0 Replies Latest reply on Jun 16, 2009 12:22 PM by joe_the_quick

    Using a JAAS Realm with Tomcat 6 and Seam

    joe_the_quick Newbie
      I'm using Tomcat6 for development purposes and want to use the JAAS Loginmodule configured in a Realm inside the Context.xml.
      This works great without Seam.

      However, after integrating with Seam 2.1.2, there are two issues:
      1.) It seems that it is not possible to use the Tomcat Realm with Seam.
      In the security:identity you have to quote a jaas-config-name to refer to a JAAS-Config.
      However, in Tomcat there is no such jaas-config-name, as the Realm is declared inside the Context.xml.

      2.) I also tried the approach to let Tomcat JAAS do the authentication and override the Identity:

      @Name("org.jboss.seam.security.identity") 
      @Scope(ScopeType.SESSION) 
      @Install(precedence = Install.APPLICATION) 
      @BypassInterceptors 
      @Startup

      public class CustomIdentity extends Identity {
      public Principal getPrincipal() {
              Principal currentUser = ((HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext()
              .getRequest()).getUserPrincipal();
              return currentUser;
              }
      }

      but with no luck. The call to getRequest().getUserPrincipal() results in a invocation of CustomIdentity.getPrincipal() itself which turns out to be an endless loop (StackOverflowException).

      There is also a related JIRA-issue:
      https://jira.jboss.org/jira/browse/JBSEAM-967
      But there is no documentation left on how to exactly implement the custom Identity.

      Does someone else know of any way to reuse the Tomcat Realm with Jboss Seam?

      Thanks & Best regards,
      Johannes