[jboss-user] [JBoss Seam] - Re: JaasAuthenticationProvider in Seam 1.1

cavani do-not-reply at jboss.com
Thu Nov 23 07:15:54 EST 2006 

I use, since Seam 1.0.CR3, a dirty but cheap solution (I will wait for a clean one with 1.1.5).

I mixed this:

http://groundside.com/blog/DuncanMills.php?title=j2ee_security_a_jsf_based_login_form

and JAAS example on Seam Wiki (http://wiki.jboss.org/wiki/Wiki.jsp?page=JBossSeam)

long story short (this is not complete but show the idea - I can complete if there is interest) :

sidebar for Login.xhtml on /WEB-INF/sidebar/Login.xhtml (based on DVD Store example):


  | <c:choose xmlns="http://www.w3.org/1999/xhtml"
  |           xmlns:ui="http://java.sun.com/jsf/facelets"
  |           xmlns:f="http://java.sun.com/jsf/core"
  |           xmlns:h="http://java.sun.com/jsf/html"
  |           xmlns:c="http://java.sun.com/jstl/core"> 
  |     
  | 	<c:when test="#{ currentUser == null }">
  | 		<div class="sidebarWrapper">
  | 			<dl>
  | 				<dt class="sidebarHeader">Login</dt>
  | 				<dd class="sidebarForm">
  | 					<h:form id="loginForm">
  | 						<dl>
  | 							<dt><h:outputText value="Usuário"/></dt>
  | 							<dd><h:inputText id="j_username" value="#{ login.username }" size="16" styleClass="text"/></dd>
  | 							<dt><h:outputText value="Senha"/></dt>
  | 							<dd><h:inputSecret id="j_password" value="#{ login.password }" size="16" styleClass="text"/></dd>
  | 		                
  | 							<dd>
  | 								<h:commandButton action="#{ login.login }" value="Entrar" styleClass="formButton" style="width: 166px;"/>
  | 							</dd>
  | 							<dd><h:messages globalOnly="true"/></dd>
  | 						</dl>
  | 					</h:form>
  | 				</dd>
  | 			</dl>
  | 		</div>
  | 	</c:when>
  | 
  | 	<c:otherwise>
  | 		<div class="sidebarWrapper">
  | 			<dl>
  | 				<dt class="sidebarHeader">Bem-vindo, #{ currentUser.nickname }</dt>
  | 				<dd class="sidebarForm">
  | 					<h:form>
  | 						<dl>
  | 							<dd>Seu acesso está autorizado</dd>
  | 							<dd>
  | 								<h:commandButton action="#{ login.logout }" value="Logout" class="formButton" style="width: 166px;"/>
  | 							</dd>
  | 						</dl>
  | 					</h:form>
  | 				</dd>
  | 			</dl>
  | 		</div>
  | 	</c:otherwise>
  | 
  | </c:choose>
  | 

Login Action Bean:


  | 	public String login()
  | 	{
  | 
  | 		String username = this.username;
  | 		String password = this.password;
  | 		
  | 		this.username = null;
  | 		this.password = null;
  | 		
  | 		try
  | 		{
  | 			UserReference user = (UserReference) em.createQuery("from UserReference u where u.username = :username and u.password = :password")
  | 				.setParameter("username", username)
  | 				.setParameter("password", password)
  | 				.getSingleResult();
  | 
  | 
  | 			Contexts.getSessionContext().set("currentUser", user);
  | 			Contexts.getSessionContext().set("loggedIn", true);
  | 
  | 			// PUT HERE CONTEXT USER RELATED CONTENT
  | 		
  | 			ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
  | 			
  | 			HttpServletRequest request = (HttpServletRequest)ectx.getRequest();
  | 			HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
  | 
  | 			RequestDispatcher dispatcher = request.getRequestDispatcher("loginProxy.jsp");
  | 			dispatcher.forward(request, response);
  | 			
  | 			return null;
  | 			  
  | 		}
  | 		catch (Exception e)
  | 		{
  | 			FacesMessages.instance().add("Erro de Login");
  | 			return null;
  | 		}
  | 	}
  | 
  | 	public String logout()
  | 	{
  | 		Seam.invalidateSession();
  | 		Contexts.getSessionContext().set("currentUser", null);
  | 		Contexts.getSessionContext().set("loggedIn", null);
  | 		return "index";
  | 	}
  | 

