2 Replies Latest reply on Apr 27, 2007 7:58 AM by Dennis

    Seam Security Problem

    Dennis Newbie

      Hello,

      i tried to deploy a minimal SEAM project which only consists of a login page. The problem is that I would like to use a own written build.xml script, which is already stable running.

      The problem:

      12:25:35,281 ERROR [SeamLoginModule] Error invoking login method
      javax.faces.el.EvaluationException: Exception while invoking expression #{test.t
      est}
       at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java
      :165)
       at org.jboss.seam.actionparam.ActionParamBindingHelper.invokeTheExpressi
      on(ActionParamBindingHelper.java:58)
       at org.jboss.seam.actionparam.ActionParamMethodBinding.invoke(ActionPara
      mMethodBinding.java:75)
       at org.jboss.seam.core.Expressions$2.invoke(Expressions.java:148)
       at org.jboss.seam.security.jaas.SeamLoginModule.login(SeamLoginModule.ja
      va:104)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
      java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
      sorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:1
      86)
       at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext
      .java:703)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
       at org.jboss.seam.security.Identity.authenticate(Identity.java:247)
       at org.jboss.seam.security.Identity.authenticate(Identity.java:240)
       at org.jboss.seam.security.Identity.login(Identity.java:170)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
      java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
      sorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at com.sun.el.parser.AstValue.invoke(AstValue.java:174)
       at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:286)
      
       at com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.ja
      va:68)
       at com.sun.facelets.el.LegacyMethodBinding.invoke(LegacyMethodBinding.ja
      va:69)
       at org.apache.myfaces.application.ActionListenerImpl.processAction(Actio
      nListenerImpl.java:63)
       at javax.faces.component.UICommand.broadcast(UICommand.java:106)
       at org.ajax4jsf.framework.ajax.AjaxViewRoot.processEvents(AjaxViewRoot.j
      ava:274)
       at org.ajax4jsf.framework.ajax.AjaxViewRoot.broadcastEvents(AjaxViewRoot
      .java:250)
       at org.ajax4jsf.framework.ajax.AjaxViewRoot.processApplication(AjaxViewR
      oot.java:405)
       at org.apache.myfaces.lifecycle.LifecycleImpl.invokeApplication(Lifecycl
      eImpl.java:343)
       at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java
      :86)
       at javax.faces.webapp.FacesServlet.service(FacesServlet.java:137)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
      icationFilterChain.java:252)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
      ilterChain.java:173)
       at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.jav
      a:63)
       at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
       at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.jav
      a:49)
       at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:57)
       at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.jav
      a:49)
       at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:79)
       at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.jav
      a:49)
       at org.jboss.seam.web.SeamFilter.doFilter(SeamFilter.java:84)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
      icationFilterChain.java:202)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
      ilterChain.java:173)
       at org.ajax4jsf.framework.ajax.xmlfilter.BaseXMLFilter.doXmlFilter(BaseX
      MLFilter.java:75)
       at org.ajax4jsf.framework.ajax.xmlfilter.BaseFilter.doFilter(BaseFilter.
      java:213)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
      icationFilterChain.java:202)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
      ilterChain.java:173)
       at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFi
      lter.java:96)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
      icationFilterChain.java:202)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
      ilterChain.java:173)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
      alve.java:213)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
      alve.java:178)
       at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Securit
      yAssociationValve.java:175)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
      torBase.java:432)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValv
      e.java:74)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
      ava:126)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
      ava:105)
       at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConne
      ctionValve.java:156)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
      ve.java:107)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
      a:148)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
      :869)
       at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.p
      rocessConnection(Http11BaseProtocol.java:664)
       at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpo
      int.java:527)
       at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWor
      kerThread.java:112)
       at java.lang.Thread.run(Thread.java:595)
      Caused by: javax.faces.el.PropertyNotFoundException: Base is null: test
       at org.apache.myfaces.el.ValueBindingImpl.resolveToBaseAndProperty(Value
      BindingImpl.java:460)
       at org.apache.myfaces.el.MethodBindingImpl.resolveToBaseAndProperty(Meth
      odBindingImpl.java:180)
       at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java
      :114)
       ... 67 more
      


