2 Replies Latest reply on Mar 5, 2012 2:11 AM by Alessandro Montanari

    How to get the current logged in user from jsf using seam and jboss security?

    Alessandro Montanari Newbie

      Hi everyone,

      I'm quite new in jboss and seam development and maybe I'm missing something very easy but I read a lot of posts here and I still can not get the solution, so thanks for help me

       

      The situation:

      I created an EJB application with a method level security, so I wrote my application policy like this:

      <application-policy xmlns="urn:jboss:security-beans:1.0" name="myalma-security-domain">
       <authentication>
      
        <login-module code="org.jboss.security.ClientLoginModule" flag="required">
             <module-option name="restore-login-identity">true</module-option>
        </login-module>
      
        <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
        <module-option name="dsJndiName">java:/myalma-ds</module-option>
                                              ...
        </login-module>
        </authentication>
        </application-policy>
      

       

      And then I annoted all EJB's methods in the proper way. Everything works here.

       

      Then I created a web app that uses the EJB components and Seam, now I removed all settings about Seam security beacuse I want to use the same policy as before, so I added to web.xml those lines

      <security-constraint>
        <display-name>Restrict raw XHTML Documents</display-name>
        <web-resource-collection>
        <web-resource-name>XHTML</web-resource-name>
        <url-pattern>/*</url-pattern>
        <url-pattern>/layout/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
        <role-name>admin</role-name>
        </auth-constraint>
        </security-constraint>
      
        <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
        <form-login-page>/MyLogin.xhtml</form-login-page>
        <form-error-page>/error.xhtml</form-error-page>
        </form-login-config>
        </login-config>
      
        <security-role>
        <role-name>admin</role-name>
        </security-role>
      

       

      I also added this line in jboss-web.xml

        <security-domain>java:/jaas/myalma-security-domain</security-domain> 
      

       

      And MyLogin.xhtml is:

       

      ...
      <body>
        <form name="loginForm" method="post" action="j_security_check">
        <table>
                                    <tr>
                                              <td>User Name:</td>
        <td><input type="text" name="j_username"/></td>
                                    </tr>
                                    <tr>
                                              <td>Password:</td>
        <td><input type="password" name="j_password"/></td>
                                    </tr>
        <tr colspan="2">
        <td><input type="submit" value="login"/></td>
                                    </tr>
        </table>
        </form>
      </body>
      ...
      
      
      

       

      The login works fine: i can access to pages only if the user has the admin role.

       

      My question now is: how can I get the username of the current logged in user from a jsf?

      I tried in many different ways like:

      - #{request.userPrincipal.name}

      - #{servletContexts.request.userPrincipal.name}

      - #{servletContexts.request.remoteUser}

      - etc.

      but I get always null.

       

      I'm using jboss 6.1.0.Final and Seam 2.2.2.Final

       

      Really thanks for help.

        • 1. Re: How to get the current logged in user from jsf using seam and jboss security?
          Tim Evers Master

          I'm really no expert in the area you are dealing with here but, have you tried just the standard "#{identity.username}"?

          • 2. Re: How to get the current logged in user from jsf using seam and jboss security?
            Alessandro Montanari Newbie

            Yes I tried, but I think that way works only if you use the Seam security and, instead, I'm using the Jboss security, so it doesn't work.

             

            Now I found a kind of work around using a SLSB like this:

            @Name("userHelper")

            @Stateless

            @Remote(IUserHelper.class)

            public class UserHelper implements IUserHelper

            {

                   @Resource

                      SessionContext context;

             

                      public String getMail()

                      {

                                return context.getCallerPrincipal().getName();

                      }

             

                      public boolean isLogged()

                      {

                                return context.getCallerPrincipal() != null;

                      }

             

                   @Override

                      public boolean isUserInRole(String roleName)

                      {

                                return context.isCallerInRole(roleName);

                      }

             

            }

             

            However I think there is an easier way to do that.