Ok guys,
I've integrated JAAS with Seam, Facelets, MyFaces and jBMP pageflow.
It works very fine!
I've started with the information written by SunFire and locoetze in this topic.
In pageflow.jpdl.xml I've called an action that put in http session j_username
and j_password.
| .
|
How can I get the authenticated JAAS user in a seam application?
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3942252#3942252
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3942252
To get the username:
if ( facesContext.getExternalContext().getUserPrincipal() == null ) {
| // User not logged in
| } else {
| String username =
facesContext.getExternalContext().getUserPrincipal().getName().toString();
| }
From this you can just use a normal EJB/Hibernate
Louis,
Superb example - allowed me to get everything up and running smoothly.
Thanks
Peter
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3941850#3941850
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3941850
Hi,
I would like add one more complexity to JAAS-SEAM coexistance...
I'm writing a web application with jBPL pageflow
I've used SunFire's solution with a login page like this:
login.xhtml
| [...]
| form action=j_security_check
| h:outputText value=#{bundle.label_username} /
|
heh. You wish. :-(
AFAICT, there is no way to properly integrate JSF with servlet spec
authentication. What the servlet spec has on this is a total disaster.
You'll need to use some Tomcat-specific stuff for this.
We are also trying to figure out a great solution to this.
View the original
I don't think that will work (but saying this with care as I haven't used the
pageflow stuff yet).
With JAAS you cannot point to the login page directly. The way it works is the
request gets intercepted when you are trying to access a secure resource (which
pops up the login page). After the
Oops.. didn't see Gavin's reply in time! Bandwidth to Africa ;-)
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3941314#3941314
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3941314
anonymous wrote : the standard logout would be to
| invalidate the session, right. How do I do that with SEAM?
I do a Seam.invalidateSession();
anonymous wrote : when the login fails, how do I tell the server to stay in
login.jsp?
|
In your web.xml just change the form-error-page to
Hello guys. Well this topic is getting long, but I didn't want to start
another, JAAS SEAM is exactly what I want to talk about.
This is the thing: I've got an existing JSP/J2EE legacy web app. This has a
working JAAS security schema working just fine, with user, roles, etc. I want
now my
dalvarezpy wrote : My question is now: how do I use my security framework
from within SEAM? I mean, I'd like to customize the views according to the
roles the user have (e.g. show a given button only to Admins), so I would like
to know any moment what roles the user have, for example. Is there
The tomahawk stuff works well. However, I have changed most of my code to use
the Seam s:link as provided by Gavin quite recently (mostly because I was able
to get away from the Javascript stuff ). In conjunction with the s:link he also
exposed the isUserInrole which makes life a lot easier.
Well that's GREAT. While trying the tomahawk stuff, refreshed this topic and
saw the rendered=#{isUserInRole['Role']} thing.
I compiled the last SEAM, tried it, and JUST WORKED. Thanks Louis and SunFire,
and Gavin for adding it.
It's great to see how the things the community wants get
lcoetzee wrote : I also doubt if the conversation has really ended.
Converation.end() will make the current long-running conversation into a
temporary conversation and destroy the conversation context at the end of the
request.
View the original post :
mirko27 wrote : gavin, is there any way to talk with you more real-time? I
would start with tutorial then, but I have few questions.
I'm travelling a lot at the moment, so not really. Just post here, or if its
more private, send me email. Whichever way I will answer as soon as I get a
chance.
Of course, we can use the the help we can get.
Example application are *always* useful, especially if they come with a
tutorial explaining how they work and what they do.
Note that I spent all week updating the booking example.
View the original post :
gavin, is there any way to talk with you more real-time? I would start with
tutorial then, but I have few questions.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3934139#3934139
Reply to the post :
Dear Louis,
if this exception is the only problem then please turn your code back. This
exception is caused by a very common shortcome of hibernate. Portaluser roles
does not get initialized when portaluser is initiliazed. You should do smth.
like creating portaluser and after that calling
Just an update on the usage of pages.xml and conversation.end I have
removed it again, seems that it did not do as I wished it would.
