1 Reply Latest reply on Aug 23, 2009 11:30 AM by Alexandros Karypidis

    Can I Override Seam's Credentials Component?

    Xiubo Zhang Newbie

      Hi


      I want implement a login page which authenticates the user with a username, an agency number and a password (instead of the commonly used username/password pair).


      However, the credentials component provided by Seam only supports username/password style of logging in. So I wonder if I can extend the component to add my own agency number field. (More specifically, is it appropriate of me to override the credentials component? Is the component designed to be extended just as the EntityHome?)


      Currently I manually concat the username and agency number into one string and use it as the username that will be passed to credentials.username and parse them back to agency number and username in the Authenticator.authenticate(). I don't think this is an elegant way of doing this. It may also bring security risks.


      I have also read the source code of the credentials component, but I am not sure if it is safe to custom it by overriding. If I can, could anyone give me some suggestions on how the component should be extended?


      Thanks in advance!

        • 1. Re: Can I Override Seam's Credentials Component?
          Alexandros Karypidis Novice

          Yes you can. The approach is similar to overriding Identity itself (as described HERE.


          Basically you would do something like:




          @Name("org.jboss.seam.security.credentials")
          @Scope(SESSION)
          @Install(precedence = APPLICATION)
          @BypassInterceptors
          public class UserCredentials extends Credentials {
          
               private String domain;
          
               public String getDomain() {
                    return domain;
               }
          
               public void setDomain(String domain) {
                    this.domain = domain;
                    if (Events.exists()) Events.instance().raiseEvent(EVENT_CREDENTIALS_UPDATED);
               }
          }
          


          Then in your AuthenticatorBean:


          @Stateless
          @Name("authenticator")
          public class AuthenticatorBean implements Authenticator {
               @Logger
               private Log log;
          
               @In
               Identity identity;
          
               @In
               UserCredentials credentials;
          
               public boolean authenticate() {
                    log.info("authenticating {0} [ institution: {1} ]", credentials
                              .getUsername(), credentials.getDomain());
          ...