7 Replies Latest reply on Oct 20, 2009 7:59 AM by Nikolay Elenkov

    Extending JpaIdentityStore

    riboriori riboriori Newbie

      Hi all, i'm a seam newby, and i encountering a problem in order to setting up the security in a newly application created by sem-gen.
      I'm using jboss 5.0.0 GA  and jboss-seam-2.2.0.GA.
      I want extends JpaIdentityStore, with a little class:




      @Name("org.jboss.seam.security.identityStore")
      @Scope(ScopeType.APPLICATION)
      @Install(precedence=Install.DEPLOYMENT)
      @BypassInterceptors
      @Startup
      public class JpaIdentityStoreExt extends JpaIdentityStore 
      {     
        private static final long serialVersionUID = 7738532595250782857L;
           
      }
      



      but , when jboss starts i get this error:



      20:23:39,781 ERROR [JpaIdentityStore] Error in JpaIdentityStore configuration - userClass must be configured.



      Under components.xml i put:



      <security:jpa-identity-store class="com.mycompany.myapp.security.custom.JpaIdentityStoreExt">      
               user-class="com.mycompany.myapp.domain.entity.User"
               role-class="com.mycompany.myapp.domain.entity.Role">
          </security:jpa-identity-store>        




      I readed other similar entries in this forum without success.
      Can anyone help?
      Best regards



        • 1. Re: Extending JpaIdentityStore
          Nikolay Elenkov Master

          Seems your class is not being instantiated at all. Since you are overriding the Seam component, you shouldn't need to specify the class in your components.xml. Remove it and see what happens. Also put some logging and/or breakpoints in your JpaIdentityStoreExt class to check if
          it is used. Why do you need to override JpaIdentityStore in the first place?


          • 2. Re: Extending JpaIdentityStore
            riboriori riboriori Newbie

            I want store more information about user, such as company, age etc...
            In order to do this, i belive (i dont know seam, i'm a newbe) i must override IdentiyManager also.
            What do you think?

            • 3. Re: Extending JpaIdentityStore
              Nikolay Elenkov Master

              You don't need to override JpaIdentityStore, just add properties as needed to your User class. You can observe the JpaIdentityStore.EVENT_USER_CREATED event to modify the newly created User. Look in the seamspace example for inspiration.


              HTH


              • 4. Re: Extending JpaIdentityStore
                riboriori riboriori Newbie

                Yes, good idea: must i use @Observer?
                There is a problem: identityStore interface defines a method, createUser (and an overloading of it) which takes only the username and password params.
                If i want a manager that creates a user with additional params?

                • 5. Re: Extending JpaIdentityStore
                  Jonathan Tougas Newbie

                  We have the same problem in our application and we work around this by observing the JpaIdentityStore.EVENT_USER_CREATED event.


                  What is retarted about this way of doing this however is that we have to (re)set every field on the user object since the JpaIdentityStore creates a new user instance instead of having a get/set user property or whatever way to hand it a user instance.


                  Here's an example observer:


                  public class UserEventObserverBean implements UserEventObserver {
                  
                       private User user;
                  
                       @Observer( value = JpaIdentityStore.EVENT_PRE_PERSIST_USER, create = false )
                       public void prePersistUser( Object pUser ) {
                            User newUser = (User)pUser;
                            newUser.setEmail( getUser().getEmail() );
                            newUser.setLocale( getUser().getLocale() );
                            newUser.setPortalId( getUser().getPortalId() );
                       }
                  
                       @Observer( value = JpaIdentityStore.EVENT_USER_CREATED, create = false )
                       public void userCreated( Object pUser ) {
                            setUser( (User)pUser );
                       }
                  
                       public void setUser( User user ) {
                            this.user = user;
                       }
                  
                       public User getUser() {
                            return user;
                       }
                  
                       @Remove
                       @Destroy
                       public void destroy() {
                       }
                  }



                  .. and action bean


                  UserEventObserver observer = (UserEventObserver)Component.getInstance( "userCreationObserver" );
                  observer.setUser( getUser() );
                  
                  identityStore.createUser( 
                       getUser().getUsername(), 
                       getUser().getPassword(), 
                       getUser().getFirstName(), 
                       getUser().getLastName() );



                  • 6. Re: Extending JpaIdentityStore
                    riboriori riboriori Newbie

                    The solution appear good, but i have some doubt: if i want an override of seam security that, for example, provide


                    List<User> listUsers()

                      method instead of

                    List<String> listUsers()

                    ?

                    • 7. Re: Extending JpaIdentityStore
                      Nikolay Elenkov Master

                      JpaIdentityManager is not meant to be a full-blown user manager. If you want additional functionality, just create your own component,
                      UserManager or whatever. You can than search,  update, etc. your User classes just as you do with your other entities.