIn']}</redirect>
                          


                          And it was working well, a message was shown in the login page.

                          But it seems there's a problem with the CVS version, because now I can't get the message in the login message. The message is not shown.

                          Is there something new or changed in the CVS version? somebody knows it?

                          • 25. Re: Seam Security
                            gavin.king

                            In CVS you should wrap the message in a element. Check the new pages.xml DTD.

                            • 26. Re: Seam Security

                              I wrapped the message in an element according to the new pages.xml DTD, but there's no change...it still doesn't appear for me.

                              Also, how can I override the default org.jboss.seam.loginFailed and org.jboss.seam.loginSuccessful messages? I tried putting them in my properties files (e.g. org.jboss.seam.loginSuccessful=My Message) that I've added in components.xml, but the default messages still appear!

                              I'm not having any luck with Seam and messages, I guess...

                              • 27. Re: Seam Security

                                Never mind my previous post; the first problem magically disappeared and the second was solved by adding "messages" to the list of resource bundles in components.xml.


                                How do I debug roles? I've added the roles to the "identity" component in my login method but the debug page doesn't list roles for the identity component! It only lists the following properties, but nothing like "roles":

                                authenticateMethod
                                class
                                cookieEnabled
                                cookieMaxAge
                                jaasConfigName
                                loggedIn
                                password
                                principal
                                rememberMe
                                securityContext
                                securityRules
                                subject
                                username
                                toString()

                                How can I see why s:hasRole('...') isn't working correctly? I'd like to know what roles identity actually has added and whether they've been added correctly from my code...

                                • 28. Re: Seam Security
                                  shane.bryzak

                                  There's two places where roles are kept. The first, more traditional location is in the subject in a group called "roles". The second place is in the securityContext where they are accessible by the drools-based security rules.

                                  • 29. Re: Seam Security

                                    does the seam security support multiple authentication modes in the same application such as Digital Certificate login and Username/Password login.