vladimir.kovalyuk wrote :
| But it requires some effort for working out an approach of returning the
user to the requested page after he successfully logged in.
| Is it planned for seamspace example?
|
This feature unfortunately won't be in the initial release. It's quite a
tricky
I can't tell what's causing the ClassCastException from that stack trace,
however the DatabaseServerLoginModule login module that you're using is a JBoss
AS-specific login module, and won't work as is with Seam security. The
unfortunate truth is that each app server implements security
I made the same changes you did to Identity (and committed them to CVS) and the
seamspace example still works fine for me. I'm not sure what to suggest, other
than putting a breakpoint in Identity.getPrincipal() and checking which
principals actually get asserted into the subject as a result
You can do it this way:
|
SecurityConfiguration.instance().getLoginModuleConfiguration().addEntry(custom,
entry);
|
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4003469#4003469
Reply to the post :
mikepkp17 wrote :
| Besides that I noticed that SimplePrincipal is not serializable and I got
notserializableexceptions during my tests maybe since I am developing for a
clustered environment, fyi
That was an oversight on my part, it's now Serializable.
View the original post :
mikepkp17 wrote : How did you login the seamspace application?
|
| If I try with demo/demo I get this strange exception on profile.seam...
| If I then go back to home.seam (reload home.seam) I am logged in with demo.
|
| If I login with duke/duke everything works
|
| fyi
I just
The Seamspace example in CVS serves images from a servlet, and provides an
image rescaling feature also. Take a look at ContentServlet.java, it's pretty
straight forward - and it uses SeamServletFilter to set up the Seam contexts.
View the original post :
I've made a few changes in the security API to support this now.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4003093#4003093
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4003093
The information on the wiki page is redundant now. The new Seam security API
is due to be released next week, or if you want to try it now you can check out
the latest version from CVS. The documentation is still being written, but
there is more than enough information there to get
Actually the docs were wrong, I've fixed it now. Wildcards can only be used at
the start of the url-pattern, e.g:
| url-pattern*.seam/url-pattern
|
or at the end:
| url-pattern/secure/*/url-pattern
|
View the original post :
There's a JIRA issue for improving exception handling in Seam Remoting here
http://jira.jboss.org/jira/browse/JBSEAM-633. Redirecting to a login page on
an exception would an application's responsibility, however the remoting code
would need to support this. I suggest you add a comment to the
I agree with Norman. I'd be inclined to put your business logic into a Seam
component and then call that from your filter. SeamServletFilter is a good
example of how to set up the Seam contexts for the request.
View the original post :
Can you post the code for RolePrivilegesAction? It looks like something is
going wrong there.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3998637#3998637
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3998637
You'll be able to extend SecurityConfiguration to load roles/permissions from a
database if you like, however keep in mind that these are only explicitly
assigned permissions, as opposed to the dynamic rule-based permissions that the
security API will also support.
As for enums, the type
Take a look at the booking example, in particular HotelSearchingAction.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3996615#3996615
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3996615
This functionality is typically implemented with a client-side cookie. I've
got plans to include support for this, but not in the initial release of the
Seam security API in a few weeks.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3995845#3995845
Reply
This filter is part of the new security API, which will be included in the Seam
1.1.5 GA release. It should be ok to use now, but it may change further before
the release is complete.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3995151#3995151
Reply to the
The security API provides page-level security - even though the component model
is secure people still like to be able to secure their views for completeness.
This is totally optional and if page/view security is not a concern there is no
requirement to use it.
On the last point, there is a
sherkan777 wrote : I got another questionit is posible to run those
SeamSecurity example?
This example has been killed off - deleted from CVS. The SeamSpace example
will replace it when the security API is released in Seam 1.1.5.
View the original post :
I'm glad you worked out the problem. In general, the conversation model should
work exactly the same via the remoting API as it does for a normal JSF action.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3994547#3994547
Reply to the post :
s:secure is gone, it's been replaced with EL expressions s:hasRole and
s:hasPermission.
Unfortunately you'll have to wait until 1.1.5 for the examples and docs, but
it's only a few weeks away.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3994209#3994209
david.alves wrote :
| So How am I going to test for roles? And even if the isUserInRole component
also tests for the seam security roles, will components of frameworks like
icefaces that have the rendered and renderedOnUserRole like properties be
compatible with the seam security roles?
