http://jira.jboss.com/jira/browse/JBSEAM-2071
In light of the number of votes it has I scheduled it as a critical issue for
2.0.2
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4117608#4117608
Reply to the post :
I see I've already asked for this before - thanks for the update.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4117627#4117627
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4117627
[EMAIL PROTECTED] wrote : I'm currently working on some extensions to the
security API, one of these will be ACL security which will allow you to assign
instance-based permissions to users.
When will be released?
Is there any workaround for the 2.0.0 version? I need this in the current
It should be available in CVS sometime next month. The workaround is to extend
Identity yourself with the functionality that you need, although I don't
imagine that this is trivial.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4111686#4111686
Reply to the
I'm currently working on some extensions to the security API, one of these will
be ACL security which will allow you to assign instance-based permissions to
users.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4111498#4111498
Reply to the post :
[EMAIL PROTECTED] wrote : There's currently nothing built into Seam to allow
something like this.
What do you suggest while Seam does not have such feature?
Is there some plan to support that in the future?
View the original post :
There's currently nothing built into Seam to allow something like this.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4111353#4111353
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4111353
On further research I found this.
http://jira.jboss.org/jira/browse/JBSEAM-2165
It has been fixed in the new release.
Thanks !!!
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4111045#4111045
Reply to the post :
You explained it the right way - as I said there is no guarantee that your
authenticate method (loginBean.login) will only be called once by Seam's
security API.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4109516#4109516
Reply to the post :
I think I put it the wrong way.
What I meant to say is i have mapped
| security:identity authenticate-method=#{loginBean.login}/
|
and the loginBean.login method is something like
| public boolean login(){
| boolean succeeded = loginAction.login();
| return succeeded;
| }
Thanks Shane.
I see one more behavior
When i provide the wrong username or password, my configured login method is
being called twice. On debugging I see that the method authenticate of Identity
class
| public void authenticate()
| throws LoginException
|{
| // If
This is normal also - there is no guarantee as to how many times your
authenticate method is called. If you need to perform certain actions when
authentication is successful then use an event.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4109073#4109073
Write an event observer for org.jboss.seam.loggedOut, this event is raised
when Identity.logout() is called.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4108686#4108686
Reply to the post :
Thanks, it worked. I had another question too...
I am configuring my identity.login to loginBean.login and my loginBean class is
like
| import org.jboss.seam.annotations.In;
| import org.jboss.seam.annotations.Name;
|
| @Name(loginBean)
| public class LoginBean {
|
|
That is normal behaviour. The password is cleared after successful
authentication.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4108750#4108750
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4108750
You need something like http://jira.jboss.org/jira/browse/JBSEAM-1893 which I
added to Seam today ;)
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4105859#4105859
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4105859
Yeah.. this exactly what I need :) I hope.. it will be working with ajax4jsf.
Thank you for answer. I'm waiting for Seam 2.0.1..
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4105861#4105861
Reply to the post :
[EMAIL PROTECTED] wrote : Use a page action on /home.xhtml to check login and
issue a redirect using FacesManager if they are.
Can u explain, or target me?
page actions (u mean pages.xml) and u also write about FacesManager, but that 2
different ways.
I think better way maybe is in pages.xml
I done as u said, but page doesn't work properly.
All app properties names are not visible and other stuff.
anonymous wrote :
| #{messages['login.portal']}
| #{messages['login.login']}
|
Here is my code
| page view-id=/home.xhtml
| action
Use a page action on /home.xhtml to check login and issue a redirect using
FacesManager if they are.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4105372#4105372
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4105372
page view-id=/home.xhtml
| action execute=#{controller.redirectIfLoggedIn}
public void redirectIfLoggedIn() {
|// If logged in
|FacesManager.instance().redirect(/secure/home.xhtml);
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4105428#4105428
No you haven't, I used FacesManager.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4105477#4105477
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4105477
___
jboss-user mailing
JBoss SSO supports LDAP
http://jira.jboss.com/jira/browse/JBSEAM-1032
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4099045#4099045
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4099045
If you're using JBoss AS then there's already an LDAP login module you can use,
org.jboss.security.auth.spi.LdapLoginModule. You just need to configure Seam
Security to use a configuration with this login module. The security chapter
of the documentation should explain how to do this, however
OK thanks Shane. I just thought that Seam would support LDAP directly instead
of tightly coupling to appserver.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4099105#4099105
Reply to the post :
If you have any tips on the problem stated above please give me a hint because
I couldn't find any possible solutions.