Regards
L
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3933729#3933729
Reply to the post :
lcoetzee wrote : Just an update on the usage of pages.xml and
conversation.end I have removed it again, seems that it did not do as I
wished it would.
What was the problem?
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3933730#3933730
Reply to the post
When the conversations was just joined things worked. However, with the
pages.xml conversation.end things got a bit confusing. Using a @Factory with an
@Begin to start the new conversation, later on (a few methods calls down in the
same conversation and same stateful bean) I get this:
I also doubt if the conversation has really ended. If I click a link specified
in my pages.xml (with the conversation.end) (with a running conversation),
(and if the action I am going to is annotated only with an @Begin and the
@Factory) I get the following exception:
Caused by:
Hi,
anonymous wrote : I've 100,000 users to support initially
We would love to have so many users! If we get 1000 initially we would regard
it as a success (mostly due to the target demographic and other cultural
issues).
anonymous wrote : Is the content management subsystem part of what
With regards to API use, I meant manual Seam context component management.
I'm using it in a few places where I'm trying out finer control over the
components created their outjection
(usually from upstream actions)
Your pages.xml use does look interesting, that's a good tip.
I'm guessing
anonymous wrote : I meant manual Seam context component management Aah ;-)
Very seldom actually. The only place where I really had to do manual stuff was
in a JSF phaselistener where I wanted to see if the guy was already logged in
(so I actually checked for the existence of the valid info in
How is Seam working out? Is it successfully improving your productivity? Does
anything really suck?
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3933061#3933061
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3933061
I love it. It has made a big improvement on our productivity (taken into
account that I have taken a whole team with no experience with Java
annotations, ejb3 (and hibernate3), JSF and facelets and have managed (almost
done ;-) to develop a full featured, complicated application in less than 3
Btw lcotzee. You do not need this dummy call to your templates. That is a
question of logic.
Because you do not need user entity bean before you really use it, you needn`t
put it into session scope...
Anyway got it working quite good.
View the original post :
Btw I use Stateless FactoryBean because the thing happens only once.(pulling
entity bean)
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3933098#3933098
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3933098
Excellent. Glad that it works.
Louis
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3933101#3933101
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3933101
---
This SF.Net
Hi Louis,
Great to hear it's going well for you, especially considering the scale/nature
of your project. I've spent a couple of weeks delving into various aspects of
Seam, and am planning to move forward with pretty much the same stack you're
using. I've 100,000 users to support initially,
Maybe you could even share your entire Seam application?
This would be great for learning Seam.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3932774#3932774
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3932774
Just add the following in the template that you use for those pages which live
in the secure area. This will invoke the factory on the piece of Java code
provided earlier, and as a result outject the portalUser in the session
context. Place the Java code in a stateful bean as part of the
THank you for answering but I got more questions.
Where exactly did you put this Factory method?
And if I mark User Entity bean Scope-Session and Name-portalUser then it
automatically loads it to session scope and does not give a change to factory,
because it alrdy is there? or not?
View the
Hi,
this was quite painful as there was no way I could find to do that
automatically after the JAAS login. In the end we used an @Factory variable
included in one of the admin templates to force the creation and outjection of
the PortalUser. Something as follows:
| /**
| * if
My question. If i have created user Entity does JAAS automatically load user
entity to session scope? JAASExample seems to do nothing for this behaviour.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3931131#3931131
Reply to the post :
I appologyze for my bad formed question. It was quite late at the moment of
writing.
What I like to know is how to outject User Entity Bean to Session Scope so, that
outjected user entity bean corresponds to logged one.
Thank you.
View the original post :
for anybody who is looking for sunfires logininterceptor-solution:
getEJBContext() doesn't work anymore
-
http://www.jboss.org/index.html?module=bbop=viewtopict=77225
Greets
Dennis
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3927109#3927109
Reply to the
Thanks for that Louis.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3927281#3927281
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3927281
---
This SF.Net email is
I have uploaded a stripped down Seam example using JAAS with postgresql.
