4 Replies Latest reply on Oct 13, 2011 8:01 AM by pchevill.paulin.chevillon.gmail.com

Seam Security without Transaction Module dependency

pchevill.paulin.chevillon.gmail.com Sep 29, 2011 12:12 PM

Hi,

I've built an application for use on tomcat 7 with CDI and some Seam 3 modules. The main idea is to keep the app simple/light.

I'm using CAS (web SSO from Jasig) for authentication with filters in web.xml. And for the app, the Seam 3 security module. Its usefull for group management and retrieving the login of the person logged in.

Everything is fine except the dependency to the TransactionModule implied by Seam Security (actually the application has no need to access a DB). The only workaround I found was to load 'fakes' datasource and PersistenceContext, with a dependency to HSQLDB. I went to that 'solution' after trying without persistence.xml --> error...

So if someone can help me getting this papplication lighter, without that unused DB, I'd be very pleased to read that !

Regards,
Paulin

1. Re: Seam Security without Transaction Module dependency

pchevill.paulin.chevillon.gmail.com Oct 3, 2011 3:36 AM (in response to pchevill.paulin.chevillon.gmail.com)

This is perhaps a too precise question about seam security ? What is the best way to contact the authors ? I'm perhaps not the only one in that situation ?

From my understanding, JpaIdentityStore and JpaPermissionStore seems to be responsible.

I see two solutions, tell me if I'm wrong :

1 -> transform Seam identity to split implementation into smaller packages and separate Jpa Dependency (why not create an Ldap Dependency based on groups for permission, etc.)
2 -> keep it the same, and find a trick to avoid connecting to a 'real' persistence provider, and DB.

Thanks
Paulin
Actions
2. Re: Seam Security without Transaction Module dependency

lightguard Oct 3, 2011 2:09 PM (in response to pchevill.paulin.chevillon.gmail.com)

Shane is the one to contact for Security questions. Good ideas though about how to make this easier
Actions
3. Re: Seam Security without Transaction Module dependency

shane.bryzak Oct 3, 2011 6:18 PM (in response to pchevill.paulin.chevillon.gmail.com)

The reason we have the transaction interceptor enabled for the security is because of the action classes in the org.jboss.seam.security.management.action package. We did have a plan to make these abstract classes, and have the user extend/implement these themselves if they wanted to use identity management in their application, meaning the transaction interceptor would be no longer required.

Could you please raise a JIRA issue and assign it to me, and I'll try to get this done for the next release.
Actions
4. Re: Seam Security without Transaction Module dependency

pchevill.paulin.chevillon.gmail.com Oct 13, 2011 8:01 AM (in response to pchevill.paulin.chevillon.gmail.com)

The issue has been created in JIRA

But I wasn't able to assign it to you.

Thanks!
Paulin
Actions

Go to original post