-
1. Re: Seam security in Liferay
zzzz8.zzzz8.netzero.net Nov 10, 2008 6:18 AM (in response to ebaxt)Hi Erik,
Did you ever make any progress on this issue?
-
2. Re: Seam security in Liferay
ebaxt Nov 10, 2008 8:51 AM (in response to ebaxt)Well, I did manage to get it working by extending Identity, and delegating to
LiferayLoginDelegate
that handles Liferay's permission handling.
It's basically just a re-write of the SSO feature you will find in the jboss-portlet bridge. Take a look at the source in that module for hints.Also, I'm thinking about using the new IdentityStore API in Seam 2.1, that would mean to implement the IdentityStore interface and delegate to Liferay but I haven't decided yet.
Maybe that would be a nice contribution to the community if someone wrote such a implementation?- Hope this helps :)
-
3. Re: Seam security in Liferay
zzzz8.zzzz8.netzero.net Mar 26, 2009 2:17 AM (in response to ebaxt)I hope you get a chance to post your code here or in the Liferay forums... That would be great! And if you have any additional progress, please detail it.
Another issue that I've been thinking about is I have a lot of entities that reference the user entity. I'm sure there's an entity in Liferay that holds the user info (id, username, password). I'm currently using Seam, ICEfaces, and JPA... What would I need to do to reference the Liferay user entity, especially since the entity probably will not be managed by JPA?
-
4. Re: Seam security in Liferay
jguglielmin Mar 26, 2009 7:46 PM (in response to ebaxt)Since the user logs into the portal, you can find that user by returning a com.liferay.portal.model.User object from
FacesContext fc=FacesContext.getCurrentInstance(); ExternalContext ec = FacesContext.getCurrentInstance(); String portletUser = ec.getPortletUser(); com.liferay.portal.model.User currentUser=(com.liferay.portal.model.User)UserLocalServiceUtil.getUserById(Long.parseLong(portletUser));
Hope this is what you were referring to and that it helps. This returns the user object that is logged into the Liferay portal.
-
5. Re: Seam security in Liferay
zzzz8.zzzz8.netzero.net Mar 27, 2009 1:29 AM (in response to ebaxt)Thanks for that snippet of code Judy. I think that will help in a few ways as I start integrating my ICEfaces/Seam app with Liferay.
Nonetheless, that is not the crux of my problem. I'll have a set of entities that uses JPA - i.e. I'll have a bunch of JPA entity classes. Because I haven't started using Liferay yet (I'm only using Seam and ICEfaces right now), I have a JPA entity class that represents a user. Most (actually, I believe all) of my other entity classes reference this User entity class. For example, my other entities class have a createdby field that references the User entity.
However, I can foresee an issue when I add my code to Liferay. There will be a few issues:
- I want to use Liferay's authentication mechanisms
- I also want to keep Seam Security and its features
- I want to use JPA wherever possible
The question is - how will my JPA entities reference Liferay's user entity(ies) which are probably not JPA entities? This is probably a generic question - how does one deal with non-JPA entities in a JPA entity world? Would I need to rewrite my JPA entities to reference non-JPA entities? Is this even possible? What would I need to do (or write additional code) to use Seam Security in Liferay?
-
6. Re: Seam security in Liferay
zzzz8.zzzz8.netzero.net Feb 6, 2010 2:06 AM (in response to ebaxt)I've looked into this issue some more. My requirements have changed slightly - I now plan to use Liferay's login mechanism - its User entity. So when a user logs in via Liferay, it would be nice if I could force an Identity component login (and perhaps outject a JBPM actor component).
I was trying to use the Liferay hooks to do this, implementing a listener for the postlogin event but this wasn't working for me. Here's my following implementation of Liferay's Action class:
package test; import java.io.Serializable; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.jboss.seam.bpm.Actor; import org.jboss.seam.contexts.Contexts; import org.jboss.seam.contexts.Lifecycle; import org.jboss.seam.security.Identity; import com.liferay.portal.PortalException; import com.liferay.portal.SystemException; import com.liferay.portal.kernel.events.Action; import com.liferay.portal.kernel.events.ActionException; import com.liferay.portal.model.Role; import com.liferay.portal.service.UserLocalServiceUtil; public class PostLogin extends Action implements Serializable { private static final long serialVersionUID = 7597914798087405678L; @Override public void run(HttpServletRequest arg0, HttpServletResponse arg1) throws ActionException { Lifecycle.beginCall(); try { Identity identity = Identity.instance(); identity.acceptExternallyAuthenticatedPrincipal(arg0 .getUserPrincipal()); // Set actor for JBoss JBPM Actor actor = Actor.instance(); actor.setId(arg0.getUserPrincipal().getName()); if (UserLocalServiceUtil.getUser( Long.parseLong(arg0.getUserPrincipal().getName())) .getRoles() != null) { for (Role mr : UserLocalServiceUtil.getUser( Long.parseLong(arg0.getUserPrincipal().getName())) .getRoles()) { identity.addRole(mr.getName()); actor.getGroupActorIds().add(mr.getName()); } } Contexts.getSessionContext().set("identity", identity); Contexts.getSessionContext().set("actor", actor); } catch (NumberFormatException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (PortalException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (SystemException e) { // TODO Auto-generated catch block e.printStackTrace(); } Lifecycle.endCall(); } }
This doesn't seem to work - it doesn't throw any exceptions though. It looks as though the session isn't started until one views a Seam portlet - thus the outjection of the identity component somehow gets lost and the identity component is created anew when the portlet is accessed.
Does anyone have any additional ideas for an easy integration? I've also thought about creating an httpsessionlistener, but I'm not sure how to get the user principal from the HttpSessionEvent object. I'm thinking there are probably other methods available, but I wanted to use
easier
ways of getting the user principal info into the corresponding Identity component. -
7. Re: Seam security in Liferay
leotechnosoft Jun 2, 2010 2:42 AM (in response to ebaxt)I am also searching this......... Thanks