4 Replies Latest reply on Feb 18, 2011 2:08 AM by wadhah jebri

    Role-based authentication

    wadhah jebri Newbie

      Hi,
      This is my Authenticator class how can i use the pages.xml to authenticate by role ?



      package org.domain.greclam.session;
      import javax.persistence.EntityManager;
      import javax.persistence.NoResultException;
      import javax.persistence.Query;
      import org.domain.greclam.entity.Role;
      import org.domain.greclam.entity.User;
      import org.jboss.seam.ScopeType;
      import org.jboss.seam.annotations.In;
      import org.jboss.seam.annotations.Logger;
      import org.jboss.seam.annotations.Name;
      import org.jboss.seam.annotations.Out;
      import org.jboss.seam.log.Log;
      import org.jboss.seam.security.Credentials;
      import org.jboss.seam.security.Identity;
      
      @Name("authenticator")
      public class Authenticator {
           @Logger
           private Log log;
      
           @In
           Identity identity;
           @In
           Credentials credentials;
           @In
           EntityManager entityManager;
           @Out(required = false, scope = ScopeType.SESSION)
           private User user;
      
           public boolean authenticate() {
                try {
                     Query query = (Query) entityManager
                               .createQuery("from User where username = :username "
                                         + " and password = :password");
                     query.setParameter("username", credentials.getUsername());
                     query.setParameter("password", credentials.getPassword());
                     // log.info("authenticating {0}", credentials.getUsername());
                     user = (User) query.getSingleResult();
                     if (user.getRoles() != null) {
                          for (Role r : user.getRoles()) {
                               identity.addRole(r.getRolename());
                          }
                     }
                     return true;
                } catch (NoResultException ex) {
                     return false;
                }
           }
      
      }
      



        • 1. Re: Role-based authentication
          Monkey Den Master

          Correct me if I'm wrong but I think you're talking about authorization by page, not authentication.

          • 2. Re: Role-based authentication
            wadhah jebri Newbie

            Kyle Burke wrote on Feb 17, 2011 10:01:


            Correct me if I'm wrong but I think you're talking about authorization by page, not authentication.

            Yes authorization by page in fact i have 4 users : A,B,C,D. Each user after athentification should be redirected to a specific page switch the role ...

            • 3. Re: Role-based authentication
              Monkey Den Master

              So it's not even really authorization, it's role-based navigation, but you can do both in pages.xml. 


              You could do something like this:


              Navigation:


              <page view-id="/login.xhtml">
                  <navigation from-action="#{identity.login}">
                      <rule if="#{identity.hasRole('A')}">
                          <redirect view-id="/A-home.xhtml"/>
                      </rule>
                      <rule if="#{identity.hasRole('B')}">
                          <redirect view-id="/B-home.xhtml"/>
                      </rule>
                      ...
                  </navigation>          
              </page>
              



              Authorization:


              Then, for each of the role-specific pages (A-home.xhtml, B-home.xhtml), you can do this:


              <page view-id="/A-home.xhtml">
                 <restrict>#{s:hasRole('A')}</restrict>
                 ...
              </page>
              <page view-id="/B-home.xhtml">
                 <restrict>#{s:hasRole('B')}</restrict>
                 ...
              </page>
              

              • 4. Re: Role-based authentication
                wadhah jebri Newbie

                Kyle Burke wrote on Feb 17, 2011 10:44:


                So it's not even really authorization, it's role-based navigation, but you can do both in pages.xml. 

                You could do something like this:

                Navigation:

                <page view-id="/login.xhtml">
                    <navigation from-action="#{identity.login}">
                        <rule if="#{identity.hasRole('A')}">
                            <redirect view-id="/A-home.xhtml"/>
                        </rule>
                        <rule if="#{identity.hasRole('B')}">
                            <redirect view-id="/B-home.xhtml"/>
                        </rule>
                        ...
                    </navigation>          
                </page>
                



                Authorization:

                Then, for each of the role-specific pages (A-home.xhtml, B-home.xhtml), you can do this:

                <page view-id="/A-home.xhtml">
                   <restrict>#{s:hasRole('A')}</restrict>
                   ...
                </page>
                <page view-id="/B-home.xhtml">
                   <restrict>#{s:hasRole('B')}</restrict>
                   ...
                </page>
                



                Thank u i just need the navigation it works perfectly thx ;)