0 Replies Latest reply on Aug 3, 2011 8:56 AM by Paul O'Connell

    Seam 2.2 Security Example

    Paul O'Connell Newbie

      I have an existing Tide based application and I need to enable role based access controls. I plan to use the Seam 3 Security framework, the initial authentication stage will be done with a CAS/JASIG filter, with authorisations then being processes via LDAP. I'm justing GraniteDS 2.2.0.GA, Seam 2.2.2.FINAL and spring 3.0.5.FINAL.


      I want to outline the steps and files that I plan to achieve this to ensure i'm on the right track.


      1 - web.xml


      Add the CAS/JASIG filter. Add the seam listener


      2 - granite-config.xml


      Add the seam security service


      <security type="org.granite.seam.security.SeamSecurityService"/>


      Ensure the jboss seam Identity is registered with tide



          <tide-components>
              <tide-component instance-of="org.jboss.seam.security.Identity"/>


      3 - services-config.xml


      Enable the SeamServiceFactory for the application


      <factory id="seamFactory" class="org.granite.seam.SeamServiceFactory" />


      4 - Add a custom Identity


      I'll add a custom Identity class, this will expect that the CAS filter has authenticated the user, and it will then determine the correct roles/permissions to add to the users Identity object.



      @Name("org.jboss.seam.security.identity")
      @Scope(ScopeType.SESSION)
      @Install(precedence = APPLICATION)
      @BypassInterceptors
      @Startup
      public class ProactionIdentity extends Identity {


      5 - components.xml


      In order to configure the seam components i need to provide a 'components.xml' file but am unsure of the content. If the class is correctly annotated won't the object be injected correctly?


      6 - Login Page


      My existing login page is contained within a Login.mxml file. In most of the example I've seen, the seam security framework expects a 'pages.xml' files to be provided, in which the page navigation rules can be configured and the attribute 'login-required' is enabled.


      7 - Role Base Controls


      The final step will be to update my mxml files to ensure the components use the attribute 'visibility' with the correct role/permission setting.


      Are there any major steps that you think i might be missing?
      Regards,
      P