Thanks in advance
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4097396#4097396
Reply to the post :
You can use whatever you like. In my app when a user logs in my authenticate
method loads their roles from a database and puts them in the Identity object.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4070411#4070411
Reply to the post :
Okay, that makes sense. Thanks for the speedy response.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4069899#4069899
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4069899
___
How are you accessing the tryRulesEngine() method?
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4069855#4069855
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4069855
___
A Facelet is referencing the name property of the authenticator, as follows:
h2name = #{authenticator.name}/h2
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4069864#4069864
Reply to the post :
I've now tried invoking the tryRulesEngine() from a command button (rather than
via the property accessor) and it works.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4069868#4069868
Reply to the post :
That's correct behaviour. Seam Security is used to secure action methods, not
properties.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4069880#4069880
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4069880
Yes Shane, I do like you offer, this is easies way:)
I simply remove login form and add logout button.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4068124#4068124
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4068124
You can use the identity object to check if the user is logged in, get the user
name, etc.
There is a method on identity to log out.
Within your JSF page you can simply refer to #{identity.username} and in your
code you can do @In Identity identity; (org.jboss.seam.security.Identity).
There
In general, I would just restrict the way the client interface is built to not
display a login form if the user is already logged in. The seamspace (and
other examples) do this already, take a look at template.xhtml and home.xhtml
in seamspace.
View the original post :
In seam 1.2.1 in RuleBase.java there is the following code:
packageDescr = new DrlParser().parse(drlReader);
It never checks to see if the parser had any errors and therefore does not log
them. Even worse, DrlParser is not a local variable to even have a look at
using a debugger, and the
OK, I added logging of errors to CVS, please try it out, I dont have time today.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4057060#4057060
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4057060
Gavin,
I am no longer sure if this is a seam problem after all, but a problem with
drools.
In rules 3.0.6 (the only source I could get my hands on),
The Rule.isValid() has:
if ( this.consequence == null || !isSemanticallyValid() ) {
but nowhere in the code is the consequence set, so it is
Okay, found the issue. I used maven to build my war, and I built the
dependencies that pulled the jars from maven central. It appears those are
incompatible with the Seam setup.
What I had from maven:
commons-jci-core-1.0.jar
commons-jci-janino-1.0.jar
drools-compiler-3.0.5.jar
You need to disable directory browsing in your web container.
Keep in mind that an entry in pages.xml ONLY protects resources that go through
Faces Servlet. It will not protect resources on the server (directory
listings/static files) that aren't served through it.
View the original post :
You need to disable directory browsing in your web container.
Keep in mind that an entry in pages.xml ONLY protects resources that go through
Faces Servlet. It will not protect resources on the server (directory
listings/static files) that aren't served through it.
View the original post :
You need to disable directory browsing in your web container.
Keep in mind that an entry in pages.xml ONLY protects resources that go through
Faces Servlet. It will not protect resources on the server (directory
listings/static files) that aren't served through it.
View the original post :
Add a page action to /admin/* check the ip. You can get via the facesContext.
Regards
Felix
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4048840#4048840
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4048840
Great. It works. Thanks a lot.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4048844#4048844
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4048844
___
jboss-user mailing list
Thanks, but
i have packed the seam.properties into the root of jar...
Yesterday evening I recreated my workspace with a seam-gen.
I know it's a workaround...
Would you like to at the source of the old project?
View the original post :
From the log it looks like component test cannot be found. When your app
starts up, is it listed among the other components? Do you have a
seam.properties in your jar file?
