5 Replies Latest reply on Mar 30, 2011 9:26 AM by Stefan Frank

    Identity: authenticator.authenticate never called

    Stefan Frank Newbie

      We have several web-apps, that all have a similar setup: Authorization is done with a CAS-Filter, after the authorization was successful, we use security:identity to make the user available in seam. This setup works flawless for 2 apps, but fails for one app. In this app, the authenticator.authenticate-method is never called. It looks like the




      <security:identity authenticate-method="#{authenticator.authenticate}" /> 





      is ignored completely: Even bogus expressions like


      #{XXXXXauthenticator.authenticate}



      are ignored silently. The log shows, that the authenticator-component is installed properly:



      15:49:08,043 INFO  [Component] Component: authenticator, scope: EVENT, type: JAVA_BEAN, class: com.mycompany.myApp.Authenticator
      



      I've been throwing code around here for hours and haven't got the slightest clue, why it does not even call the component. Any ideas, any one?!


      Here is, what we have:


      Authenticator.java:


      @Name("authenticator")
      public class Authenticator implements Serializable {
      
      ....
      public boolean authenticate() {
                      log.error("why am i never called?!");
                      float zero = 1/0;
      




      web.xml:



      <filter>
                      <filter-name>CAS Authentication Filter</filter-name>
                      <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
                      <init-param>
                              <param-name>casServerLoginUrl</param-name>
                              <param-value>http://login.heidelberg.com/cas/login</param-value>
                      </init-param>
                      <init-param>
                              <param-name>serverName</param-name>
                              <param-value>http://HEIPC33376.ceu.corp.heidelberg.com:8080</param-value>
                      </init-param>
              </filter>
      
              <filter>
                      <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
                      <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
              </filter>
      
              <filter>
                      <filter-name>CAS Validation Filter</filter-name>
                      <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
                      <init-param>
                              <param-name>casServerUrlPrefix</param-name>
                              <param-value>http://wieapp00386.res.corp.heidelberg.com/cas</param-value>
                      </init-param>
                      <init-param>
                              <param-name>serverName</param-name>
                              <param-value>http://HEIPC33376.ceu.corp.heidelberg.com:8080</param-value>
                      </init-param>
                      <init-param>
                              <param-name>redirectAfterValidation</param-name>
                              <param-value>true</param-value>
                      </init-param>
              </filter>
      
              <filter-mapping>
                      <filter-name>CharacterEncodingFilter</filter-name>
                      <url-pattern>/*</url-pattern>
              </filter-mapping>
      
              <filter-mapping> 
                      <filter-name>CAS Single Sign Out Filter</filter-name> 
                      <url-pattern>/*</url-pattern> 
              </filter-mapping>
      
              <filter-mapping>
                      <filter-name>CAS Authentication Filter</filter-name>
                      <url-pattern>/*</url-pattern>
              </filter-mapping>
      
              <filter-mapping>
                      <filter-name>CAS Validation Filter</filter-name>
                      <url-pattern>/*</url-pattern>
              </filter-mapping>
      
              <filter-mapping>
                      <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
                      <url-pattern>/*</url-pattern>
              </filter-mapping>
      



      components.xml:




      <?xml version="1.0" encoding="UTF-8"?>
      <components xmlns="http://jboss.com/products/seam/components"
              xmlns:core="http://jboss.com/products/seam/core" 
              xmlns:security="http://jboss.com/products/seam/security" 
              xmlns:web="http://jboss.com/products/seam/web"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
              xsi:schemaLocation="http://jboss.com/products/seam/core http://jboss.com/products/seam/core-2.1.xsd 
                       http://jboss.com/products/seam/security http://jboss.com/products/seam/security-2.1.xsd
                       http://jboss.com/products/seam/web http://jboss.com/products/seam/web-2.1.xsd
                       http://jboss.com/products/seam/components http://jboss.com/products/seam/components-2.1.xsd">
      
      <!--         <web:ajax4jsf-filter force-parser="false"
                      enable-cache="false" url-pattern="*.seam" />  -->
      
      <!--         <web:character-encoding-filter encoding="UTF-8"
                      override-client="true" url-pattern="*.seam" />  -->
      
              <!-- FIXME jboss complains, when this is not configured (no idea why it hasn't complained before
                      16/03/2011 frankste 
              -->
              <core:init debug="true" jndi-pattern="performance/\#{ejbName}/local" /> 
      
              <core:manager concurrent-request-timeout="500"
                      conversation-timeout="120000" conversation-id-parameter="cid"
                      parent-conversation-id-parameter="pid" />
                      
      
              <security:identity authenticate-method="#{authenticator.authenticate()}" />
              
              
              <event type="org.jboss.seam.security.notLoggedIn">
                      <action execute="#{redirect.captureCurrentView}" />
              </event>
              <event type="org.jboss.seam.security.loginSuccessful">
                      <action execute="#{redirect.returnToCapturedView}" />
              </event>
      
      
      
      </components>
      



      I'm grateful for any hint you may have: The config is similar to the two working apps, this is what puzzles me the most: It looks like only in this app, nothing ever gets evaluated inside components.xml (although it says in the log: reading WEB-INF/components.xml)


      desparate greetings


      Stefan








        • 1. Re: Identity: authenticator.authenticate never called
          Tim Evers Master

          Just to have the complete example could you also post the xhtml that you have that should trigger the authenticator being called?

          • 2. Re: Identity: authenticator.authenticate never called
            Stefan Frank Newbie

            Hi Tim,


            if you look into the filter-mapping, you see that everything is covered by the cas-filter:



             <filter-mapping>
                    <filter-name>CAS Authentication Filter</filter-name>
                    <url-pattern>/*</url-pattern>
              </filter-mapping>



            so there is no special trigger for the authentication, already accessing the root of the app triggers cas, which in turn should trigger authentication.



            • 3. Re: Identity: authenticator.authenticate never called
              Tim Evers Master

              Well, except that filter doesn't call the authenticator.


              According to this document you need a rule in your pages.xml at least to do that for you correct?

              • 4. Re: Identity: authenticator.authenticate never called
                Stefan Frank Newbie

                Yeah, sure, we have that:



                <page view-id="*" login-required="true">
                          <navigation>
                               <rule if-outcome="adminarea">
                                    <redirect view-id="/adminarea/search.xhtml" />
                               </rule>
                               <rule if-outcome="superadminarea">
                                    <redirect view-id="/superadminarea/search.xhtml" />
                               </rule>
                          </navigation>
                </page>



                and it works in two out of 3 Applications...

                • 5. Re: Identity: authenticator.authenticate never called
                  Stefan Frank Newbie

                  ok, got it: There was also a login.pages.xml that I had previously overseen. This nasty file contained the rule:




                  <?xml version="1.0" encoding="UTF-8"?>
                  <page xmlns="http://jboss.com/products/seam/pages"
                        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                        xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.0.xsd">
                  
                     <navigation from-action="#{identity.login}">
                        <rule if="#{identity.loggedIn}">
                           <redirect view-id="/home.xhtml"/>
                        </rule>
                     </navigation>
                  
                  </page>
                  



                  which somehow overwrites the rules in pages.xml and leads to the authenticator.authenticate-action never being executed. I don't have the slightest idea why this has worked before and is not working anymore: I have also updated from seam2.0 to seam2.2 - maybe the way that rules are merged/overwritten has changed?! Anyway, without this rule, the authentication  is triggered correctly. Thx for the help, it pointed me into the right direction!