[jboss-user] [JBoss Seam] - Seam Security Problem
g00se24
do-not-reply at jboss.com
Thu Apr 26 06:59:51 EDT 2007
Hello,
i tried to deploy a minimal SEAM project which only consists of a login page. The problem is that I would like to use a own written build.xml script, which is already stable running.
The problem:
| 12:25:35,281 ERROR [SeamLoginModule] Error invoking login method
| javax.faces.el.EvaluationException: Exception while invoking expression #{test.t
| est}
| at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java
| :165)
| at org.jboss.seam.actionparam.ActionParamBindingHelper.invokeTheExpressi
| on(ActionParamBindingHelper.java:58)
| at org.jboss.seam.actionparam.ActionParamMethodBinding.invoke(ActionPara
| mMethodBinding.java:75)
| at org.jboss.seam.core.Expressions$2.invoke(Expressions.java:148)
| at org.jboss.seam.security.jaas.SeamLoginModule.login(SeamLoginModule.ja
| va:104)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
| java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
| sorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
| at javax.security.auth.login.LoginContext.access$000(LoginContext.java:1
| 86)
| at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
| at java.security.AccessController.doPrivileged(Native Method)
| at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext
| .java:703)
| at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
| at org.jboss.seam.security.Identity.authenticate(Identity.java:247)
| at org.jboss.seam.security.Identity.authenticate(Identity.java:240)
| at org.jboss.seam.security.Identity.login(Identity.java:170)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
| java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
| sorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at com.sun.el.parser.AstValue.invoke(AstValue.java:174)
| at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:286)
|
| at com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.ja
| va:68)
| at com.sun.facelets.el.LegacyMethodBinding.invoke(LegacyMethodBinding.ja
| va:69)
| at org.apache.myfaces.application.ActionListenerImpl.processAction(Actio
| nListenerImpl.java:63)
| at javax.faces.component.UICommand.broadcast(UICommand.java:106)
| at org.ajax4jsf.framework.ajax.AjaxViewRoot.processEvents(AjaxViewRoot.j
| ava:274)
| at org.ajax4jsf.framework.ajax.AjaxViewRoot.broadcastEvents(AjaxViewRoot
| .java:250)
| at org.ajax4jsf.framework.ajax.AjaxViewRoot.processApplication(AjaxViewR
| oot.java:405)
| at org.apache.myfaces.lifecycle.LifecycleImpl.invokeApplication(Lifecycl
| eImpl.java:343)
| at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java
| :86)
| at javax.faces.webapp.FacesServlet.service(FacesServlet.java:137)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
| icationFilterChain.java:252)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
| ilterChain.java:173)
| at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.jav
| a:63)
| at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
| at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.jav
| a:49)
| at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:57)
| at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.jav
| a:49)
| at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:79)
| at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.jav
| a:49)
| at org.jboss.seam.web.SeamFilter.doFilter(SeamFilter.java:84)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
| icationFilterChain.java:202)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
| ilterChain.java:173)
| at org.ajax4jsf.framework.ajax.xmlfilter.BaseXMLFilter.doXmlFilter(BaseX
| MLFilter.java:75)
| at org.ajax4jsf.framework.ajax.xmlfilter.BaseFilter.doFilter(BaseFilter.