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4041266#4041266
Reply to the post :
So, this documentation in Seam is wrong?
http://docs.jboss.com/seam/1.2.1.GA/reference/en/html/components.html
anonymous wrote :
| org.jboss.seam.core.isUserInRole
|
| Allows JSF pages to choose to render a control, depending upon the
roles available to the current principal.
From my experience (and from this posting) this code does not work on the
frontend. The documentation is incorrect.
Allows JSF pages to choose to render a control, depending upon the roles
available to the current principal. h:commandButton value=edit
rendered=#{isUserInRole['admin']}/.
you
[EMAIL PROTECTED] wrote : So, this documentation in Seam is wrong?
|
| http://docs.jboss.com/seam/1.2.1.GA/reference/en/html/components.html
|
The isUserInRole that was originally built into Seam is based on servlet
security (and still is). In this regard the documentation is
Shane,
This is working. The problem was with the SeamFaceletViewHandler. It is
required to do the Seam Security using s:hasRole('admin'). That was documented.
It appears to require a different format for the JSP pages as follows: ( it
likes the jsp:root format )
?xml version=1.0?
| jsp:root
Use s:hasRole('admin') instead. isUserInRole is a servlet feature, and isn't
currently integrated with Seam security.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4036171#4036171
Reply to the post :
I need SSO with other old struts application on same server.
With this class SSO authentication works, but authorization
#{s:hasRole('admin')} don't :-(
@Name(org.jboss.seam.security.identity)
@Scope(SESSION)
@Install(precedence = Install.APPLICATION)
@Intercept(NEVER)
@Startup
public class
The problem is that the Seam security model is tightly coupled to a JAAS model
of security - i.e. the Subject class and friends. With CAS and our custom
Tomcat Valve, the servlet container associates/manages a copy of the
authenticated Principal (a.k.a. userPrincipal in Seam) with the
You can easily override the built-in Identity component to do whatever you
like, eg. stub out the addLoginSuccessfulMessage() method.
This is one of the nice things about Seam built-in components.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4031862#4031862
fernando_jmt wrote : The messages you should add to your .properties file are
|
| org.jboss.seam.loginSuccessful = Welcome, #0
|
| and
|
| org.jboss.seam.loginFailed = Login failed
|
|
| In case of login fails it is natural to add the message (which I can
configure as I
Please create a JIRA issue to add these message keys to the docs.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4030408#4030408
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4030408
I am having exactly the same problems in that I am porting a Seam application
that was working with JAAS FORM authentication to use the new Seam security
code:
anonymous wrote : Seam Security only uses JAAS for authentication, not for
authorization. I'm guessing that your action is protected
We've got a number of outstanding JIRA issues to address this, see the
following container task for details:
http://jira.jboss.com/jira/browse/SECURITY-38
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4029673#4029673
Reply to the post :
Yes, you are correct; there is a mechanism protecting the calls. Up until now,
I
had been using the FORM method to authenticate with a login
servlet. Once authenticated, this authorization mechanism works properly.
I wanted to add and use the Seam Identity to do role-based page-level
I don't think it would be too hard for Seam Security to authenticate against a
Tomcat realm - if you create a JIRA issue for this and assign it to me I'll add
this functionality when I get a chance.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4024387#4024387
I create issue http://jira.jboss.com/jira/browse/JBSEAM-967. Note that what
I'm really asking at the moment, is for away to establish an Identity that uses
the HttpServletRequest to obtain the Principal, and check roles.
Thanks,
Brad Smith
View the original post :
Seam Security only uses JAAS for authentication, not for authorization. I'm
guessing that your action is protected with some container security mechanism,
rather than the authorization features provided by Seam?
View the original post :
identity.logout() calls Seam.invalidateSession() itself, no need to call it
separately.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4023277#4023277
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4023277
Thanks for the quick response Shane!
