1 2 Previous Next 18 Replies Latest reply on Aug 3, 2007 9:22 AM by yonia Go to original post
      • 15. Re: external authentication-any pointers for a beginner?
        mwkohout
        mwkohout Aug 2, 2007 2:28 AM (in response to mwkohout)

        And since I'm bossy and like looking gift help in the mouth :), I'm not sure I'm all that hot on the use of the Pages component as part of the authentication system. It kinda smells like TIMTOWTDI(http://en.wikipedia.org/wiki/There's_more_than_one_way_to_do_it) and I was never a big fan of MTOW( More Than One Way ).

        If I were designing this framework, for the default SeamLoginModule that uses NameCallback and PasswordCallback I'd do away with the login-view attribute on Pages. The only thing Pages would do is call Identity.isLoggedIn(true). I would also make the two JAAS Callbacks Seam components, and have the redirected "login page" view as an attribute of them.

        But I'm not designing this framework, and every asshole has an opinion.

        Mike Kohout

          • Actions
        • 16. Re: external authentication-any pointers for a beginner?
          hontvari
          hontvari Aug 2, 2007 3:38 AM (in response to mwkohout)

          OFF: This is a very useful thread, and I think its content should go into the seam documentation. Integration of external authentication (external to seam) is not only important when there is an sso webapp, but also if you try to gradually introduce seam into an exisiting project. At this very first step seam actually means at least 4 different unknown frameworks and their relationships for a newbie (seam, jaas, jsf, facelets). This was the point when I gave up last time.

            • Actions
          • 17. Re: external authentication-any pointers for a beginner?
            shane.bryzak
            shane.bryzak Aug 3, 2007 2:49 AM (in response to mwkohout)

            Ok, I'm starting to get an understanding of your requirements. Let's address the issues separately.

            First of all, redirection - I'm not a fan of having the JAAS login module performing a redirect, I think this is a bad thing. Instead, how about you use login-view, and simply have this view do a client-side redirect to your other authentication page?

            <meta http-equiv="Refresh" content="0; URL=http://authenticate.institution.edu">


            Secondly, detecting that the user has authenticated. You'll notice in the Identity class that there are two isLoggedIn() methods. The one that accepts a boolean parameter provides a means to perform an authentication "on the spot" so to speak, but *only* if the user's credentials are set. In the default implementation of the isCredentialsSet() method it checks that a username and password are provided. If you are instead authenticating via a cookie, you'll need to override this method and have it return true if there is a valid cookie present. That way, when you set #{identity.isLoggedIn(true)} on your page it should actually perform an authentication.

              • Actions
            • 18. Re: external authentication-any pointers for a beginner?
              yonia
              yonia Aug 3, 2007 9:22 AM (in response to mwkohout)

              Hi,
              Im using an external SSO solution which already uses JAAS, will it integrate with JBoss portal?

              Thanks.
              Yoni

                • Actions
              1 2 Previous Next