0 Replies Latest reply on Jun 14, 2013 5:49 AM by Nikhil N

    Facing issue in authenticating external component in seam application

    Nikhil N Newbie

      1 ) Issue i am facing is , seam application has a external component , here without authentication i am able to access the external component, i tried with the below approach ,

       

      tried adding the below authentication filter in components.xml , but even this didn't work

       

      <web:authentication-filter url-pattern="/test/resource/rest/*" auth-type="basic"/> ,

       

      is there a way to restrict seam servlet (AbstractResource Class)  from un-authorized users,

       

      @Scope(ScopeType.APPLICATION)

      @Name("imageProcessor")

      /* @BypassInterceptors */

      public class ImageProcessor extends AbstractResource {

       

       

      is there any way pages.xml to add restrictions?

       

      The above approach tried at frame work level , below I tried with other approach using sessionID ‘s  which is at server level ,

       

      2) I tried using sessionID to authenticate, but seam action is having a different sessionID and external component is having a different sessionID , then i tried adding the JsessionID in the response header as below , to sustain the same sessionID across the application , but here i was able to achieve getting same sessionID across the application, but being ideal for few minutes and then click the external component , then i am getting new sessionID , though i have configured session time out to 30 min .. which means the external component does not deal with session time out configured in web.xml.

       

      1. response.addHeader("SET-COOKIE", "JSESSIONID=" + request.getSession().getId() + ";path=/;");

       

      the above issue is related to server side , which is Jboss EPP 4.3 , please suggest if there is a way to overcome the above issues ,  looking forward for  the valuable inputs for the above issue ,

       

      Thanks in advance!