| java:213)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
| icationFilterChain.java:202)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
| ilterChain.java:173)
| at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFi
| lter.java:96)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
| icationFilterChain.java:202)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
| ilterChain.java:173)
| at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
| alve.java:213)
| at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
| alve.java:178)
| at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Securit
| yAssociationValve.java:175)
| at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
| torBase.java:432)
| at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValv
| e.java:74)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
| ava:126)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
| ava:105)
| at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConne
| ctionValve.java:156)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
| ve.java:107)
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
| a:148)
| at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
| :869)
| at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.p
| rocessConnection(Http11BaseProtocol.java:664)
| at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpo
| int.java:527)
| at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWor
| kerThread.java:112)
| at java.lang.Thread.run(Thread.java:595)
| Caused by: javax.faces.el.PropertyNotFoundException: Base is null: test
| at org.apache.myfaces.el.ValueBindingImpl.resolveToBaseAndProperty(Value
| BindingImpl.java:460)
| at org.apache.myfaces.el.MethodBindingImpl.resolveToBaseAndProperty(Meth
| odBindingImpl.java:180)
| at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java
| :114)
| ... 67 more
|
The project ist structured like:
dist/
META-INF/
application.xml
jboss-app.xml
view.war/
WEB-INF/
components.xml
faces-config.xml
web.xml
index.html -> Redirect index.seam
index.xhtml
index.page.xml
web.xml
| <?xml version="1.0" ?>
| <web-app xmlns="http://java.sun.com/xml/ns/j2ee"
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
| version="2.4">
|
| <!-- Ajax4jsf (must come first!) -->
|
| <filter>
| <display-name>Ajax4jsf Filter</display-name>
| <filter-name>ajax4jsf</filter-name>
| <filter-class>org.ajax4jsf.Filter</filter-class>
| </filter>
|
| <filter-mapping>
| <filter-name>ajax4jsf</filter-name>
| <url-pattern>*.seam</url-pattern>
| </filter-mapping>
|
| <context-param>
| <param-name>org.ajax4jsf.VIEW_HANDLERS</param-name>
| <param-value>org.jboss.seam.ui.facelet.SeamFaceletViewHandler</param-value>
| </context-param>
|
| <!-- Seam -->
|
| <listener>
| <listener-class>org.jboss.seam.servlet.SeamListener</listener-class>
| </listener>
|
| <filter>
| <filter-name>Seam Filter</filter-name>
| <filter-class>org.jboss.seam.web.SeamFilter</filter-class>
| </filter>
|
| <filter-mapping>
| <filter-name>Seam Filter</filter-name>
| <url-pattern>/*</url-pattern>
| </filter-mapping>
|
| <servlet>
| <servlet-name>Seam Resource Servlet</servlet-name>
| <servlet-class>org.jboss.seam.servlet.ResourceServlet</servlet-class>
| </servlet>
|
| <servlet-mapping>
| <servlet-name>Seam Resource Servlet</servlet-name>
| <url-pattern>/seam/resource/*</url-pattern>
| </servlet-mapping>
|
| <!-- MyFaces -->
|
| <listener>
| <listener-class>org.apache.myfaces.webapp.StartupServletContextListener</listener-class>
| </listener>
|
| <!-- Facelets development mode (disable in production) -->
|
| <context-param>
| <param-name>facelets.DEVELOPMENT</param-name>
| <param-value>true</param-value>
| </context-param>
|
| <!-- JSF -->
|
| <context-param>
| <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
| <param-value>client</param-value>
| </context-param>
|
| <context-param>
| <param-name>javax.faces.DEFAULT_SUFFIX</param-name>
| <param-value>.xhtml</param-value>
| </context-param>
|
| <servlet>
| <servlet-name>Faces Servlet</servlet-name>
| <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
| <load-on-startup>1</load-on-startup>
| </servlet>
|
| <servlet-mapping>