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4023280#4023280
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4023280
___
jboss-user mailing
I have security configuration using Seam 1.1.6GA with ICEFaces 1.5.3.
I only have one know issue (also reported in both forums. When I want to logout
I get exceptions.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4019127#4019127
Reply to the post :
Can I take a look at your web.xml and faces-config.xml
I'm suspecting it doesn't work because of the configuration and perhaps also
the ICEFaces library. I can not even login using the latest Seam security
feature with ICEFaces
Thanks in advance
View the original post :
My faces-config.xml:
| faces-config
| application
| message-bundlemessages/message-bundle
|
view-handlercom.icesoft.faces.facelets.D2DSeamFaceletViewHandler/view-handler
|
variable-resolverorg.jboss.seam.jsf.SeamVariableResolver/variable-resolver
|
I've had no problems implementing the latest authentication/authorisation
security features thanks to the contributors to this thread :)
I now need to roll my own implementation of org.jboss.seam.security.Identity to
include a third log-in form attribute called 'organisation'. This identifies
I use this:
@Name(org.jboss.seam.security.identity)
| public class Identity extends org.jboss.seam.security.Identity {
|
| ...
|
|public static Identity instance() {
| if ( !Contexts.isSessionContextActive() ) {
| throw new IllegalStateException(No active
Your one should have application precedence (the default), the core one has the
lower built in precedence.
From the source
| @Name(org.jboss.seam.security.identity)
| @Scope(SESSION)
| @Install(precedence = BUILT_IN,
classDependencies=org.drools.WorkingMemory)
|
So if you define a
You have security:identity / in your components.xml right? As Seam's
Identity is not marked @Install(value=false) by putting that line in
components.xml you end up creating an Identity component (which has APPLICATION
precedence (as per the defaults)). So, what you in fact need to do, in
Pete, I had overlooked the extra attributes on the security:identity / tag
that provide for a bespoke Identity so thank you for making me revisit this -
I will amend my configuration.
Mike, thanks for your pointers. I actually got my Identity working by changing
the precedence as per your
So to get it working, did you have the same @Name as the built-in component,
@Scope of APPLICATION, and no @Install annotation?
Could you show what the line in your components.xml that you changed to get it
working was? I'm about to start doing this, so your help would be greatly
appreciated.
I've tried to apply the settings via the 'class' and 'precedence' attributes of
the security:identity .../ element but to no avail.
My implementation of Identity does work however with the following annotation -
@Install(precedence = DEPLOYMENT). According to the javadocs this is the
P.S. Components.xml remains unchanged i.e.
| security:identity authenticate-method=#{authenticator.authenticate}/
|
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4017807#4017807
Reply to the post :
If you're using your own Identity implementation you can't configure it with
security:identity ... in components.xml, you need to add a component
class=com.mycustom.identity ... element instead.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4017944#4017944
Is it for the same reason as this?
http://jboss.com/index.html?module=bbop=viewtopicp=3991371
- jBPM does not yet support parameters in method bindings, unfortunately.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4015934#4015934
Reply to the post :
Ah, yes, this is a big missing feature. Forgot about that.
http://jira.jboss.org/jira/browse/JBSEAM-842
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4015947#4015947
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4015947
damianharvey wrote : Is it for the same reason as this?
| http://jboss.com/index.html?module=bbop=viewtopicp=3991371
| - jBPM does not yet support parameters in method bindings, unfortunately.
Yes, the same underlying reason.
View the original post :
I think fernando_jmt is right, for example in my case I link graphical icon
with messages.
Icon is rendered when #{! empty facesContext.maximumSeverity}, unfortunetly
when I set org.jboss.seam.loginSuccessful to be an empty string my icon is also
rendered.
View the original post :
Add your message to messages.properties, check the sourcecode to find the name
of the key, I forget.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4013184#4013184
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4013184
The messages you should add to your .properties file are
org.jboss.seam.loginSuccessful = Welcome, #0
and
org.jboss.seam.loginFailed = Login failed
In case of login fails it is natural to add the message (which I can configure
as I want), but in the case of the login is successfully not all
An empty message?
