JBossDeveloper

"venkateshbr" wrote:
does the seam security support multiple authentication modes in the same application such as Digital Certificate login and Username/Password login.

"lightbulb432" wrote:

I spoke too soon when I said the above problem sorted itself out. The following does not work:

<exception class="org.jboss.seam.NotLoggedInException">
 <redirect view-id="/login.xhtml">
 <message>Not logged in</message>
 </redirect>
</exception>

This does not appear in any case. Only for authorization exceptions (when the user doesn't have appropriate permissions) does the message appear. Keep in mind the redirect is working, however, and the login.xhtml does have an h:messages. Is this a bug in Seam?

I personally wouldn't use enums for roles - unless perhaps you're persisting user roles as enums. Of course there's no problem doing this, you just need to call Identity.addRole(myEnum.toString()) in your authenticator method. I could modify the addRole() method to accept an Object instead of a String, the only difference being that it would call toString() on whatever object you pass in.

In the other areas of the security API, I can't really see any advantage doing this though, especially since the security expressions only work with string values anyway.

I've had no problems implementing the latest authentication/authorisation security features thanks to the contributors to this thread :)

I now need to roll my own implementation of org.jboss.seam.security.Identity to include a third log-in form attribute called 'organisation'. This identifies the user as a member of a particular organisation, fulfilling one or more roles. I need to use this approach as the user could also be a member of one or more organisations with a totally different set of roles/permissions for each.

I have extended the Identity class to implement the additional attribute, however I am stuck when it comes to annotating MyIdentity class in such a way that Seam 'knows' this is the identity type to use. I have injected MyIdentity into the Authenticator implementation but get the following exception which indicates Seam is still looking at its' own version:

javax.faces.el.PropertyNotFoundException: /login.xhtml @45,84 value="#{identity.organisation}": Bean: org.jboss.seam.security.Identity, property: organisation

Can anyone point me in the right direction please?

Thanks Andrew

I use this:

@Name("org.jboss.seam.security.identity")
public class Identity extends org.jboss.seam.security.Identity {

...

 public static Identity instance() {
 if ( !Contexts.isSessionContextActive() ) {
 throw new IllegalStateException("No active session context");
 }

 Identity instance = (Identity) Component.getInstance(Identity.class, ScopeType.SESSION, true);

 if (instance == null) {
 throw new IllegalStateException("No Identity could be created");
 }
 return instance;
 }
}

Thanks for response Pete.

One problem I have run up against is the annotation @Name("org.jboss.seam.security.identity") is not unique - trying to use this in the derived class as per your code snippet throws "java.lang.IllegalStateException: Two components with the same name and precedence: org.jboss.seam.security.identity", which is what one would expect.

How have you overcome this (short of changing the parent Identity annotation in the source)?

Your one should have application precedence (the default), the core one has the lower built in precedence.

From the source

@Name("org.jboss.seam.security.identity")
@Scope(SESSION)
@Install(precedence = BUILT_IN, classDependencies="org.drools.WorkingMemory")

You have <security:identity /> in your components.xml right? As Seam's Identity is not marked @Install(value=false) by putting that line in components.xml you end up creating an Identity component (which has APPLICATION precedence (as per the defaults)). So, what you in fact need to do, in components.xml, is to configure *your* Identity component rather than Seam's.

Pete, I had overlooked the extra attributes on the <security:identity /> tag that provide for a bespoke Identity so thank you for making me revisit this - I will amend my configuration.

Mike, thanks for your pointers. I actually got my Identity working by changing the precedence as per your suggestion.

Thank you both for your guidance (and patience).

I've tried to apply the settings via the 'class' and 'precedence' attributes of the <security:identity .../> element but to no avail.

My implementation of Identity does work however with the following annotation - @Install(precedence = DEPLOYMENT). According to the javadocs this is the "precedence to use for components which override application components in a particular deployment". As this works for me I am not going to fiddle with my <security:identity .../> element any further, so if you get it working that way let us know.

For completeness I have included my code below. I hope this helps.

@Name("org.jboss.seam.security.identity")
@Scope(SESSION)
@Install(precedence = DEPLOYMENT)
public class Identity extends org.jboss.seam.security.Identity {

 private static final long serialVersionUID = 3102222149672922155L;

 private String organisation;

 public static Identity instance() {
 if ( !Contexts.isSessionContextActive() ) {
 throw new IllegalStateException("No active session context");
 }

 Identity instance =
 (Identity)Component.getInstance(Identity.class, ScopeType.SESSION, true);

 if (instance == null) {
 throw new IllegalStateException("No Identity could be created");
 }
 return instance;
 }

 public String getOrganisation() {
 return organisation;
 }

 public void setOrganisation(String organisation) {
 setDirty(this.organisation, organisation);
 this.organisation = organisation;
 }

}

P.S. Components.xml remains unchanged i.e.

<security:identity authenticate-method="#{authenticator.authenticate}"/>

If you're using your own Identity implementation you can't configure it with <security:identity ...> in components.xml, you need to add a <component class="com.mycustom.identity" ...> element instead.