2 Replies Latest reply on May 3, 2007 9:49 PM by Christian Bauer

    Seam's Identity and Authenticator

    Tony Mai Apprentice

      Can someone tell me the correlation between Seam's Identity and Authenticator?

      It is my understanding that we can declare/override the RuleBasedIdentity as followed:

      @Name("org.jboss.seam.security.identity")
      @Scope(ScopeType.SESSION)
      @Intercept(InterceptionType.AFTER_RESTORE_VIEW)
      public class MyIdentity extends RuleBasedIdentity {
      ...
       @Override
       public String login() {
       super.login(); /* Ignore outcome from super */
      
      ...
       return "nextPage";
       }


      And use it in our web page as followed:
      <h:commandButton value="Login" action="#{identity.login}"/>
      


      Then I also see code using Authenticator as followed:

      component.xml
      <security:identity authenticate-method="#{authenticator.authenticate}" security-rules="#{securityRules}"/>

      with
      @Name("authenticator")
      public class Authenticator {
       @In
       Identity identity;
      
       public boolean authenticate() {
      ...
       return true;
       }
      


      Is there an implicit correlation between these two component? Or are they mutually exclusive? Is one better than the other?

      Thanks for your help.
      -tony

        • 1. Re: Seam's Identity and Authenticator
          Shane Bryzak Master

          These classes work in concert with each other - by default, the Identity class will use JAAS to authenticate the user, via SeamLoginModule (which is a standard JAAS login module). SeamLoginModule performs authentication by invoking a MethodExpression - i.e, the authenticate-method configured in Identity.

          • 2. Re: Seam's Identity and Authenticator
            Christian Bauer Master

            Usually "security" means two things:

            - Authentication: Who are you, can you identify yourself and what are your roles/privileges?

            - Authorization: An action/display requires a permission, do you have the right roles/privileges for that?

            The authenticator does Authentication, the Identity component is responsible for Authorization.