It was my fault, it's fixed now.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3993221#3993221
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3993221
___
jboss-user mailing list
It's planned, but not for the initial release of the security API.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3992927#3992927
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3992927
You're right about getValue(), I'll update the documentation when I get a
chance. As for the undefined Javascript error, are you importing the Game
object in the page?
Assuming the Seam component name is game:
| script type=text/javascript src=seam/remoting/interface.js?game/
|
View
There will be integration with JSF/JAAS security, but I can't promise that it
will be in the first release. Do you have a specific requirement/reason for
having to use JAAS?
And Mike to (hopefully) answer your question, the security API will provide a
way to check roles and permissions within
Javascript doesn't support overloading, so unfortunately you can't do this.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3991179#3991179
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3991179
The security API is undergoing some major changes, but as mentioned previously
is due to be released in Seam 1.1.5GA. Gavin and I reviewed what we already
had and came up with some innovative (at least I think so) new ideas, including
using Drools to perform dynamic permission checks and
It looks like you're not getting any response packet sent back by the server.
Is it producing a stack trace?
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3990829#3990829
Reply to the post :
Of course, default button behaviour is to submit the form.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3990843#3990843
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3990843
___
| function betsCallback(result) {
| for (var i = 0; i result.length; i++){
| var xy = result[i ];
| }
| }
|
xy will be an instance of Wette.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3990462#3990462
Reply to the post :
Can you turn on debugging and see that the request and response packets are
correct? Instructions here:
http://docs.jboss.com/seam/1.1CR1/reference/en/html/remoting.html#d0e5505
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3989854#3989854
Reply to the post
It is a bug, fixed in CVS now.
Thanks!
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3986333#3986333
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3986333
___
jboss-user mailing
There will be a component of the security API that handles page security,
however it currently has low priority. In terms of what it will provide, most
likely it will be simple role-based restriction to view-tier resources. There
are plans to support X509 authentication, however it is quite a
gllambi wrote :
| I'm new to Remoting and Ajax, can you give me a good example when to use it?
|
It's hard to give a definitive answer, because I'm sure there's some usage
scenarios that I haven't even thought of yet. In general, you should use it
when your page can benefit from making a
Injection should work just fine. Can you post a code sample?
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3985125#3985125
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3985125
The security API is still under heavy construction and I've yet to write
documentation for it. The @Secure annotation is used to secure access to a
component or component method by specifying which roles or permissions are
required to be able to invoke it.
Within the security API there are
The login() method in your example is clearly intended to be invoked within a
JSF context - it adds messages via FacesMessages and returns an action string.
Remoting is not intended to be used to call action methods such as this.
If however this is just an experiment to see how remoting works,
Besides a small section in the remoting chapter of the documentation, there's
not really much else that can be said about debugging without getting overly
verbose. In general, being able to see the xml request/response packets should
go a long way toward solving any remoting issues. I can
Turn debug on in Seam remoting so that you can see that the request and
response xml is valid.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3983367#3983367
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3983367
dietice wrote :
| Further i have a feature request: I would like to have 'dynamic roles'
(roles depending on the calling principal).
|
This type of authorization is supported by the security API, via dynamic
permissions. In fact the security example as it exists in CVS already
yj4jboss wrote : Hello Gavin,
| Any idea when the Security APIs will be ready ?
| http://www.m-itc.net
Unfortunately it won't be ready for the 1.1 release of Seam. There's still
another month or so of work to do writing documentation, examples, tests, etc.
View the original post :
I've fixed the security example, there was a redundant entry left in
components.xml. Both jboss-service.xml and login-config.xml have been removed,
I'll update the wiki page to reflect this.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3981592#3981592
Reply
The date type is already registered in the constructor, and there is special
handling for the date class in getWrapperForObject(), hence no need for the
registerWrapperClass() call for dates.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3981636#3981636
Reply
appendix wrote :
| Is there a reason why the property connectionProvider in
org.jboss.seam.remoting.messaging.SubscriptionRegistry lacks a getter method
and hence cannot be set by a parameter in seam.properties, components.xml or
web.xml?
I'll add the getter method for you today.
View
I've got a really nice date picker that I wrote a few years ago. When I get a
chance I'll dress it up as a Seam tag and add it to CVS.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3979198#3979198
Reply to the post :
Hmm, I'm not sure why you'd be getting that specific Javascript error in
relation to messaging. The only place I can see it possibly happening is in
the Seam.Remoting.hideLoadingMessage() method - just to be safe I've updated
this method in CVS to check that Seam.Remoting.loadingMsgDiv is not
That table looks wrong, the Role table should only have one username column. I
don't know if it's an artifact of using MySql, but you could try giving the
user entity a surrogate key instead of using the username.
