9 Replies Latest reply on Feb 21, 2007 4:45 PM by Warren Strange

    Seam Authenticator and GlassFish

    Janko Muzykant Newbie

      hope this is a right place to complain :) i tried to implement user authentication basing on seam documentation (http://docs.jboss.com/seam/1.1.6.GA/reference/en/html/security.html). Unfortunately, it seems that GlassFish (v2 build b34) does not take into consideration an Authenticator class. I did everything described on mentioned page but Authenticator.login method is just ignored.

      Do you have any idea what is wrong/missing?

      best regards,
      umrzyk

        • 1. Re: Seam Authenticator and GlassFish
          klaro78 Newbie

          I also had problems with Authenticator on Glassfish v1_ur1_p01.
          I solved this making the Authenticator a SLSB.
          Maybe this will work for v2 too...

          • 2. Re: Seam Authenticator and GlassFish
            Shane Bryzak Master

            Does the glassfish version of the booking demo work? It uses a SLSB for authentication.

            • 3. Re: Seam Authenticator and GlassFish
              Janko Muzykant Newbie

               

              "shane.bryzak@jboss.com" wrote:
              Does the glassfish version of the booking demo work? It uses a SLSB for authentication.


              yes, it works perfectly but it doesn't use JAAS SeamLoginModule what I would like to achieve. The only example that uses JAAS is propably seamspace but i cannot get it working on GF. Instead I wrote a simple code to authenticate user by SeamLoginModule as it was described in seam documentation (chapter 12 - security). Unfortunately i can't pass the login page and still get the 'Login failed' message.

              After a while I realized that Authenticator class I have created (12.2.2. Writing an authentication method) is not used at all. Authenticator is annotated as @Name("authenticator") and there is following entry:

              <security:identity authenticate-method="#{authenticator.authenticate}"/>

              inside components.xml. Is there something more I should do to get it running on GF ?

              regards,
              michal


              • 4. Re: Seam Authenticator and GlassFish
                Shane Bryzak Master

                Oops, I should have mentioned that only the cvs version of the glassfish example uses the new security stuff, not 1.1.6. Can you see if the latest cvs version works for you?

                • 5. Re: Seam Authenticator and GlassFish
                  klaro78 Newbie

                  As in the glassfish example, you have to add a ejb-local-ref in your web-xml, and of course, I also used CVS version:

                  <ejb-local-ref>
                   <ejb-ref-name>yourProject/AuthenticatorBean/local</ejb-ref-name>
                   <ejb-ref-type>Session</ejb-ref-type>
                   <local>your.package.Authenticator</local>
                   <ejb-link>AuthenticatorBean</ejb-link>
                  </ejb-local-ref>


                  • 6. Re: Seam Authenticator and GlassFish
                    Janko Muzykant Newbie

                    yup! cvs version works like a charm! I had only to add a snipped that klaro78 pointed out and now I can use JAAS authentication.

                    btw. there is still previous definition of LoginAction in the web.xml although its sources do not exists :)

                    thanks for your help.

                    • 7. Re: Seam Authenticator and GlassFish
                      Shane Bryzak Master

                      Oops, I didn't know glassfish hid stuff in web.xml.. it's removed now, thanks :)

                      • 8. Re: Seam Authenticator and GlassFish
                        Warren Strange Newbie

                        Did the glassfish fix for web.xml actually get commited to cvs? I can't see anything related to declaring the Authenticator.



                        This is what I added to my web.xml:

                        <ejb-local-ref>
                         <ejb-ref-name>SeamBookingOpenSSO/AuthenticatorAction/local</ejb-ref-name>
                         <ejb-ref-type>Session</ejb-ref-type>
                         <local-home/>
                         <local>org.jboss.seam.example.booking.Authenticator</local>
                         <ejb-link>AuthenticatorAction</ejb-link>
                         </ejb-local-ref>


                        I did not modify the AuthenticatorAction from the version in cvs. The other poster indicated this needs to be changed to a stateless bean?

                        I'm confused....

                        The error I am getting is:

                        /home.xhtml @24,85 value="#{identity.username}": Target Unreachable, identifier 'identity' resolved to null
                        javax.el.PropertyNotFoundException: /home.xhtml @24,85 value="#{identity.username}": Target Unreachable, identifier 'identity' resolved to null
                        


                        I am running on glassfish 9.0 UR1 - build 48 (the latest production build)



                        • 9. Re: Seam Authenticator and GlassFish
                          Warren Strange Newbie

                          Finally got this working....

                          It appears as if the changes discussed are not yet in cvs.


                          The problem with the null reference to identity turned out to be missing the drools security configuration stuff.

                          In a nutshell, you need a drools security config, and all the drools jars and dependencies.

                          I'll see if I can clean up my hacked together demo and post it