0 Replies Latest reply on May 5, 2007 3:26 AM by mnrz

    problem with security and login

    mnrz
    mnrz May 5, 2007 3:26 AM

      Hi

      I have a problem with security.
      I am using JBoss Seam 1.1.6
      when I press login button I encounter following exception:

      ERROR Servlet.service() for servlet Faces Servlet threw exception
javax.faces.FacesException: Error calling action method of component with id login:_id13
 at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:72)
 at javax.faces.component.UICommand.broadcast(UICommand.java:109)
 at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:97)
 at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:171)
 at org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:32)
 at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:95)
 at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:70)
 at javax.faces.webapp.FacesServlet.service(FacesServlet.java:139)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
 at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:100)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
 at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:147)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
 at org.jboss.seam.servlet.SeamRedirectFilter.doFilter(SeamRedirectFilter.java:29)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
 at org.jboss.seam.servlet.SeamCharacterEncodingFilter.doFilter(SeamCharacterEncodingFilter.java:41)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
 at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
 at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
 at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
 at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
 at java.lang.Thread.run(Thread.java:595)
Caused by: javax.faces.el.EvaluationException: /pages/main/login.xhtml @35,71 action="#{identity.login}": java.lang.IllegalStateException: no security rule base available - please install a RuleBase with the name 'securityRules'
 at com.sun.facelets.el.LegacyMethodBinding.invoke(LegacyMethodBinding.java:73)
 at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:61)
 ... 33 more
Caused by: java.lang.IllegalStateException: no security rule base available - please install a RuleBase with the name 'securityRules'
 at org.jboss.seam.security.Identity.assertSecurityContextExists(Identity.java:276)
 at org.jboss.seam.security.Identity.populateSecurityContext(Identity.java:245)
 at org.jboss.seam.security.Identity.postAuthenticate(Identity.java:223)
 at org.jboss.seam.security.Identity.authenticate(Identity.java:207)
 at org.jboss.seam.security.Identity.authenticate(Identity.java:199)
 at org.jboss.seam.security.Identity.login(Identity.java:184)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at com.sun.el.parser.AstValue.invoke(AstValue.java:151)
 at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283)
 at com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68)
 at com.sun.facelets.el.LegacyMethodBinding.invoke(LegacyMethodBinding.java:69)
 ... 34 more


      and this is the authenticator class: 

      @Name("authenticator")
public class Authenticator {

 @PersistenceContext (unitName="SearchEngineDB")
 @In
 private EntityManager entityManager;

 @Out(required = false, scope = SESSION)
 private User user;

 @In
 private Identity identity;

 public boolean authenticate() {
 try{
 User user = (User) entityManager.createQuery(
 "from User where username = :username and password = :password")
 .setParameter("username", Identity.instance().getUsername())
 .setParameter("password", Identity.instance().getPassword())
 .getSingleResult();


 if (user.getRoles() != null)
 {
 for (UserRole mr : user.getRoles()){
 Identity.instance().addRole(mr.getRoleName());
 }
 }
 return true;
 }
 catch (NoResultException ex)
 {
 FacesMessages.instance().add("Invalid username/password");
 ex.printStackTrace();
 return false;
 }
 }


      and security-rules.drl: 

      package SearchEnginePermissions;

import java.security.Principal;

import org.jboss.seam.security.PermissionCheck;
import org.jboss.seam.security.Role;

rule AdminIsAUser
 salience 10
 no-loop
when
 Role(name == "admin")
then
 assert(new Role("admin"));
end;


      component.xml: 

      <?xml version="1.0" encoding="UTF-8"?>
<components xmlns="http://jboss.com/products/seam/components"
 xmlns:core="http://jboss.com/products/seam/core"
 xmlns:security="http://jboss.com/products/seam/security"
 xmlns:drools="http://jboss.com/products/seam/drools"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation=
 "http://jboss.com/products/seam/core http://jboss.com/products/seam/core-1.1.xsd
 http://jboss.com/products/seam/components http://jboss.com/products/seam/components-1.1.xsd
 http://jboss.com/products/seam/security http://jboss.com/products/seam/security-1.1.xsd
 http://jboss.com/products/seam/drools http://jboss.com/products/seam/drools-1.1.xsd">


 <core:init jndi-pattern="#{ejbName}/local" my-faces-lifecycle-bug="false" />
 <core:ejb installed="true"/>

 <core:manager conversation-timeout="1200000"
 concurrent-request-timeout="500"
 conversation-id-parameter="cid"
 conversation-is-long-running-parameter="clr"/>

 <security:identity authenticate-method="#{authenticator.authenticate}" />
 <drools:rule-base name="securityRules">
 <drools:rule-files><value>/META-INF/security-rules.drl</value></drools:rule-files>
 </drools:rule-base>

 <component name="entityManager" auto-create="true" class="org.jboss.seam.core.ManagedPersistenceContext">
 <property name="persistenceUnitJndiName">java:/searchengineEntityManagerFactory</property>
 </component>


 </components>


      lots of Thanks

      • 2427 Views
      • Tags: