-
1. Re: Seam Identity Management and multiple identity stores
shane.bryzak Oct 1, 2008 3:34 PM (in response to hermida.leandro.hermida.gmail.com)It doesn't support anything like this currently. The issue I see with implementing something like this is keeping track of which user belongs to which identity store. For this particular scenario I would recommend writing an authenticator component and performing authentication manually (although you can still configure one or more identity stores in components.xml and just use them in your authenticate method).
-
2. Re: Seam Identity Management and multiple identity stores
hermida.leandro.hermida.gmail.com Oct 20, 2008 5:24 PM (in response to hermida.leandro.hermida.gmail.com)Hi again,
I would recommend writing an authenticator component and performing authentication manually (although you can still configure one or more identity stores in components.xml and just use them in your authenticate method)Sorry if I may ask for some guidance on this.
So in components.xml I now reinstate the <security:identity/> tag and take out the <security:identity-manager/> tag and then define multiple identity stores:
<security:identity authenticate-method="#{authenticator.authenticate}"/> <!-- <security:identity-manager identity-store="#{jpaIdentityStore}"/> --> <security:ldap-identity-store name="myLdapIdentityStore1" server-address="server.domain.com" bind-DN="ou=User,dc=domain,dc=com" bind-credentials="secret" user-DN-prefix="sAMAccountName=" user-DN-suffix=",ou=User,dc=domain,dc=com" role-DN-prefix="cn=" role-DN-suffix=",ou=Group,dc=domain,dc=com" user-context-DN="ou=User,dc=domain,dc=com" role-context-DN="ou=Group,dc=domain,dc=com" user-role-attribute="memberOf" role-name-attribute="cn" user-object-classes="user"/> <security:ldap-identity-store name="myLdapIdentityStore2" server-address="server.domain.com" bind-DN="ou=User,dc=domain,dc=com" bind-credentials="secret" user-DN-prefix="sAMAccountName=" user-DN-suffix=",ou=User,dc=domain,dc=com" role-DN-prefix="cn=" role-DN-suffix=",ou=Group,dc=domain,dc=com" user-context-DN="ou=User,dc=domain,dc=com" role-context-DN="ou=Group,dc=domain,dc=com" user-role-attribute="memberOf" role-name-attribute="cn" user-object-classes="user"/> <security:jpa-identity-store user-class="org.sysfusion.core.entity.User" role-class="org.sysfusion.core.entity.SecurityRole"/>
Then in my authenticate() method how do I access each of these identity stores in turn? I apologize I couldn't find in the docs how you access programmatically the various identity stores set in components.xml.
leandro
-
3. Re: Seam Identity Management and multiple identity stores
shane.bryzak Oct 21, 2008 8:48 AM (in response to hermida.leandro.hermida.gmail.com)You can just inject them straight into your authenticator:
@Name("authenticator") public class Authenticator { @In LdapIdentityStore myLdapIdentityStore1; @In LdapIdentityStore myLdapIdentityStore2; public void authenticate() { // authentication logic here } }