      The project ist structured like:
      dist/
      META-INF/
      application.xml
      jboss-app.xml
      view.war/
      WEB-INF/
      components.xml
      faces-config.xml
      web.xml
      index.html -> Redirect index.seam
      index.xhtml
      index.page.xml

      web.xml
      <?xml version="1.0" ?>
      <web-app xmlns="http://java.sun.com/xml/ns/j2ee"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
       version="2.4">
      
       <!-- Ajax4jsf (must come first!) -->
      
       <filter>
       <display-name>Ajax4jsf Filter</display-name>
       <filter-name>ajax4jsf</filter-name>
       <filter-class>org.ajax4jsf.Filter</filter-class>
       </filter>
      
       <filter-mapping>
       <filter-name>ajax4jsf</filter-name>
       <url-pattern>*.seam</url-pattern>
       </filter-mapping>
      
       <context-param>
       <param-name>org.ajax4jsf.VIEW_HANDLERS</param-name>
       <param-value>org.jboss.seam.ui.facelet.SeamFaceletViewHandler</param-value>
       </context-param>
      
       <!-- Seam -->
      
       <listener>
       <listener-class>org.jboss.seam.servlet.SeamListener</listener-class>
       </listener>
      
       <filter>
       <filter-name>Seam Filter</filter-name>
       <filter-class>org.jboss.seam.web.SeamFilter</filter-class>
       </filter>
      
       <filter-mapping>
       <filter-name>Seam Filter</filter-name>
       <url-pattern>/*</url-pattern>
       </filter-mapping>
      
       <servlet>
       <servlet-name>Seam Resource Servlet</servlet-name>
       <servlet-class>org.jboss.seam.servlet.ResourceServlet</servlet-class>
       </servlet>
      
       <servlet-mapping>
       <servlet-name>Seam Resource Servlet</servlet-name>
       <url-pattern>/seam/resource/*</url-pattern>
       </servlet-mapping>
      
       <!-- MyFaces -->
      
       <listener>
       <listener-class>org.apache.myfaces.webapp.StartupServletContextListener</listener-class>
       </listener>
      
       <!-- Facelets development mode (disable in production) -->
      
       <context-param>
       <param-name>facelets.DEVELOPMENT</param-name>
       <param-value>true</param-value>
       </context-param>
      
       <!-- JSF -->
      
       <context-param>
       <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
       <param-value>client</param-value>
       </context-param>
      
       <context-param>
       <param-name>javax.faces.DEFAULT_SUFFIX</param-name>
       <param-value>.xhtml</param-value>
       </context-param>
      
       <servlet>
       <servlet-name>Faces Servlet</servlet-name>
       <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
       <load-on-startup>1</load-on-startup>
       </servlet>
      
       <servlet-mapping>
       <servlet-name>Faces Servlet</servlet-name>
       <url-pattern>*.seam</url-pattern>
       </servlet-mapping>
      
       <security-constraint>
       <display-name>Restrict raw XHTML Documents</display-name>
       <web-resource-collection>
       <web-resource-name>XHTML</web-resource-name>
       <url-pattern>*.xhtml</url-pattern>
       </web-resource-collection>
       <auth-constraint>
       <role-name>NONE</role-name>
       </auth-constraint>
       </security-constraint>
      
      </web-app>
      


      components.xml
      <?xml version="1.0" encoding="UTF-8"?>
      <components xmlns="http://jboss.com/products/seam/components"
       xmlns:core="http://jboss.com/products/seam/core"
       xmlns:drools="http://jboss.com/products/seam/drools"
       xmlns:security="http://jboss.com/products/seam/security"
       xmlns:mail="http://jboss.com/products/seam/mail"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation=
       "http://jboss.com/products/seam/core http://jboss.com/products/seam/core-1.2.xsd
       http://jboss.com/products/seam/drools http://jboss.com/products/seam/drools-1.2.xsd
       http://jboss.com/products/seam/security http://jboss.com/products/seam/security-1.2.xsd
       http://jboss.com/products/seam/mail http://jboss.com/products/seam/mail-1.2.xsd
       http://jboss.com/products/seam/components http://jboss.com/products/seam/components-1.2.xsd">
      
