[jboss-user] [JBoss Seam] - Re: Seam Security Question - Tomcat Valve
I need SSO with other old struts application on same server. With this class SSO authentication works, but authorization #{s:hasRole('admin')} don't :-( @Name(org.jboss.seam.security.identity) @Scope(SESSION) @Install(precedence = Install.APPLICATION) @Intercept(NEVER) @Startup public class MyIdentity extends Identity { @Override public Principal getPrincipal() { Principal currentUser = ((HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext() .getRequest()).getUserPrincipal(); return currentUser; } } View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4033777#4033777 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4033777 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: Seam Security Question - Tomcat Valve
The problem is that the Seam security model is tightly coupled to a JAAS model of security - i.e. the Subject class and friends. With CAS and our custom Tomcat Valve, the servlet container associates/manages a copy of the authenticated Principal (a.k.a. userPrincipal in Seam) with the HttpServletRequest and in the Valve, it's possible for us to make isUserInRole() work as expected as well. It would be ideal for us if Seam allowed us to provide or override the Principal and roles for a user (and even permissions too but we're not using permissions directly) to the Identity component. I would be reluctant to use the approach you show in the previous post because that's sure to be outdated or broken with any future release of Spring - especially since there are JIRA task(s) for the Identity component now. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4033813#4033813 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4033813 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: Seam Security Question - Tomcat Valve
I don't think it would be too hard for Seam Security to authenticate against a Tomcat realm - if you create a JIRA issue for this and assign it to me I'll add this functionality when I get a chance. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4024387#4024387 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4024387 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: Seam Security Question - Tomcat Valve
I create issue http://jira.jboss.com/jira/browse/JBSEAM-967. Note that what I'm really asking at the moment, is for away to establish an Identity that uses the HttpServletRequest to obtain the Principal, and check roles. Thanks, Brad Smith View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4024400#4024400 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4024400 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user