View the original post :
Seam.Remoting.subscribe() sends an asynchronous request to the server, which
means you're not guaranteed to have a token in the subscription registry by the
time your page gets to the script at the bottom of the page.
I suggested putting the code to set the token inside your callback method,
Fixed in CVS, sorry about that.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3978116#3978116
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3978116
___
jboss-user mailing list
The token is passed back in the response to the subscribe request, and added to
the subscription registry in Seam.Remoting.subscriptionCallback(). You should
put the code for setting the token in your channelMessageCallback() method
(only setting it if it hasn't already been set).
View the
The code for dealing with stale subscriptions is a little messy at the moment.
However to deal with your immediate issue, if you can somehow pass your
subscription token to the next page (with a hidden field or something) then you
can manually insert your subscription into the registry like
I've committed some changes to CVS to fix this. BigDecimal and BigIntegers are
now marshalled as String values.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3977736#3977736
Reply to the post :
Could you post the code for searchCriteriaFilename ?
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3976414#3976414
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3976414
___
emsa wrote : Upgraded to CVS and it works, so I guess that it is a bug in
1.0.1 - can someone confirm this?
There was an inheritance bug I fixed a while ago - I'm guessing that the
filename field in your class is inherited from a parent class?
View the original post :
I'm not sure what's causing the exception, but seam-security.xml is currently
not being used so no need to include it for the time being. That may change
once page security is implemented, but for now the only configuration is in
components.xml.
I'll be working on getting this stuff
The security example only implements model security, not page security so while
you can directly access protected.seam you will not be able to execute the
protected action. That being said, I'll shortly be reworking the security API
to make it much more complete than the state it's in right
Not yet, but there are plans for it. This part of the security API will be
implemented with a servlet filter.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3975882#3975882
Reply to the post :
This should just work. The result should be an array of SomeObject objects -
what do you mean by Javascript Array filled VOID objects ?
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3975603#3975603
Reply to the post :
If you post a JIRA issue for this I'll take a look at it.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3975605#3975605
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3975605
___
The one time I got that exception, it was because the component class could not
be found in the classpath.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3975062#3975062
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3975062
I wouldn't go as far as to constrain all entities by default, it would add
another speedbump that a developer would need to be aware of when
implementing remoting in their app. Section 7.9 in the remoting chapter of the
documentation describes how object graphs returned by invoking a session
Entity beans (and in fact, any JavaBean objects that are returned or referenced
in the return value by a session bean method) are represented by an equivalent
Javascript class to provide the developer with a familiar object model to
work with. Until now, no-one has expressed any issues with
From what I understand, fireAllRules() itself doesn't really do much. Most of
the actual rule evaluation work occurs while you're asserting objects into the
working memory. Here's a snippet from the JBoss Rules documentation:
anonymous wrote :
| Assertion is the act of telling the working
CptnKirk wrote : What I figured. Thanks. Any plans to publish a protocol
spec?
I was actually thinking just the other day that it would be a good idea to
document this stuff, so yeah it's on my list of things to do now :)
View the original post :
| script type=text/javascript
| Seam.Remoting.getContext().setConversationId(#{conversation.id});
| /script
|
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3970637#3970637
Reply to the post :
Remoting was built for exactly this scenario, and even though we only provide a
Javascript implementation of the remoting client, there is nothing stopping
anyone from building a C (or whatever) client that integrates with the remoting
servlet. It uses a simple XML-based structure for its
CptnKirk wrote : Not to knock the work done by the remoting team, but is
there a reason a custom protocol was chosen vs a Seam RemotingEndpoint that
would handle remoting via some version of SOAP?
|
| I would have a thought the benefits of a standard transport protocol would
outweigh the
msteiner wrote :
| During one request RollbackInterceptor is called two times: one with
AuthenticationException and one with NullPointerException. Is this ok ?
|
I think its ok, although when I have some more time I'll try to take a look.
In any case, the more I think about it, the more
dbatcn wrote : I just noticed the new Seam security stuff which at first
glance seems like exactly what I'm looking for right now. Is this scheduled
for Seam 1.1.0.GA? Is there an ETA for this? I'm champing at the bit for this
but don't think I'm really ready to work with a CVS or nightly
msteiner wrote : Seam security does strange things with transactions when is
turned on 'Transaction failed' message is rendered and when I try write to db I
get exception:
|
|
|
| | (...)
| | Caused by: org.jboss.util.NestedSQLException: Transaction is not
active: (...)
