1 2 Previous Next 17 Replies Latest reply on Feb 1, 2011 5:49 AM by Shane Bryzak

    Seam Security 3.0.0 Alpha1 released

    Shane Bryzak Master
        • 1. Re: Seam Security 3.0.0 Alpha1 released
          richard yang Newbie

          This version still depends on weld-extension instead of seam Solder, therefore it does not work with other modules (such as seam persistence) if you deploy both. I wonder when the first release of seam 3 (such as RC) will be ready. We really need seam security module.

          • 2. Re: Seam Security 3.0.0 Alpha1 released
            Stephan Pabinger Newbie

            There is already a version out that depends on Seam Solder (Alpha2).
            See: http://in.relation.to/Bloggers/Seam3ModulesStockingStufferRelease


            Best regards,
            Stephan

            • 3. Re: Seam Security 3.0.0 Alpha1 released
              richard yang Newbie

              Even Alpha2 shows up on the seam 3 download page, I could not find its artifacts when including this module's dependency in my pom.

              • 5. Re: Seam Security 3.0.0 Alpha1 released
                richard yang Newbie

                OK. This jboss repo works.
                Now another problem: http://seamframework.org/Seam3/Documentation
                the document link for security modules leads to that for servlet module.
                Where can I find the doc for seam security?
                Thanks.


                • 6. Re: Seam Security 3.0.0 Alpha1 released
                  Jason Porter Master

                  IIRC, Shane said docs for security are due in a later release.  They have to be completely rewritten from scratch.

                  • 7. Re: Seam Security 3.0.0 Alpha1 released
                    Shane Bryzak Master

                    That's right, we decided to hold off on the docs until the CR release as many things (including APIs) are still being changed.  You can probably refer to the Seam 2.2 docs for the time being for a rough understanding of the concepts, as most of the same core features are described there.

                    • 8. Re: Seam Security 3.0.0 Alpha1 released
                      richard yang Newbie

                      I have a loginservice like this:
                      public class LoginService implements Authenticator {

                          @Inject
                          Credentials credentials;
                          @Inject
                          Logger log;

                          public boolean authenticate() {
                              // authentication logic here
                              log.info("authenticate is called in LoginService");
                              log.info("userID="+credentials.getUsername());
                              return true; // if authentication successful
                          }

                      }

                      login.xhtml:
                      <h:form id="loginForm" rendered="#{not identity.loggedIn}">
                                              <h:messages id="messages" globalOnly="true" />

                                              <div class="loginRow"><h:outputLabel for="name"
                                                      value="Username" styleClass="loginLabel" /> <h:inputText id="name"
                                                      value="#{credentials.username}" /></div>

                                              <div class="loginRow"><h:outputLabel for="password"
                                                      value="Password" styleClass="loginLabel" /> <h:inputSecret
                                                      id="password" value="#{credentials.password}" redisplay="true" /></div>

                                              <div class="loginRow"></div>

                                              <div class="buttons"><h:commandButton id="login" value="LOGIN"
                                                      action="#{identity.login}" styleClass="loginButton" /></div>
                       


                      But the credentials have the username as null (it seems like a proxy object). Do you know what I may have missed? I am using alpha2.

                      • 9. Re: Seam Security 3.0.0 Alpha1 released
                        richard yang Newbie

                        Actually I got an error:
                        Login failed for: Credentials[a]: java.lang.IllegalArgumentException: stream cannot be null
                        I did not define seam-beans.xml. I don't have anything in faces-config.xml which is related to security. Do I have to config something there?
                        