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4013188#4013188
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4013188
___
jboss-user mailing list
I think an empty message will generate the h:messages also renders an empty
message.
I think it would be better detects if org.jboss.seam.loginSuccessful is in
the messages.properties, if it exists then add the message, if doesn't exist,
don't add the message.
View the original post :
does the seam security support multiple authentication modes in the same
application such as Digital Certificate login and Username/Password login.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4012409#4012409
Reply to the post :
lightbulb432 wrote : When catching NotLoggedInException in exceptions.xml, I
have a
|
| redirect view-id=/login.xhtmlNot logged in/redirect for the
NotLoggedInException.
|
| While the redirect works correctly, the message Not logged in doesn't
display in login.xhtml's h:messages
venkateshbr wrote : does the seam security support multiple authentication
modes in the same application such as Digital Certificate login and
Username/Password login.
There is no special support for X509 authentication as yet, although it's on
the to-do list.
View the original post :
lightbulb432 wrote :
| I spoke too soon when I said the above problem sorted itself out. The
following does not work:
|
| exception class=org.jboss.seam.NotLoggedInException
| |redirect view-id=/login.xhtml
| | messageNot logged in/message
| |/redirect
| |
I'll give it a shot, thanks.
How would you use enums as roles added to the identity? Right now I'm using an
enum but it expects strings, so instead of having a simple enum with just {
ROLE1, ROLE2 }, I have to have a constructor and String property in the enum.
I also must refer to it as
I personally wouldn't use enums for roles - unless perhaps you're persisting
user roles as enums. Of course there's no problem doing this, you just need to
call Identity.addRole(myEnum.toString()) in your authenticator method. I could
modify the addRole() method to accept an Object instead of
Yet another problem... Is it looking for a login() method, rather than a login
with the three required arguments? I dunno, but it's not working with the
latest CVS of Seam and I've declared the login method in the session bean
interface.
And I've declared my login method in the
Note that it was working fine until I upgraded to the latest CVS version to
solve another problem, so I don't think the problem's within my login method or
anything like that (as I didn't make changes to those after upgrading).
View the original post :
The authentication way was changed in the CVS version.
You should use it as follows sample:
| ...
| @In
|private Identity identity;
|
|public boolean authenticate()
|{
| try
| {
| Member member = (Member)
Oh, I didn't realize that, thanks.
When catching NotLoggedInException in exceptions.xml, I have a
redirect view-id=/login.xhtmlNot logged in/redirect for the
NotLoggedInException.
While the redirect works correctly, the message Not logged in doesn't display
in login.xhtml's h:messages
I also have the same problem related to NotLoggedInException
Using the non CVS version I had:
| redirect view-id=/login.xhtml#{messages['User.notLoggedIn']}/redirect
|
And it was working well, a message was shown in the login page.
But it seems there's a problem with the CVS version,
In CVS you should wrap the message in a element. Check the new pages.xml DTD.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4012171#4012171
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4012171
I wrapped the message in an element according to the new pages.xml DTD, but
there's no change...it still doesn't appear for me.
Also, how can I override the default org.jboss.seam.loginFailed and
org.jboss.seam.loginSuccessful messages? I tried putting them in my properties
files (e.g.
Never mind my previous post; the first problem magically disappeared and the
second was solved by adding messages to the list of resource bundles in
components.xml.
How do I debug roles? I've added the roles to the identity component in my
login method but the debug page doesn't list roles
identity.logout() is pretty much a convenience method only, all it does is call
Seam.invalidateSession(). If you need more custom behaviour you can write your
own logout method.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4011207#4011207
Reply to the post
Ok, that's what I would've guessed. By the way, I looked through the code of
Identity's logout() method and didn't see a call to Seam.invalidateSession()
anywhere in the things it calls...am I looking in the wrong place? In fact,
that method does a few things...
Also, if writing my own logout
1 - 100 of 138 matches
Mail list logo