5 Replies Latest reply on Nov 19, 2008 3:18 AM by Travis De Silva

    Seam Pros - Need advice....

    Casey Boyd Newbie

      Seam Version: 2.1.0 SP1

      I need to authenticate through Active Directory.

      I have read where people have gotten the LdapIdentityStore working in some way with Active Directory...

      But reading in the Docs, I have noticed the possibility for writing my own IdentityStore.

      I understand I need the one class that implements org.jboss.seam.security.management.IdentityStore, but how do I reference my new class in the components.xml? Or should I try to get LdapIdentityStore working?



        • 1. Re: Seam Pros - Need advice....
          Dan Allen Master

          You don't need to activate it in components.xml. If you are writing a custom implementation for a built-in Seam component, you simply allow it to be installed (the default) and it will override the built-in name. The only reason you have to enable the built-in Seam implementations (ldap or jpa) is because Seam leaves it open as to which one you will use (hence, they are not installed by default). Here is how you would define your component:

          public class ActiveDirectoryIdentityStore implements IdentityStore, Serializable { ... }

          That definition implies the following:

          @Install(precendence = Install.FRAMEWORK, value = true)

          If you would rather make it not installed by default @Install(false), and instead enable it in components.xml, you can simply use a generic component definition:

          <component name="org.jboss.seam.security.identityStore" class="com.componyname.ActiveDirectoryIdentityStore"/>

          • 2. Re: Seam Pros - Need advice....
            Casey Boyd Newbie

            Thanks so much!

            I got one more thing to bother ya with....

            If I enabled my custom implementation through the components.xml, how hard is it to add configuration parameters?


            <component name="org.jboss.seam.security.identityStore" class="com.componyname.ActiveDirectoryIdentityStore" url="" />

            • 3. Re: Seam Pros - Need advice....
              Shane Bryzak Master

              You shouldn't need to write your own IdentityStore, it should just be a matter of configuring LdapIdentityStore correctly to connect to your Active Directory server.

              • 4. Re: Seam Pros - Need advice....
                Casey Boyd Newbie

                Works perfectly....

                I did the following...

                1. Create Java Class Implementing org.jboss.seam.security.management.IdentityStore

                2. Method authenticate() looks like this...

                   try {
                        Hashtable env = new Hashtable();
                        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
                        env.put(Context.PROVIDER_URL, "LDAP://server:389"); 
                        env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5"); 
                        env.put(Context.SECURITY_PRINCIPAL, username); 
                        env.put(Context.SECURITY_CREDENTIALS, password);   
                        DirContext ctx = new InitialDirContext(env);
                    } catch(NamingException ne) {
                          return false;
                    } catch(Exception e){
                           return false;
                     return true;

                3. I wanted to be able to decide when to use this authentication or not...so I modified my components.xml with the following:

                <component name="org.jboss.seam.security.identityStore" class="com.componyname.ActiveDirectoryIdentityStore"/>

                4. Will now authenticate through Active Directory

                Now I will add the elements to my component xml and I am off and running....



                • 5. Re: Seam Pros - Need advice....
                  Travis De Silva Newbie

                  Can someone please point me to any resource on how to configure the LdapIdentifyStore with Active Directory? Have been searching on this for awhile and haven't seen a complete post similar to what Shane did with openLDAP. I have JXplorer and if there is a post where it shows what active directory attribute maps to what seam configuration attribute will be great. I think I am getting errors due to the roles concept which active directory does not have and uses groups instead.