0 Replies Latest reply on May 5, 2007 3:26 AM by Mohammad Norouzi

    problem with security and login

    Mohammad Norouzi Novice

      Hi

      I have a problem with security.
      I am using JBoss Seam 1.1.6
      when I press login button I encounter following exception:

      ERROR Servlet.service() for servlet Faces Servlet threw exception
      javax.faces.FacesException: Error calling action method of component with id login:_id13
       at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:72)
       at javax.faces.component.UICommand.broadcast(UICommand.java:109)
       at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:97)
       at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:171)
       at org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:32)
       at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:95)
       at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:70)
       at javax.faces.webapp.FacesServlet.service(FacesServlet.java:139)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
       at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:100)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
       at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:147)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
       at org.jboss.seam.servlet.SeamRedirectFilter.doFilter(SeamRedirectFilter.java:29)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
       at org.jboss.seam.servlet.SeamCharacterEncodingFilter.doFilter(SeamCharacterEncodingFilter.java:41)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
       at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
       at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
       at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
       at java.lang.Thread.run(Thread.java:595)
      Caused by: javax.faces.el.EvaluationException: /pages/main/login.xhtml @35,71 action="#{identity.login}": java.lang.IllegalStateException: no security rule base available - please install a RuleBase with the name 'securityRules'
       at com.sun.facelets.el.LegacyMethodBinding.invoke(LegacyMethodBinding.java:73)
       at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:61)
       ... 33 more
      Caused by: java.lang.IllegalStateException: no security rule base available - please install a RuleBase with the name 'securityRules'
       at org.jboss.seam.security.Identity.assertSecurityContextExists(Identity.java:276)
       at org.jboss.seam.security.Identity.populateSecurityContext(Identity.java:245)
       at org.jboss.seam.security.Identity.postAuthenticate(Identity.java:223)
       at org.jboss.seam.security.Identity.authenticate(Identity.java:207)
       at org.jboss.seam.security.Identity.authenticate(Identity.java:199)
       at org.jboss.seam.security.Identity.login(Identity.java:184)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at com.sun.el.parser.AstValue.invoke(AstValue.java:151)
       at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283)
       at com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68)
       at com.sun.facelets.el.LegacyMethodBinding.invoke(LegacyMethodBinding.java:69)
       ... 34 more
      
      


      and this is the authenticator class:

      @Name("authenticator")
      public class Authenticator {
      
       @PersistenceContext (unitName="SearchEngineDB")
       @In
       private EntityManager entityManager;
      
       @Out(required = false, scope = SESSION)
       private User user;
      
       @In
       private Identity identity;
      
       public boolean authenticate() {
       try{
       User user = (User) entityManager.createQuery(
       "from User where username = :username and password = :password")
       .setParameter("username", Identity.instance().getUsername())
       .setParameter("password", Identity.instance().getPassword())
       .getSingleResult();
      
      
       if (user.getRoles() != null)
       {
       for (UserRole mr : user.getRoles()){
       Identity.instance().addRole(mr.getRoleName());
       }
       }
       return true;
       }
       catch (NoResultException ex)
       {
       FacesMessages.instance().add("Invalid username/password");
       ex.printStackTrace();
       return false;
       }
       }
      
      


      and security-rules.drl:

      package SearchEnginePermissions;
      
      import java.security.Principal;
      
      import org.jboss.seam.security.PermissionCheck;
      import org.jboss.seam.security.Role;
      
      rule AdminIsAUser
       salience 10
       no-loop
      when
       Role(name == "admin")
      then
       assert(new Role("admin"));
      end;
      


      component.xml:

      <?xml version="1.0" encoding="UTF-8"?>
      <components xmlns="http://jboss.com/products/seam/components"
       xmlns:core="http://jboss.com/products/seam/core"
       xmlns:security="http://jboss.com/products/seam/security"
       xmlns:drools="http://jboss.com/products/seam/drools"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation=
       "http://jboss.com/products/seam/core http://jboss.com/products/seam/core-1.1.xsd
       http://jboss.com/products/seam/components http://jboss.com/products/seam/components-1.1.xsd
       http://jboss.com/products/seam/security http://jboss.com/products/seam/security-1.1.xsd
       http://jboss.com/products/seam/drools http://jboss.com/products/seam/drools-1.1.xsd">
      
      
       <core:init jndi-pattern="#{ejbName}/local" my-faces-lifecycle-bug="false" />
       <core:ejb installed="true"/>
      
       <core:manager conversation-timeout="1200000"
       concurrent-request-timeout="500"
       conversation-id-parameter="cid"
       conversation-is-long-running-parameter="clr"/>
      
       <security:identity authenticate-method="#{authenticator.authenticate}" />
       <drools:rule-base name="securityRules">
       <drools:rule-files><value>/META-INF/security-rules.drl</value></drools:rule-files>
       </drools:rule-base>
      
       <component name="entityManager" auto-create="true" class="org.jboss.seam.core.ManagedPersistenceContext">
       <property name="persistenceUnitJndiName">java:/searchengineEntityManagerFactory</property>
       </component>
      
      
       </components>
      
      


      lots of Thanks