1 Reply Latest reply on Aug 23, 2009 11:30 AM by karypid

    Can I Override Seam's Credentials Component?

    zhangxiubo
    zhangxiubo Jul 20, 2009 11:43 AM

      Hi


      I want implement a login page which authenticates the user with a username, an agency number and a password (instead of the commonly used username/password pair).


      However, the credentials component provided by Seam only supports username/password style of logging in. So I wonder if I can extend the component to add my own agency number field. (More specifically, is it appropriate of me to override the credentials component? Is the component designed to be extended just as the EntityHome?)


      Currently I manually concat the username and agency number into one string and use it as the username that will be passed to credentials.username and parse them back to agency number and username in the Authenticator.authenticate(). I don't think this is an elegant way of doing this. It may also bring security risks.


      I have also read the source code of the credentials component, but I am not sure if it is safe to custom it by overriding. If I can, could anyone give me some suggestions on how the component should be extended?


      Thanks in advance!

        • 1. Re: Can I Override Seam's Credentials Component?
          karypid Aug 23, 2009 11:30 AM (in response to zhangxiubo)

          Yes you can. The approach is similar to overriding Identity itself (as described HERE.


          Basically you would do something like:




          @Name("org.jboss.seam.security.credentials")
@Scope(SESSION)
@Install(precedence = APPLICATION)
@BypassInterceptors
public class UserCredentials extends Credentials {

     private String domain;

     public String getDomain() {
          return domain;
     }

     public void setDomain(String domain) {
          this.domain = domain;
          if (Events.exists()) Events.instance().raiseEvent(EVENT_CREDENTIALS_UPDATED);
     }
}


          Then in your AuthenticatorBean:


          @Stateless
@Name("authenticator")
public class AuthenticatorBean implements Authenticator {
     @Logger
     private Log log;

     @In
     Identity identity;

     @In
     UserCredentials credentials;

     public boolean authenticate() {
          log.info("authenticating {0} [ institution: {1} ]", credentials
                    .getUsername(), credentials.getDomain());
...



            • Actions