7 Replies Latest reply on Jun 2, 2010 2:42 AM by Leo TechnoSoft

    Seam security in Liferay

    Erik Bakstad Newbie


      I'm trying to figure out how to make Seam security work with Liferay's security features.
      So I was wondering if anybody here has done this before, and if you could give me a hint as to where to start.

      Basically what I would like is to be able to log in to Liferay, and get access to the user's permissions/roles through seams Identity component.



        • 1. Re: Seam security in Liferay
          Lawrence Li Newbie

          Hi Erik,

          Did you ever make any progress on this issue?

          • 2. Re: Seam security in Liferay
            Erik Bakstad Newbie

            Well, I did manage to get it working by extending Identity, and delegating to LiferayLoginDelegate that handles Liferay's permission handling.
            It's basically just a re-write of the SSO feature you will find in the jboss-portlet bridge. Take a look at the source in that module for hints.

            Also, I'm thinking about using the new IdentityStore API in Seam 2.1, that would mean to implement the IdentityStore interface and delegate to Liferay but I haven't decided yet.
            Maybe that would be a nice contribution to the community if someone wrote such a implementation?

            - Hope this helps :)

            • 3. Re: Seam security in Liferay
              Lawrence Li Newbie

              I hope you get a chance to post your code here or in the Liferay forums...  That would be great!  And if you have any additional progress, please detail it.

              Another issue that I've been thinking about is I have a lot of entities that reference the user entity.  I'm sure there's an entity in Liferay that holds the user info (id, username, password).  I'm currently using Seam, ICEfaces, and JPA...  What would I need to do to reference the Liferay user entity, especially since the entity probably will not be managed by JPA?

              • 4. Re: Seam security in Liferay
                judy guglielmin Novice

                Since the user logs into the portal, you can find that user by returning a com.liferay.portal.model.User object from

                FacesContext fc=FacesContext.getCurrentInstance();
                ExternalContext ec = FacesContext.getCurrentInstance();
                String portletUser = ec.getPortletUser();
                com.liferay.portal.model.User currentUser=(com.liferay.portal.model.User)UserLocalServiceUtil.getUserById(Long.parseLong(portletUser));

                Hope this is what you were referring to and that it helps.  This returns the user object that is logged into the Liferay portal.

                • 5. Re: Seam security in Liferay
                  Lawrence Li Newbie

                  Thanks for that snippet of code Judy.  I think that will help in a few ways as I start integrating my ICEfaces/Seam app with Liferay.

                  Nonetheless, that is not the crux of my problem.  I'll have a set of entities that uses JPA - i.e. I'll have a bunch of JPA entity classes.  Because I haven't started using Liferay yet (I'm only using Seam and ICEfaces right now), I have a JPA entity class that represents a user.  Most (actually, I believe all) of my other entity classes reference this User entity class.  For example, my other entities class have a createdby field that references the User entity.

                  However, I can foresee an issue when I add my code to Liferay.  There will be a few issues:

                  • I want to use Liferay's authentication mechanisms

                  • I also want to keep Seam Security and its features

                  • I want to use JPA wherever possible

                  The question is - how will my JPA entities reference Liferay's user entity(ies) which are probably not JPA entities?  This is probably a generic question - how does one deal with non-JPA entities in a JPA entity world?  Would I need to rewrite my JPA entities to reference non-JPA entities?  Is this even possible?  What would I need to do (or write additional code) to use Seam Security in Liferay?

                  • 6. Re: Seam security in Liferay
                    Lawrence Li Newbie

                    I've looked into this issue some more.  My requirements have changed slightly - I now plan to use Liferay's login mechanism - its User entity.  So when a user logs in via Liferay, it would be nice if I could force an Identity component login (and perhaps outject a JBPM actor component).

                    I was trying to use the Liferay hooks to do this, implementing a listener for the postlogin event but this wasn't working for me.  Here's my following implementation of Liferay's Action class:

                    package test;
                    import java.io.Serializable;
                    import javax.servlet.http.HttpServletRequest;
                    import javax.servlet.http.HttpServletResponse;
                    import org.jboss.seam.bpm.Actor;
                    import org.jboss.seam.contexts.Contexts;
                    import org.jboss.seam.contexts.Lifecycle;
                    import org.jboss.seam.security.Identity;
                    import com.liferay.portal.PortalException;
                    import com.liferay.portal.SystemException;
                    import com.liferay.portal.kernel.events.Action;
                    import com.liferay.portal.kernel.events.ActionException;
                    import com.liferay.portal.model.Role;
                    import com.liferay.portal.service.UserLocalServiceUtil;
                    public class PostLogin extends Action implements Serializable {
                         private static final long serialVersionUID = 7597914798087405678L;
                         public void run(HttpServletRequest arg0, HttpServletResponse arg1)
                                   throws ActionException {
                              try {
                                   Identity identity = Identity.instance();
                                   // Set actor for JBoss JBPM
                                   Actor actor = Actor.instance();
                                   if (UserLocalServiceUtil.getUser(
                                             .getRoles() != null) {
                                        for (Role mr : UserLocalServiceUtil.getUser(
                                                  .getRoles()) {
                                   Contexts.getSessionContext().set("identity", identity);
                                   Contexts.getSessionContext().set("actor", actor);
                              } catch (NumberFormatException e) {
                                   // TODO Auto-generated catch block
                              } catch (PortalException e) {
                                   // TODO Auto-generated catch block
                              } catch (SystemException e) {
                                   // TODO Auto-generated catch block

                    This doesn't seem to work - it doesn't throw any exceptions though.  It looks as though the session isn't started until one views a Seam portlet - thus the outjection of the identity component somehow gets lost and the identity component is created anew when the portlet is accessed.

                    Does anyone have any additional ideas for an easy integration?  I've also thought about creating an httpsessionlistener, but I'm not sure how to get the user principal from the HttpSessionEvent object.  I'm thinking there are probably other methods available, but I wanted to use easier ways of getting the user principal info into the corresponding Identity component.

                    • 7. Re: Seam security in Liferay
                      Leo TechnoSoft Newbie

                      I am also searching this......... Thanks