For real JAAS pass in loginProxy.jsp:


  | <?xml version="1.0" encoding="UTF-8" ?>
  | <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.0">
  |     <jsp:directive.page language="java"
  |         contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" />
  |     <jsp:text>
  |         <![CDATA[ <?xml version="1.0" encoding="UTF-8" ?> ]]>
  |     </jsp:text>
  |     <jsp:text>
  |         <![CDATA[ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> ]]>
  |     </jsp:text>
  | <html xmlns="http://www.w3.org/1999/xhtml">
  | <head>
  | 	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
  | 	<title>Logging in</title>
  | </head>
  | <body onload="document.forms[0].submit()">
  | 	
  | 	Você está sendo redirecionado... Por favor aguarde!<br/>
  | 	Caso seu browser não esteja carregando a página, tente novamente!
  | 	<br/><br/>
  | 	Atenciosamente,<br/>
  | 	Equipe de Desenvolvimento da Uqbar
  | 	
  | 	<form method="post" action="j_security_check">
  | 		<input type="hidden" name="j_username" value='${ param["loginForm:j_username"] }' />
  | 		<input type="hidden" name="j_password" value='${ param["loginForm:j_password"] }' />
  | 	</form>
  | </body>
  | </html>
  | </jsp:root>
  | 

worth mention web.xml (I use .html instead of .seam):


  |     <!-- JAAS  -->
  |     
  |    	<security-constraint>
  | 		<web-resource-collection>
  | 			<web-resource-name>Ipanema</web-resource-name>
  | 			<description>Intranet Information Manager</description>
  | 			<url-pattern>/Index.html</url-pattern>
  | 			<url-pattern>/Management/*</url-pattern>
  | 			<url-pattern>/QueryTool/*</url-pattern>
  | 			<url-pattern>/Data/*</url-pattern>
  | 			<http-method>POST</http-method>
  | 			<http-method>GET</http-method>
  | 		</web-resource-collection>
  | 		<auth-constraint>
  | 			<description>Acesso Controlado de Usuários</description>
  | 			<role-name>ADMINISTRATORS</role-name>
  | 			<role-name>USERS</role-name>
  | 		</auth-constraint>
  | 	</security-constraint>
  | 
  | 
  | 	<login-config>
  | 		<auth-method>FORM</auth-method>
  | 		<form-login-config>
  | 			<form-login-page>/Login.html</form-login-page>
  | 			<form-error-page>/Login.html</form-error-page>
  | 		</form-login-config>
  | 	</login-config>
  | 
  | 
  | 	<security-role>
  | 		<description>Administrador</description>
  | 		<role-name>ADMINISTRATORS</role-name>
  | 	</security-role>
  | 
  | 	<security-role>
  | 		<description>Usuários Comuns</description>
  | 		<role-name>USERS</role-name>
  | 	</security-role>
  | 

And login base page referenced by web.xml:


  | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  | <html xmlns="http://www.w3.org/1999/xhtml"
  |       xmlns:ui="http://java.sun.com/jsf/facelets">
  | 
  | <body>
  |     <ui:composition template="/WEB-INF/base/MasterPage.xhtml">
  | 
  | 	    <ui:define name="sidebar">
  | 			<ui:include src="/WEB-INF/sidebar/Login.xhtml"/>
  | 		</ui:define>
  | 
  |         <ui:define name="content">
  | 
  |             <h1>Bem Vindo ao Ipanema</h1>
  | 
  |         </ui:define>
  | 
  |     </ui:composition> 
  | </body>
  | 
  | </html>
  | 


I use this on JBoss AS 4.0.5 and 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3988145#3988145

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3988145

More information about the jboss-user mailing list