4 Replies Latest reply on Sep 17, 2007 10:28 AM by Paulin Chevillon

    Double authentication in different parts of a site

    Paulin Chevillon Newbie

      Hello,

      I ask for your help on an authentication procedure with seam.

      Users are in different tables (User and ExtraUser), I want make the difference beetween those two kind of users. So the login page have to be separated etc.

      My problem is the Identity component configured in component.xml. It refers to only 1 method and I would like to use separated Identity based components depending on the part of the application used (eg. User or ExtraUser login -and then- home page).

      Is that possible ? If yes please you tell me, I absolutely found nothing like that in the forum archives...

      Best regards

      PC

        • 1. Re: Double authentication in different parts of a site
          Samuel Mendenhall Apprentice

          Try using the same login xhtml code except pass a param in the h:commandButton to denote userType, then in your Authenticate @RequestParameter String userType which you can do the logic after that for the database queries.

          -Samuel

          • 3. Re: Double authentication in different parts of a site
            Paulin Chevillon Newbie

            Hello,

            I have a other problem with my authentication. My idea was to extend RuleBasedIdentity and so create ECIdentity class.

            Here is my program:


            component.xml

            <security:identity
             class="ecidentity"
             authenticate-method="#{authenticator.authenticate}"
             security-rules="#{securityRules}"/>
            


            ECIdentity.java
            @Name("ecidentity")
            @Scope(SESSION)
            @Intercept(InterceptionType.AFTER_RESTORE_VIEW)
            @Startup
            public class ECIdentity extends RuleBasedIdentity {
            
             String role = null;
            
            
             public String login() {
            
            
             System.err.println("First login");
            
             return super.login();
            
             }
            }
            


            Authenticator.java
            @Name("authenticator")
            public class Authenticator {
             @Logger Log log;
            
             @In(value="ecidentity") ECIdentity ecIdentity;
            
             @In EntityManager entityManager;
            
             @In("#{messages['ErrorOnLogin']}") private String LoginError;
            
             public boolean authenticate() {
            
             System.err.println("First authenticate");
             System.err.println("Username = "+ECIdentity.instance().getUsername());
            
             try {
             String hashedPassword = Util.createPasswordHash("MD5", Util.BASE64_ENCODING, null, null,ECIdentity.instance().getPassword());
            
             Mb member = (Mb) entityManager.createQuery(
             "from Mb where login = :username and passwd = :password")
             .setParameter("username", ECIdentity.instance().getUsername())
             .setParameter("password", hashedPassword)
             .getSingleResult();
            
             return true;
             }
             catch (NoResultException ex) {
             FacesMessages.instance().add(LoginError);
             return false;
             }
             }
            }
            


            And when I submit (the action performed is #{ecidentity.login} ), I get the following error message in the console:



            15:46:53,967 ERROR [STDERR] First login
            15:46:54,386 ERROR [STDERR] First authenticate
            15:46:54,387 ERROR [STDERR] Username = null
            15:46:54,411 ERROR [SeamLoginModule] Error invoking login method
            javax.faces.el.EvaluationException: Exception while invoking expression #{authenticator.authenticate}
             at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:153)
             at org.jboss.seam.actionparam.ActionParamBindingHelper.invokeTheExpression(ActionParamBindingHelper.java:58)
             at org.jboss.seam.actionparam.ActionParamMethodBinding.invoke(ActionParamMethodBinding.java:75)
             at org.jboss.seam.core.Expressions$2.invoke(Expressions.java:148)
             at org.jboss.seam.security.jaas.SeamLoginModule.login(SeamLoginModule.java:104)
             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            
            
            ...
            ...
            
            Caused by: java.lang.NullPointerException
             at org.jboss.security.Util.createPasswordHash(Util.java:407)
             at org.jboss.security.Util.createPasswordHash(Util.java:378)
             at com.easycity.ejb.Authenticator.authenticate(Authenticator.java:35)
             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            
            
            
            
            



            I have no idea why my ECIdentity object isn't reacheable.

            Thanks for your help.

            Best regards
            PC

            • 4. Re: Double authentication in different parts of a site
              Paulin Chevillon Newbie

              Something to add:

              When the seam login page is loading, the term print on screen

              16:25:30,082 INFO [ServletCacheAdministrator] Created new instance of ServletCacheAdministrator
              16:25:30,083 INFO [ServletCacheAdministrator] Created new application-scoped cache at key: __oscache_cache
              16:25:30,372 INFO [Lifecycle] starting up: org.jboss.seam.security.identity
              16:25:32,059 INFO [Lifecycle] starting up: ecidentity
              


              Is that normal to load twice identity & ecidentity for my use ?