6 Replies Latest reply on Jun 3, 2008 9:18 PM by infinity2heaven

    Seam security - identity login never gets invoked

    infinity2heaven Novice

      I've followed Seam Security Reference (also Seam in Action), step by step, however I'm stuck with this rather bizzare problem the whole day. the action #{identity.login} never gets invoked from the login page. However changing it to #{authenticator.authenticat} works.


      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      <html xmlns="http://www.w3.org/1999/xhtml"
           <h:form id="login">
                <h:panelGrid columns="2">
                <h:outputLabel for="username">Username</h:outputLabel>
                <h:inputText id="username" value="#{identity.username}"/>
                <h:outputLabel for="password">Password</h:outputLabel>
                <h:inputSecret id="password" value="#{identity.password}"/>
           <h:commandButton value="Login" action="#{identity.login}"/>


      public class AuthenticatorAction
          private EntityManager entityManager;
          public boolean authenticate()
             try {              
            entityManager.createQuery("from User where username = :username ")               
           .setParameter("username", Identity.instance().getUsername()).getSingleResult();     
             catch (NoResultException ex) {              
           return false;
             return true;        


      <?xml version="1.0" encoding="UTF-8"?>
      <pages xmlns="http://jboss.com/products/seam/pages"
             xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.0.xsd"
        <page view-id="/*" login-required="true"/>
        <!-- other navigations -->
        <exception class="org.jboss.seam.security.NotLoggedInException">
             <redirect view-id="/login.xhtml">
                 <message severity="INFO">You must be logged in to perform this action</message>


      <?xml version="1.0" encoding="UTF-8"?>
      <components xmlns="http://jboss.com/products/seam/components"
           xsi:schemaLocation=  "http://jboss.com/products/seam/core http://jboss.com/products/seam/core-2.0.xsd               
                       http://jboss.com/products/seam/web http://jboss.com/products/seam/web-2.0.xsd
                       http://jboss.com/products/seam/persistence http://jboss.com/products/seam/persistence-2.0.xsd
                       http://jboss.com/products/seam/security http://jboss.com/products/seam/security-2.0.xsd
                       http://jboss.com/products/seam/components http://jboss.com/products/seam/components-2.0.xsd
                       http://jboss.com/products/seam/framework http://jboss.com/products/seam/framework-2.0.xsd">
           <core:init jndi-pattern="evg-asr-1.0/#{ejbName}/local" debug="true" 
           <core:manager conversation-timeout="120000" concurrent-request-timeout="500" conversation-id-parameter="cid" />          
           <persistence:managed-persistence-context name="entityManager" auto-create="true" 
                persistence-unit-jndi-name="java:/EntityManagerFactories/asrDatasource" />       
          <component name="org.jboss.seam.ui.EntityConverter"/>
          <security:identity authenticate-method="#{authenticator.authenticate}"/>     
          <event type="org.jboss.seam.notLoggedIn">
             <action execute="#{redirect.captureCurrentView}"/>
          <event type="org.jboss.seam.security.postAuthenticate">
              <action execute="#{redirect.returnToCapturedView}"/>
          <framework:entity-query name="fofsQuery" ejbql="from Fof" />
          <framework:entity-home name="fofHome" entity-class="com.evergreen.asr.entity.Fof" />
           <factory name="fof" value="#{fofHome.instance}" />   

      It says, Seam security should work out of the box, well not in my case. Pl suggest if I'm missing something trivial ...

        • 1. Re: Seam security - identity login never gets invoked
          Shane Bryzak Master

          So what does happen when you click the button?  Have you tried debugging to see what's happening?

          • 2. Re: Seam security - identity login never gets invoked
            infinity2heaven Novice

            Here goes the complete Request Params and Seam debug logs

            20:02:52,300 INFO  [RequestDumper] doFilter( )
            20:02:52,300 INFO  [RequestDumper] request.getRequestURI=/asr/login.seam
            20:02:52,300 INFO  [RequestDumper] request.getRequestURL=http://localhost:8080/afoo/login.seam
            20:02:52,300 INFO  [RequestDumper] request.getAuthType=null
            20:02:52,300 INFO  [RequestDumper] request.getRemoteUser=null
            20:02:52,300 INFO  [RequestDumper] request.getUserPrincipal=null
            20:02:52,315 INFO  [RequestDumper] 
            ************Request Parameters************
            20:02:52,315 INFO  [RequestDumper] javax.faces.ViewState = j_id2...(truncated)...
            20:02:52,315 INFO  [RequestDumper] login:username =  asdsada
            20:02:52,315 INFO  [RequestDumper] login =  login
            20:02:52,315 INFO  [RequestDumper] login:password =  
            20:02:52,315 INFO  [RequestDumper] login:j_id8 =  Login
            20:02:52,315 INFO  [RequestDumper] ------------------------------------------------------------------------------------------------------------------------
            20:02:52,331 DEBUG [Manager] No stored conversation, or concurrent call to the stored conversation
            20:02:52,409 INFO  [lifecycle] WARNING: FacesMessage(s) have been enqueued, but may not have been displayed.
            sourceId=null[severity=(INFO 0), summary=(Welcome, asdsada), detail=(Welcome, asdsada)]
            20:02:52,409 DEBUG [Manager] Discarding conversation state: 5

            The example above doesn't have logs. but I tried it with logs, my method never gets invoked. I don't understand why it says Welcome ... for all scenarios.

            • 3. Re: Seam security - identity login never gets invoked
              Shane Bryzak Master

              It should only produce the 'welcome' message if authentication is successful.  I recommend you set a breakpoint in Identity.login() (and in your authentication method) to see what's actually happening.

              • 4. Re: Seam security - identity login never gets invoked
                infinity2heaven Novice

                I'll try that tom, when I'm back at work, but as I mentioned earlier, it doesnt print the logs in the method if I call #{identity.login} . I can confirm that.

                Strange, I know -- that's why I'm stuck

                • 5. Re: Seam security - identity login never gets invoked
                  infinity2heaven Novice

                  Alrite, so here is the root cause.

                  1) I tried with the same code in Seam Registration example and it WORKS like a charm. So there is nothing wrong with my Seam security related code.

                  2) After a lot of debugging, I decided to discard my JBoss which is our corporate custom version of 4.2.1 with some security related customization (SSO, certificates etc ..). I'm not using any of them for my app, the jars and the configs are just lying in case any corporate app needs them. Also, I really don't have in depth knowledge of these customizations. (I could possibly find out, though)

                  I downloaded a fresh copy of 4.2.1 from jboss, and guess what
                  -- The same code works! Security works in my application!

                  Now, I have emailed this to our Architecture team but I'm guessing they wouldn't have much idea either. My question is -- is this a normal behaviour? I don't think so -- because if a server side functionality should heavily depend on a version of the same app server, then it should be clearly documented in Seam unlike giving an impression that it works out of the box.

                  Shane -- Could you please give me some hints on what config files I should look for in my jboss version to debug this? Any logs .. etc, I'd be willing to share.

                  Any help is greatly appreciated.

                  • 6. Re: Seam security - identity login never gets invoked
                    infinity2heaven Novice

                    Finally fixed the problem, This is nothing to do with Seam. We had another jar in our JBoss distribution that had an SSO implementation of Seam's Identity. Since that component's name was Identity too, my app never called Seam's in built Identity.

                    Finally, JBoss debug logs helped me to see the instance of Seam Identity ...

                    Seam Security works great now!