1 Reply Latest reply: Aug 10, 2011 8:25 AM by Anil Saldhana RSS

    Alternative to SecurityAssociation in AS7 / Picketbox 4

    mcaspers Newbie

      I have the following class in a Seam 2 application, which is used in conjunction with SPNEGO to do Kerberos authentication. In AS7 Final (which uses Pickbox 4.0.0.CR1) the SecurityAssociation class has been removed. Which class or function do I use in place of SecurityAssociation.getPrincipal() and SecurityAssociation.getSubject()?

       

      package com.redhat.topicindex.security;
      
      
      import java.lang.reflect.Field;
      
      
      import javax.faces.context.FacesContext;
      
      
      import org.jboss.seam.ScopeType;
      import org.jboss.seam.annotations.Install;
      import org.jboss.seam.annotations.Name;
      import org.jboss.seam.annotations.Scope;
      import org.jboss.seam.annotations.Startup;
      import org.jboss.seam.annotations.intercept.BypassInterceptors;
      import org.jboss.seam.core.Events;
      import org.jboss.seam.security.Identity;
      import org.jboss.security.SecurityAssociation;
      
      
      @SuppressWarnings("serial")
      @Name("org.jboss.seam.security.identity")
      @Scope(ScopeType.SESSION)
      @Install(precedence = Install.DEPLOYMENT)
      @BypassInterceptors
      @Startup
      public class CustomIdentity extends Identity {
      
      
                private static final String SUBJECT = "subject";
                private static final String PRINCIPAL = "principal";
                private static final String LOGGED_IN = "loggedIn";
      
      
                @Override
                public String login() {
      
                          if(isLoggedIn()) return LOGGED_IN;
      
                          try {
                                    getCredentials().setUsername(FacesContext.getCurrentInstance().getExternalContext().getRemoteUser());
                                    getCredentials().setPassword("");
      
                                    Field field = Identity.class.getDeclaredField(PRINCIPAL);
                                    field.setAccessible(true);
                                    field.set(this, SecurityAssociation.getPrincipal()); 
      
                                    field = Identity.class.getDeclaredField(SUBJECT);
                                    field.setAccessible(true);
                                    field.set(this, SecurityAssociation.getSubject());
      
                                    if (Events.exists()) Events.instance().raiseEvent(EVENT_LOGIN_SUCCESSFUL);
      
                                    return LOGGED_IN;
                          } catch (Exception e) {
                                    e.printStackTrace();
                                    return null;
                          }
      
                }
      }