                        Sorry for the previous format. The code is like this:
                        
                        





                        public class LoginService implements Authenticator {
                        
                            @Inject
                            Credentials credentials;
                            @Inject
                            Logger log;
                        
                            public boolean authenticate() {
                                // authentication logic here
                                log.info("authenticate is called in LoginService");
                                log.info("userID="+credentials.getUsername());
                                return true; // if authentication successful
                            }
                        
                        }



                        Then view:



                        <h:form id="loginForm" rendered="#{not identity.loggedIn}">
                                                <h:messages id="messages" globalOnly="true" />
                        
                                                <div class="loginRow"><h:outputLabel for="name"
                                                        value="Username" styleClass="loginLabel" /> <h:inputText id="name"
                                                        value="#{credentials.username}" /></div>
                        
                                                <div class="loginRow"><h:outputLabel for="password"
                                                        value="Password" styleClass="loginLabel" /> <h:inputSecret
                                                        id="password" value="#{credentials.password}" redisplay="true" /></div>
                        
                                                <div class="loginRow"></div>
                        
                                                <div class="buttons"><h:commandButton id="login" value="LOGIN"
                                                        action="#{identity.login}" styleClass="loginButton" /></div>  



                        • 10. Re: Seam Security 3.0.0 Alpha1 released
                          richard yang Newbie

                          stack trace:
                          Seems could not find some drools file. I don't have one.




                          16:19:47,484 ERROR [org.jboss.weld.Bean] WELD-000019 Error destroying an instance Managed Bean [class org.jboss.seam.security.permission.SecurityRuleProducer] with qualifiers [@Any @Default] of org.jboss.seam.security.permission.SecurityRuleProducer@b90c7f
                          16:19:47,484 ERROR [org.jboss.seam.security.IdentityImpl] Login failed for: Credentials[a]: java.lang.IllegalArgumentException: stream cannot be null
                               at org.drools.io.impl.InputStreamResource.<init>(InputStreamResource.java:35) [:5.1.1]
                               at org.drools.io.impl.ResourceFactoryServiceImpl.newInputStreamResource(ResourceFactoryServiceImpl.java:87) [:5.1.1]
                               at org.drools.io.ResourceFactory.newInputStreamResource(ResourceFactory.java:87) [:5.1.1]
                               at org.jboss.seam.security.permission.SecurityRuleProducer.createSecurityKnowledgeBase(SecurityRuleProducer.java:43) [:3.0.0.Alpha2]



                          • 11. Re: Seam Security 3.0.0 Alpha1 released
                            Shane Bryzak Master

                            That looks like a bug.  Would you mind raising a JIRA issue for it?


                            https://issues.jboss.org/browse/SEAMSECURITY

                            • 13. Re: Seam Security 3.0.0 Alpha1 released
                              richard yang Newbie

                              I have a question regarding the PicketLink library that seam 3 is adopting. Our databases have different tables than what the PicketLink requires. For example, we have a User table (similar to Identity table) with password as part of that table. We do not have a separate credential table. Also, we don't have a User group table but user group is one attribute in our Role table. We do not have several of those relationship tables. I wonder that if that would still work in PicketLink. I see from the Idmconsole example, you have to define



                              <plidm:JpaIdentityStoreConfiguration>
                                    <s:replaces/>
                                    <plidm:identityClass>org.jboss.seam.security.examples.idmconsole.model.IdentityObject</plidm:identityClass>
                                    <plidm:credentialClass>org.jboss.seam.security.examples.idmconsole.model.IdentityObjectCredential</plidm:credentialClass>
                                    <plidm:relationshipClass>org.jboss.seam.security.examples.idmconsole.model.IdentityObjectRelationship</plidm:relationshipClass>
                                    <plidm:roleTypeClass>org.jboss.seam.security.examples.idmconsole.model.IdentityRoleName</plidm:roleTypeClass>
                                 </plidm:JpaIdentityStoreConfiguration> 



                              Do we really have to model our business entities by following this example?


                              Thanks.


                              • 14. Re: Seam Security 3.0.0 Alpha1 released
                                Shane Bryzak Master

                                Our JPAIdentityStore implementation is very flexible in how you define your database schema for the very reason that it is intended to be compatible with legacy systems.  Reading through the description of your schema, I can say with confidence that your User table (which contains the password) should work fine.  For the Role table however there may be an issue with the user group - you may have to extend the JpaIdentityStore class and override a method to get it to work with your particular schema.  If you think that JpaIdentityStore can be enhanced further to support certain common schemas, then please raise a feature request in JIRA.


                                http://issues.jboss.org/browse/SEAMSECURITY

                                1 2 Previous Next