3 Replies Latest reply on Feb 15, 2014 5:32 AM by Pëtr Andreev

    How to Implement Application ONLY authentication

    Andrew Fritz Newbie

      Previously in JBoss+Seam it was possibly to totally bypass the complicated and unnecessary in the context container managed security mechanism via the Identity bean/object plus a couple custom bean/logic classes and <security:identity authenticate-method="#{loginBean.login}"/> in components.xml. Clear and simple java code then handled application specific logic (like ensuring the client was paid up) and decided if they could log in. Simple and effective and totally flexible.

       

      I'm writing a new app in Wildfly for a new project and have no desire to complicate life with Seam. How, with Wildfly + JSF can I manage my own logins WITHOUT using container managed security?

       

      My app does NOT need to share credentials with other apps running on the server (nor will any other app ever run on the server, period). The app must have its own full featured user management and needs features not possible (as far as I can tell) in the JDBCWhateverLoginSecurityWidgitDoDad... Implementing my own security adapter seems far to complicated and convoluted especially since I do not need it. I just want to insert the needed information into the session so that the frameworks can use the built in hasRole and isLoggedIn methods, so the security-contraints in web.xml work and related annotations and tags work. All of this should rely on something in the session, but it is not documented anywhere I can find.

       

      I've scowered the documentation and I find no references to this even though it seems like a day zero feature for anyone writing a standalone app needs (others have noted that this huge gaping hole in the java EE spec also)...