3 Replies Latest reply on Mar 14, 2007 1:49 AM by Steve Antonakakis

    Using Seam Identity - What's the recommended approach?

    Steve Antonakakis Newbie

      Hi,

      I've found what looks like multiple methods of implementing your own authentication between the Seam Book, reference manual and various forum posts - is there a recommended approach we should be moving towards as a best practice? Any comments would be greatly appreciated!

      Method 1 - Seam Book: Section 20.1. Authentication and User Roles:
      . . .
      1.Create a method in backing bean:

      public boolean login(String username, String password, List<String> roles)

      2. add entry to components.xml:
      <security:identity authenticate-method=
      "#{authBean.login}"/>

      the identity.username and identitiy.password values would automatically be forwarded to the hardwired method when identity.login() is called.

      Method 2 - Seam Reference Manual: Section 12.3.1. Configuration
      1. Create a method in backing bean:
      public boolean authenticate()

      2. add entry to components.xml:
      <security:identity authenticate-method="#{authenticator.authenticate}"/>

      In this case we'd call Identity.instance().getUsername() / .getPassword() to fetch the values.

      Method 3 - We can override extend the existing identity class:
      Name("org.jboss.seam.security.identity")
      @Scope(ScopeType.SESSION)
      @Intercept(InterceptionType.AFTER_RESTORE_VIEW)
      public class MyIdentity extends RuleBasedIdentity
      {
       public String login() {
       return super.login();
       }
      }



        • 1. Re: Using Seam Identity - What's the recommended approach?
          Shane Bryzak Master

          Method 1 is redundant and no longer supported. I recommend you follow the instructions in the Seam reference docs, they are always going to be up to date and they explain (at least I hope so) how to set up authentication in a logical, step-by-step manner.

          • 2. Re: Using Seam Identity - What's the recommended approach?
            Tony Herstell Master

            Method 2 works great, apart from you lose the ability to get your hibernate validation annotations automagically being applied to your username, password fields...

            • 3. Re: Using Seam Identity - What's the recommended approach?
              Steve Antonakakis Newbie

              Thank you both for your input. I had originally implemented my own login validation and am moving to JAAS so that I can take advantage of the role based security built into Seam. It is too bad about the hibernate validation though, I agree.

              In any case I'm running into another problem now which may be a jbpm bug Maybe someone's encountered it:

              From within a pageflow I'm calling identity.login and getting an error:
              code:

              loginProcess.jpdl.xml:

              . . .
              <transition name="login-user" to="authenticateUser">
               <action expression="#{identity.login}" />
              </transition>
              . . .


              error on return of "login-user" from a commandLink click:
              00:29:01,817 ERROR [GraphElement] action threw exception: couldn't evaluate expression '#{identity.login}'
              org.jbpm.JbpmException: couldn't evaluate expression '#{identity.login}'
               at org.jbpm.jpdl.el.impl.JbpmExpressionEvaluator.evaluate(JbpmExpressionEvaluator.java:38)
               at org.jbpm.graph.def.Action.execute(Action.java:119)
              . . .
              Caused by: org.jbpm.jpdl.el.ELException: Unable to find a value for "login" in object of class "org.jboss.seam.security.RuleBasedIdentity" using operator "."
              . . .
              Caused by: org.jbpm.JbpmException: couldn't evaluate expression '#{identity.login}'
              . . .
              Caused by: org.jbpm.jpdl.el.ELException: Unable to find a value for "login" in object of class "org.jboss.seam.security.RuleBasedIdentity" using operator "."


              I found in another thread that a suggestion from GK to try overriding the login function - which I did -- it made no difference:

              @Name("org.jboss.seam.core.identity")
              @Scope(ScopeType.SESSION)
              @Intercept(InterceptionType.AFTER_RESTORE_VIEW)
              public class OverrideIdentity extends RuleBasedIdentity
              {
               public String login()
               {
               return super.login();
               }
              }


              Has anyone run into a similar problem?

              Thanks again for your help.