I use, since Seam 1.0.CR3, a dirty but cheap solution (I will wait for a clean one with 1.1.5).
I mixed this: http://groundside.com/blog/DuncanMills.php?title=j2ee_security_a_jsf_based_login_form and JAAS example on Seam Wiki (http://wiki.jboss.org/wiki/Wiki.jsp?page=JBossSeam) long story short (this is not complete but show the idea - I can complete if there is interest) : sidebar for Login.xhtml on /WEB-INF/sidebar/Login.xhtml (based on DVD Store example): | <c:choose xmlns="http://www.w3.org/1999/xhtml"; | xmlns:ui="http://java.sun.com/jsf/facelets"; | xmlns:f="http://java.sun.com/jsf/core"; | xmlns:h="http://java.sun.com/jsf/html"; | xmlns:c="http://java.sun.com/jstl/core";> | | <c:when test="#{ currentUser == null }"> | <div class="sidebarWrapper"> | <dl> | <dt class="sidebarHeader">Login</dt> | <dd class="sidebarForm"> | <h:form id="loginForm"> | <dl> | <dt><h:outputText value="Usuário"/></dt> | <dd><h:inputText id="j_username" value="#{ login.username }" size="16" styleClass="text"/></dd> | <dt><h:outputText value="Senha"/></dt> | <dd><h:inputSecret id="j_password" value="#{ login.password }" size="16" styleClass="text"/></dd> | | <dd> | <h:commandButton action="#{ login.login }" value="Entrar" styleClass="formButton" style="width: 166px;"/> | </dd> | <dd><h:messages globalOnly="true"/></dd> | </dl> | </h:form> | </dd> | </dl> | </div> | </c:when> | | <c:otherwise> | <div class="sidebarWrapper"> | <dl> | <dt class="sidebarHeader">Bem-vindo, #{ currentUser.nickname }</dt> | <dd class="sidebarForm"> | <h:form> | <dl> | <dd>Seu acesso está autorizado</dd> | <dd> | <h:commandButton action="#{ login.logout }" value="Logout" class="formButton" style="width: 166px;"/> | </dd> | </dl> | </h:form> | </dd> | </dl> | </div> | </c:otherwise> | | </c:choose> | Login Action Bean: | public String login() | { | | String username = this.username; | String password = this.password; | | this.username = null; | this.password = null; | | try | { | UserReference user = (UserReference) em.createQuery("from UserReference u where u.username = :username and u.password = :password") | .setParameter("username", username) | .setParameter("password", password) | .getSingleResult(); | | | Contexts.getSessionContext().set("currentUser", user); | Contexts.getSessionContext().set("loggedIn", true); | | // PUT HERE CONTEXT USER RELATED CONTENT | | ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext(); | | HttpServletRequest request = (HttpServletRequest)ectx.getRequest(); | HttpServletResponse response = (HttpServletResponse)ectx.getResponse(); | | RequestDispatcher dispatcher = request.getRequestDispatcher("loginProxy.jsp"); | dispatcher.forward(request, response); | | return null; | | } | catch (Exception e) | { | FacesMessages.instance().add("Erro de Login"); | return null; | } | } | | public String logout() | { | Seam.invalidateSession(); | Contexts.getSessionContext().set("currentUser", null); | Contexts.getSessionContext().set("loggedIn", null); | return "index"; | } | For real JAAS pass in loginProxy.jsp: | <?xml version="1.0" encoding="UTF-8" ?> | <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"; version="2.0"> | <jsp:directive.page language="java" | contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" /> | <jsp:text> | <![CDATA[ <?xml version="1.0" encoding="UTF-8" ?> ]]> | </jsp:text> | <jsp:text> | <![CDATA[ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> ]]> | </jsp:text> | <html xmlns="http://www.w3.org/1999/xhtml";> | <head> | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> | <title>Logging in</title> | </head> | <body onload="document.forms[0].submit()"> | | Você está sendo redirecionado... Por favor aguarde!<br/> | Caso seu browser não esteja carregando a página, tente novamente! | <br/><br/> | Atenciosamente,<br/> | Equipe de Desenvolvimento da Uqbar | | <form method="post" action="j_security_check"> | <input type="hidden" name="j_username" value='${ param["loginForm:j_username"] }' /> | <input type="hidden" name="j_password" value='${ param["loginForm:j_password"] }' /> | </form> | </body> | </html> | </jsp:root> | worth mention web.xml (I use .html instead of .seam): | <!-- JAAS --> | | <security-constraint> | <web-resource-collection> | <web-resource-name>Ipanema</web-resource-name> | <description>Intranet Information Manager</description> | <url-pattern>/Index.html</url-pattern> | <url-pattern>/Management/*</url-pattern> | <url-pattern>/QueryTool/*</url-pattern> | <url-pattern>/Data/*</url-pattern> | <http-method>POST</http-method> | <http-method>GET</http-method> | </web-resource-collection> | <auth-constraint> | <description>Acesso Controlado de Usuários</description> | <role-name>ADMINISTRATORS</role-name> | <role-name>USERS</role-name> | </auth-constraint> | </security-constraint> | | | <login-config> | <auth-method>FORM</auth-method> | <form-login-config> | <form-login-page>/Login.html</form-login-page> | <form-error-page>/Login.html</form-error-page> | </form-login-config> | </login-config> | | | <security-role> | <description>Administrador</description> | <role-name>ADMINISTRATORS</role-name> | </security-role> | | <security-role> | <description>Usuários Comuns</description> | <role-name>USERS</role-name> | </security-role> | And login base page referenced by web.xml: | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> | <html xmlns="http://www.w3.org/1999/xhtml"; | xmlns:ui="http://java.sun.com/jsf/facelets";> | | <body> | <ui:composition template="/WEB-INF/base/MasterPage.xhtml"> | | <ui:define name="sidebar"> | <ui:include src="/WEB-INF/sidebar/Login.xhtml"/> | </ui:define> | | <ui:define name="content"> | | <h1>Bem Vindo ao Ipanema</h1> | | </ui:define> | | </ui:composition> | </body> | | </html> | I use this on JBoss AS 4.0.5 and View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3988145#3988145 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3988145 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
