2 Replies Latest reply on May 3, 2007 9:49 PM by Christian Bauer

    Seam's Identity and Authenticator

    Tony Mai Apprentice

      Can someone tell me the correlation between Seam's Identity and Authenticator?

      It is my understanding that we can declare/override the RuleBasedIdentity as followed:

      public class MyIdentity extends RuleBasedIdentity {
       public String login() {
       super.login(); /* Ignore outcome from super */
       return "nextPage";

      And use it in our web page as followed:
      <h:commandButton value="Login" action="#{identity.login}"/>

      Then I also see code using Authenticator as followed:

      <security:identity authenticate-method="#{authenticator.authenticate}" security-rules="#{securityRules}"/>

      public class Authenticator {
       Identity identity;
       public boolean authenticate() {
       return true;

      Is there an implicit correlation between these two component? Or are they mutually exclusive? Is one better than the other?

      Thanks for your help.

        • 1. Re: Seam's Identity and Authenticator
          Shane Bryzak Master

          These classes work in concert with each other - by default, the Identity class will use JAAS to authenticate the user, via SeamLoginModule (which is a standard JAAS login module). SeamLoginModule performs authentication by invoking a MethodExpression - i.e, the authenticate-method configured in Identity.

          • 2. Re: Seam's Identity and Authenticator
            Christian Bauer Master

            Usually "security" means two things:

            - Authentication: Who are you, can you identify yourself and what are your roles/privileges?

            - Authorization: An action/display requires a permission, do you have the right roles/privileges for that?

            The authenticator does Authentication, the Identity component is responsible for Authorization.