       <core:init debug="true" jndi-pattern="alert/#{ejbName}/local"/>
      
       <core:manager concurrent-request-timeout="500"
       conversation-timeout="120000"
       conversation-id-parameter="cid"
       conversation-is-long-running-parameter="clr"/>
      
       <core:managed-persistence-context name="entityManager"
       auto-create="true"
       persistence-unit-jndi-name="java:/DefaultDS"/>
      
       <core:ejb installed="false"/>
      
       <security:identity authenticate-method="#{test.test}"/>
      
       <event type="org.jboss.seam.notLoggedIn">
       <action expression="#{redirect.captureCurrentView}"/>
       </event>
       <event type="org.jboss.seam.postAuthenticate">
       <action expression="#{redirect.returnToCapturedView}"/>
       </event>
      
      </components>
      


      faces-config.xml
      <?xml version='1.0' encoding='UTF-8'?>
      <!DOCTYPE faces-config PUBLIC
       "-//Sun Microsystems, Inc.//DTD JavaServer Faces Config 1.1//EN"
       "http://java.sun.com/dtd/web-facesconfig_1_1.dtd">
      
      <faces-config>
      
       <application>
       <message-bundle>messages</message-bundle>
       <!-- Disabled when using Ajax4JSF -->
       <!--
       <view-handler>org.jboss.seam.ui.facelet.SeamFaceletViewHandler</view-handler>
       -->
       </application>
      
       <!-- Seam transaction management -->
       <lifecycle>
       <phase-listener>org.jboss.seam.jsf.TransactionalSeamPhaseListener</phase-listener>
       </lifecycle>
      
      </faces-config>
      


      application.xml
      <?xml version="1.0" encoding="UTF-8"?>
      <application xmlns="http://java.sun.com/xml/ns/javaee"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_5.xsd"
       version="5">
      
       <display-name>alert</display-name>
      
       <module>
       <web>
       <web-uri>view.war</web-uri>
       <context-root>/alert</context-root>
       </web>
       </module>
      
       <module>
       <ejb>bean.jar</ejb>
       </module>
      
       <module>
       <java>jboss-seam.jar</java>
       </module>
      
       <!-- Remove these lines for JSF 1.2 -->
      
       <module>
       <java>el-api.jar</java>
       </module>
      
       <module>
       <java>el-ri.jar</java>
       </module>
      </application>
      


      Authenticator.class
      package de.alert.session;
      
      import org.jboss.seam.annotations.In;
      import org.jboss.seam.annotations.Logger;
      import org.jboss.seam.annotations.Name;
      import org.jboss.seam.log.Log;
      import org.jboss.seam.security.Identity;
      
      
      @Name("test")
      public class Authenticator
      {
       @Logger Log log;
      
       @In Identity identity;
      
       public boolean test()
       {
       log.info("authenticating #0", identity.getUsername());
       //write your authentication logic here,
       //return true if the authentication was
       //successful, false otherwise
       identity.addRole("admin");
       return true;
       }
      }
      


      index.xhtml
       <h:outputLabel for="username">Username</h:outputLabel>
       <h:inputText id="username" value="#{identity.username}"/>
       <h:outputLabel for="password">Password</h:outputLabel>
       <h:inputSecret id="password" value="#{identity.password}"/>
       <h:outputLabel for="rememberMe">Remember me</h:outputLabel>
       <h:selectBooleanCheckbox id="rememberMe" value="#{identity.rememberMe}"/>
       <h:commandButton value="Login" action="#{identity.login}"/>
      


      What am I doing wrong? All neccessary libaries are in place. Am I missing some configuration files? Has anybody an idea?
      If neccessary I would send you my full project structure.

      Thank in advance