2 Replies Latest reply on Nov 30, 2011 3:07 AM by Lucas Ventura Carro

    Seam Security example: openid-rp in Tomcat 6

    Lucas Ventura Carro Newbie

      I'm trying to deploy the openid-rp example from Seam Security 3.1.0.Beta4 in a Tomcat 6 (Tomcat 7 throws an error I'll post later ;)). Tomcat (6 or 7) and Seam version 3.1.0.Beta4 are a must (in this moment, later maybe not).


      The webapp deploys correctly, and the navigation is correct. But when I access Login.jsf, click login button, it does nothing (well, it refreshes the Login page, but no new log).


      The WEB-INF/beans.xml is:


      <?xml version="1.0" encoding="UTF-8"?>
      <beans
           xmlns="http://java.sun.com/xml/ns/javaee"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xmlns:s="urn:java:ee"
           xmlns:security="urn:java:org.jboss.seam.security"
           xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://jboss.org/schema/cdi/beans_1_0.xsd">
      
           <security:Identity>
                <s:modifies />
                <security:authenticatorClass>org.jboss.seam.security.external.openid.OpenIdAuthenticator</security:authenticatorClass>
           </security:Identity>
           <!-- <alternatives>
                <class>org.jboss.seam.security.external.openid.OpenIdRpInApplicationScopeProducer</class>
                </alternatives> -->
      </beans>



      As docs says, but when debugging and stopping the webapp exection at org.jboss.seam.security.IdentityImpl.authenticate(), I can see that authenticatorClass is null, so the code will lookup (org.jboss.seam.security.IdentityImpl.lookupAuthenticator() line 352) for other authenticator. When iterates over a list with authenticator references, OpenID authenticator exists, but it finally takes the IdmAuthenticator, which will fail the process.


      I've tested the in beans.xml also the security:authenticatorName, but also was null in the breakpoint.


      If I modified one of the values during execution (assingnin authenticatorName=openIdAuthenticator, it calls correctly the OpenID authenticator and the process continues.


      Then, I stomped against this bug, which I thought it could be that Solder wasn't reading the beans.xml. I followed the workaround, and included in the WEB-INF/classes/META-INF and the logs showed that Solder now readed it (this line didn't appear before [10:15:22,900] solder.logging.Logger [INFO] Reading XML file: file:/C:/Users/lucas.ventura/work/servers-deploy/tomcat6-seam/wtpwebapps/seam-security-openid-rp/WEB-INF/classes/META-INF/beans.xml)... but the null still is there :(


      So, where is the problem? Is not Solder-220 bug, but I'm not sure, althougth it is Unresolved, right? Or it is maybe the lookup function that should take the OpenID authenticator if finds first, and not last?


      Thanks :)