The
I'll try to find some time to look at this today. I guess you need the
following two things to fix your issue:
1. Poll Handler correctly returning an error when the token doesn't exist.
2. Some way of handling a polling error in the client so you can re-establish
the subscription, e.g.
This stuff only exists in CVS at the moment, and yes, you should try it :)
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3966893#3966893
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3966893
msteiner wrote : I've followed instructions on wiki and I get exceptions:
|
When does this exception occur? Does the example app work?
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3966937#3966937
Reply to the post :
gus888 wrote : I downloaded jboss-seam-CVS.20060822, but I could not find the
security example in the examples directory. Can anybody give me a direction?
Thank you.
The nightly build seems to be missing some other stuff too, not sure why. If
you want you could get the project straight from
If you have trouble accessing CVS, the next nightly build should include the
security example.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3967119#3967119
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3967119
msteiner wrote :
| Ok I know where is the problem.
|
| To replicate exception take security example from cvs, set property debug
of org.jboss.seam.core.init = true in components.xml like this:
| true
| add seam-debug.jar to web-inf/lib in war.
|
| When I turned off debug
The remote.js problem is fixed in CVS. Is the type of your @Id field a
primitive long, or a java.lang.Long? If it's a primitive, then you won't be
able to set it to null, and I'd suggest using the wrapper type instead.
View the original post :
I'd like to invite people to try out (and hopefully provide some feedback) on
the security features that are currently under development in CVS. At this
stage the authentication features are in a usable form and the next step is to
determine the best way to implement authorization. I've been
Here's one that might work for you:
http://www.open-im.net/en/
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3966566#3966566
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3966566
This was fixed in CVS a couple of months ago now, it just hasn't made its way
into a release yet.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3966219#3966219
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3966219
Neither, it's just how IE works. Incidentally, the IE7 beta seems to behave
how you would expect (it submits the form).
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3963512#3963512
Reply to the post :
There should be getters and setters, I'll try and find time today to fix this
for you.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3963052#3963052
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3963052
Yes you're right, it should only use the Local interface. I'll modify
InterfaceGenerator and the Call class today to ensure that they get only the
interface annotated as @Local.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3963053#3963053
Reply to the
All fixed. The local interface is now used in both places.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3963064#3963064
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3963064
___
This has been fixed in CVS - you'll now get correctly generated getter/setter
methods for non-component types.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3963065#3963065
Reply to the post :
What Javascript do you have on the client?
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3962365#3962365
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3962365
___
jboss-user
Your javascript looks ok. Is SelectItem an interface? If it is, then there
are still some outstanding issues with how remoting deals with interfaces.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3962369#3962369
Reply to the post :
What does /peanutcafe/seam/remoting/interface.js?myManager produce for the
SelectItem class? Looking at the MyFaces implementation of SelectItem, it
seems that they are using a non-standard naming convention for their javabean
fields... ie. _value instead of just value. This might be what's
What you could do is implement your own javascript stub and register it with
Seam.Remoting.registerType(), but it would be interesting to see what actual
XML is being sent in response to your remoting call. You can enable debugging
mode with Seam.Remoting.setDebug(true) which will show you the
rlhr wrote :
|
|
| | Wed Aug 02 2006 14:56:55 GMT+0200 (Romance Daylight Time): Response
packet:
| | envelope
| | header
| | contextconversationId12/conversationId/context
| | /header
| | body
| | result id=1
| | value
| | bag
I've checked in some changes to CVS which hopefully should fix your issue. It
would be great if you could try this out for me and let me know if it works for
you. One other neat thing that is now supported is explicit importing of
non-component classes, so for example you can now
I've never come across this issue before. If you browse to the stubs directly
do they only work intermittently?
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3962687#3962687
Reply to the post :
Is it possible for you to debug this? I can't reproduce it so any insight into
its cause would be very helpful. You would need to set your breakpoint in
InterfaceGenerator.appendComponentSource(). There's a while-loop that iterates
through the methods of your component to add them to the
I'm afraid I don't know how the @DataModelSelection magic works, but the
remoting framework will only allow you to invoke a Seam component RPC-style, so
anything you want to pass up will need to be expressed as a method parameter.
View the original post :
95 matches
Mail list logo