See JAASExample.zip
http://wiki.jboss.org/wiki/Wiki.jsp?page=JBossSeam
Regards
Louis
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3926366#3926366
Reply to the post :
You can use the Wiki pages for that, you can attach files to a Wiki page.
Create a new page and link it from here:
http://www.jboss.com/wiki/Wiki.jsp?page=JBossSeam
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3925778#3925778
Reply to the post :
It would be really cool if you placed it in the jboss seam wiki.
Thanks,
James
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3925779#3925779
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3925779
Wiki ... will do so. Probably only over the weekend though (too many meetings
today and tomorrow).
L
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3925798#3925798
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3925798
I have incorporated the whole JAAS thing for the web container (using the
databaseserverloginmodule ... postgresql) in my project. Unfortunately not on
the EJB layer.
I think it would be good to share! What will be the best way ? I can cut the
project down to just have a basic Seam app with
I'm also interested in a working example. Best with DatabaseServerLoginModule.
All Help welcome, I'm stuck.
Dennis
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3925412#3925412
Reply to the post :
[EMAIL PROTECTED] wrote : mjschehl wrote : Shouldn't Seam come packaged
with these Login and Security check type of functionality built-in and
overridable if needed?
|
| Perhaps, but the trouble is that I am not sure that all Seam apps will want
to do security stuff in the same way and I
I don't understand the desire to protect a Seam project using web.xml's
security descriptors. It seems to me that a much stronger security would be
implemented using annotations.
I would want to see an annotation called @RequireUserType or @RequireUserRole.
| @Stateful
| @Name(search)
|
mjschehl wrote : Shouldn't Seam come packaged with these Login and Security
check type of functionality built-in and overridable if needed?
Perhaps, but the trouble is that I am not sure that all Seam apps will want to
do security stuff in the same way and I am not enough of an expert on
SunFire,
Nice work. As for taking out the LoggedIn interceptor, I wonder if using a
servlet filter could do the same trick. This at least frees you of using the
@LoggedIn annotation. Another thing is that you don't have to rely on a backing
bean instantiation for the User to make it into the
Well I was also looking at a way to use the container based JAAS cababilities
of Tomcat to do webauthentication. I have it working as I wanted it to work but
the implementation is not how I want it to look like:
1. I have written a custom LoginModule that extends UsernamePasswordLoginModule
a few more things to make the sample more complete:
1. put a login-config.xml into the META-INF dir of you .ear and make it look
like this:
| policy
| application-policy name=YourAuthPolicyName
| authentication
| login-module
JAAS is indepedent of any container layer so it knows nothing about the
existence of a session. Your login module can choose to be coupled to a
particular container and access the servlet request to populate the session if
it wants as described here:
It's not that simple... there's two security concerns here:
1. Web Security, which restricts access based on URL
2. EJB Security which restricts access to EJBs and methods.
If you're using the JSF/Seam/EJB3 stack simply for web applications, then Web
Security is enough and EJB security is
Surely in the context of JBoss, Tomcat is going to be delegating to JBoss'
security infrastructure?
No??
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3913913#3913913
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3913913
Of course!
Seam components are EJBs, so you can just use EJB security, which in JBoss is
using JAAS.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3913531#3913531
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3913531
I see. But is there any effort to do this? It sould be nice to have a security
platform integrated with seam. We would need login Module, annotation and etc.
It also would be a good isea if the example use JAAS for authentication and
authorization instead of a custom flag in the session? could
There is nothing specifically related to Seam so there is no interest in adding
JAAS to our examples since some people could be bothered by this extra noise.
If you find out a better way to integrate security to Seam than the standard
way let us know.
View the original post :
armita wrote : I see. But is there any effort to do this? It sould be nice to
have a security platform integrated with seam. We would need login Module,
annotation and etc.
I truly don't understand. JAAS is already integrated in EJB3. Just use EJB3
security. Seam sits on top of EJB3.
armita
58 matches
Mail list logo