3 Replies Latest reply on Mar 14, 2007 1:49 AM by steveant

Using Seam Identity - What's the recommended approach?

steveant Mar 13, 2007 11:40 PM

Hi,

I've found what looks like multiple methods of implementing your own authentication between the Seam Book, reference manual and various forum posts - is there a recommended approach we should be moving towards as a best practice? Any comments would be greatly appreciated!

Method 1 - Seam Book: Section 20.1. Authentication and User Roles:
. . .
1.Create a method in backing bean:

public boolean login(String username, String password, List<String> roles)

2. add entry to components.xml:

<security:identity authenticate-method=
"#{authBean.login}"/>

the identity.username and identitiy.password values would automatically be forwarded to the hardwired method when identity.login() is called.

Method 2 - Seam Reference Manual: Section 12.3.1. Configuration
1. Create a method in backing bean:

public boolean authenticate()

2. add entry to components.xml:

<security:identity authenticate-method="#{authenticator.authenticate}"/>

In this case we'd call Identity.instance().getUsername() / .getPassword() to fetch the values.

Method 3 - We can override extend the existing identity class:

Name("org.jboss.seam.security.identity")
@Scope(ScopeType.SESSION)
@Intercept(InterceptionType.AFTER_RESTORE_VIEW)
public class MyIdentity extends RuleBasedIdentity
{
 public String login() {
 return super.login();
 }
}

1. Re: Using Seam Identity - What's the recommended approach?

shane.bryzak Mar 14, 2007 12:14 AM (in response to steveant)

Method 1 is redundant and no longer supported. I recommend you follow the instructions in the Seam reference docs, they are always going to be up to date and they explain (at least I hope so) how to set up authentication in a logical, step-by-step manner.
Actions
2. Re: Using Seam Identity - What's the recommended approach?

tony.herstell1 Mar 14, 2007 12:33 AM (in response to steveant)

Method 2 works great, apart from you lose the ability to get your hibernate validation annotations automagically being applied to your username, password fields...
Actions

3. Re: Using Seam Identity - What's the recommended approach?

steveant Mar 14, 2007 1:49 AM (in response to steveant)

Thank you both for your input. I had originally implemented my own login validation and am moving to JAAS so that I can take advantage of the role based security built into Seam. It is too bad about the hibernate validation though, I agree.

In any case I'm running into another problem now which may be a jbpm bug Maybe someone's encountered it:

From within a pageflow I'm calling identity.login and getting an error:
code:

loginProcess.jpdl.xml:

. . .
<transition name="login-user" to="authenticateUser">
 <action expression="#{identity.login}" />
</transition>
. . .

error on return of "login-user" from a commandLink click:
00:29:01,817 ERROR [GraphElement] action threw exception: couldn't evaluate expression '#{identity.login}'
org.jbpm.JbpmException: couldn't evaluate expression '#{identity.login}'
 at org.jbpm.jpdl.el.impl.JbpmExpressionEvaluator.evaluate(JbpmExpressionEvaluator.java:38)
 at org.jbpm.graph.def.Action.execute(Action.java:119)
. . .
Caused by: org.jbpm.jpdl.el.ELException: Unable to find a value for "login" in object of class "org.jboss.seam.security.RuleBasedIdentity" using operator "."
. . .
Caused by: org.jbpm.JbpmException: couldn't evaluate expression '#{identity.login}'
. . .
Caused by: org.jbpm.jpdl.el.ELException: Unable to find a value for "login" in object of class "org.jboss.seam.security.RuleBasedIdentity" using operator "."

I found in another thread that a suggestion from GK to try overriding the login function - which I did -- it made no difference:

@Name("org.jboss.seam.core.identity")
@Scope(ScopeType.SESSION)
@Intercept(InterceptionType.AFTER_RESTORE_VIEW)
public class OverrideIdentity extends RuleBasedIdentity
{
 public String login()
 {
 return super.login();
 }
}

Has anyone run into a similar problem?

Thanks again for your help.

Go to original post