-
1. Re: Seam 2.1.1 Security jaas-config-name and AutoLogin possible?
holmes.j Feb 18, 2009 12:16 AM (in response to sdgiant)Exact same question. Upgrading to 2.1.1 from 2.0.2 and am running into this problem.
What's the resolution? Do I really get to stub out my own IdentityManager?
-
2. Re: Seam 2.1.1 Security jaas-config-name and AutoLogin possible?
sdgiant Feb 20, 2009 2:48 AM (in response to sdgiant)My resolution was to create my own LdapIdentityStore. I suspect this should really be considered a bug, as you can see from the code an IdentityManager is really required, which means the old JAAS config name setup just won't work.
I had a surprising number of problems trying to get autologin to work at all... We have it working now, but it involved a number of hacks. First setup the identitystore, like the example in the Seam codebase:
<identity-management:ldap-identity-store server-address="60.241.32.50" bind-DN="cn=Manager,dc=bryzak,dc=com" bind-credentials="secret" user-DN-prefix="uid=" user-DN-suffix=",ou=Person,dc=bryzak,dc=com" role-DN-prefix="cn=" role-DN-suffix=",ou=Roles,dc=bryzak,dc=com" user-context-DN="ou=Person,dc=bryzak,dc=com" role-context-DN="ou=Roles,dc=bryzak,dc=com" user-role-attribute="roles" role-name-attribute="cn" user-object-classes="person,uidObject" enabled-attribute="enabled" />
If you are using Active Directory, you may find a few issues that I can across that forced me to write my own LDAP Identity Store (actually just copy the whole LdapIdentityStore and change a few lines) primarily I couldn't get DN names to work and had to switch to the
name@company.local
format for authentication. Wierd, but it worked.After that I still had trouble with the auto login working, but then immediately logging out again.. I hacked around that. Hopefully you don't have that problem, but reply here if you do and I'll try to help.
-
3. Re: Seam 2.1.1 Security jaas-config-name and AutoLogin possible?
matteg.gerry.matte.shaw.ca Mar 6, 2009 12:42 AM (in response to sdgiant)I have a problem using LdapIdentityStore because it assumes that roles are attributes of users. That's not normally the implementation I have observed and it's not the one we use. Normally Roles are defined as membersOf a group.
So ..... I am stuck with (possibly) extending the LdapIdentityStore to enable searches for roles to be rooted differently in the Ldap naming heirarchy.
However, I can not seem to find the source code so that I can extend that code in an intelligent way.
Can you tell me where to find the source code ?
Thanks for any tips.Currently I am using the JBoss LDAP Realm because it is flexible enough to support a search rootr for roles that is not the same as the search root for users.
Gerry -
4. Re: Seam 2.1.1 Security jaas-config-name and AutoLogin possible?
sdgiant Mar 6, 2009 7:58 PM (in response to sdgiant)Take a look at the last comment is this post:
http://www.seamframework.org/Community/CustomIdentityStore
I don't have my code in front of me, but it was close to the configuration he is using. As I mentioned above, I hacked it a little, and did not EXTEND LdapIdentityStore, but rather copied and pasted the whole class LdapIdentityStore into a new class, and made changes from there (the annotations in that class didn't work for me, so I used the components.xml version in the post I linked.)
If I remember right, the reason was that their implementation of LdapIdentityStore had some variables I wanted to use did not have a getter/setter and were private. You may be able to extend it, so try that first I suppose.