0 Replies Latest reply on Aug 3, 2011 8:56 AM by Paul O'Connell

    Seam 2.2 Security Example

    Paul O'Connell Newbie

      I have an existing Tide based application and I need to enable role based access controls. I plan to use the Seam 3 Security framework, the initial authentication stage will be done with a CAS/JASIG filter, with authorisations then being processes via LDAP. I'm justing GraniteDS 2.2.0.GA, Seam 2.2.2.FINAL and spring 3.0.5.FINAL.

      I want to outline the steps and files that I plan to achieve this to ensure i'm on the right track.

      1 - web.xml

      Add the CAS/JASIG filter. Add the seam listener

      2 - granite-config.xml

      Add the seam security service

      <security type="org.granite.seam.security.SeamSecurityService"/>

      Ensure the jboss seam Identity is registered with tide

              <tide-component instance-of="org.jboss.seam.security.Identity"/>

      3 - services-config.xml

      Enable the SeamServiceFactory for the application

      <factory id="seamFactory" class="org.granite.seam.SeamServiceFactory" />

      4 - Add a custom Identity

      I'll add a custom Identity class, this will expect that the CAS filter has authenticated the user, and it will then determine the correct roles/permissions to add to the users Identity object.

      @Install(precedence = APPLICATION)
      public class ProactionIdentity extends Identity {

      5 - components.xml

      In order to configure the seam components i need to provide a 'components.xml' file but am unsure of the content. If the class is correctly annotated won't the object be injected correctly?

      6 - Login Page

      My existing login page is contained within a Login.mxml file. In most of the example I've seen, the seam security framework expects a 'pages.xml' files to be provided, in which the page navigation rules can be configured and the attribute 'login-required' is enabled.

      7 - Role Base Controls

      The final step will be to update my mxml files to ensure the components use the attribute 'visibility' with the correct role/permission setting.

      Are there any major steps that you think i might be missing?