| <servlet-name>Faces Servlet</servlet-name>
| <url-pattern>*.seam</url-pattern>
| </servlet-mapping>
|
| <security-constraint>
| <display-name>Restrict raw XHTML Documents</display-name>
| <web-resource-collection>
| <web-resource-name>XHTML</web-resource-name>
| <url-pattern>*.xhtml</url-pattern>
| </web-resource-collection>
| <auth-constraint>
| <role-name>NONE</role-name>
| </auth-constraint>
| </security-constraint>
|
| </web-app>
|
components.xml
| <?xml version="1.0" encoding="UTF-8"?>
| <components xmlns="http://jboss.com/products/seam/components"
| xmlns:core="http://jboss.com/products/seam/core"
| xmlns:drools="http://jboss.com/products/seam/drools"
| xmlns:security="http://jboss.com/products/seam/security"
| xmlns:mail="http://jboss.com/products/seam/mail"
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| xsi:schemaLocation=
| "http://jboss.com/products/seam/core http://jboss.com/products/seam/core-1.2.xsd
| http://jboss.com/products/seam/drools http://jboss.com/products/seam/drools-1.2.xsd
| http://jboss.com/products/seam/security http://jboss.com/products/seam/security-1.2.xsd
| http://jboss.com/products/seam/mail http://jboss.com/products/seam/mail-1.2.xsd
| http://jboss.com/products/seam/components http://jboss.com/products/seam/components-1.2.xsd">
|
| <core:init debug="true" jndi-pattern="alert/#{ejbName}/local"/>
|
| <core:manager concurrent-request-timeout="500"
| conversation-timeout="120000"
| conversation-id-parameter="cid"
| conversation-is-long-running-parameter="clr"/>
|
| <core:managed-persistence-context name="entityManager"
| auto-create="true"
| persistence-unit-jndi-name="java:/DefaultDS"/>
|
| <core:ejb installed="false"/>
|
| <security:identity authenticate-method="#{test.test}"/>
|
| <event type="org.jboss.seam.notLoggedIn">
| <action expression="#{redirect.captureCurrentView}"/>
| </event>
| <event type="org.jboss.seam.postAuthenticate">
| <action expression="#{redirect.returnToCapturedView}"/>
| </event>
|
| </components>
|
faces-config.xml
| <?xml version='1.0' encoding='UTF-8'?>
| <!DOCTYPE faces-config PUBLIC
| "-//Sun Microsystems, Inc.//DTD JavaServer Faces Config 1.1//EN"
| "http://java.sun.com/dtd/web-facesconfig_1_1.dtd">
|
| <faces-config>
|
| <application>
| <message-bundle>messages</message-bundle>
| <!-- Disabled when using Ajax4JSF -->
| <!--
| <view-handler>org.jboss.seam.ui.facelet.SeamFaceletViewHandler</view-handler>
| -->
| </application>
|
| <!-- Seam transaction management -->
| <lifecycle>
| <phase-listener>org.jboss.seam.jsf.TransactionalSeamPhaseListener</phase-listener>
| </lifecycle>
|
| </faces-config>
|
application.xml
| <?xml version="1.0" encoding="UTF-8"?>
| <application xmlns="http://java.sun.com/xml/ns/javaee"
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_5.xsd"
| version="5">
|
| <display-name>alert</display-name>
|
| <module>
| <web>
| <web-uri>view.war</web-uri>
| <context-root>/alert</context-root>
| </web>
| </module>
|
| <module>
| <ejb>bean.jar</ejb>
| </module>
|
| <module>
| <java>jboss-seam.jar</java>
| </module>
|
| <!-- Remove these lines for JSF 1.2 -->
|
| <module>
| <java>el-api.jar</java>
| </module>
|
| <module>
| <java>el-ri.jar</java>
| </module>
| </application>
|
Authenticator.class
| package de.alert.session;
|
| import org.jboss.seam.annotations.In;
| import org.jboss.seam.annotations.Logger;
| import org.jboss.seam.annotations.Name;
| import org.jboss.seam.log.Log;
| import org.jboss.seam.security.Identity;
|
|
| @Name("test")
| public class Authenticator
| {
| @Logger Log log;
|
| @In Identity identity;
|
| public boolean test()
| {
| log.info("authenticating #0", identity.getUsername());
| //write your authentication logic here,
| //return true if the authentication was
| //successful, false otherwise
| identity.addRole("admin");
| return true;
| }
| }
|
index.xhtml
| <h:outputLabel for="username">Username</h:outputLabel>
| <h:inputText id="username" value="#{identity.username}"/>
| <h:outputLabel for="password">Password</h:outputLabel>
| <h:inputSecret id="password" value="#{identity.password}"/>
| <h:outputLabel for="rememberMe">Remember me</h:outputLabel>
| <h:selectBooleanCheckbox id="rememberMe" value="#{identity.rememberMe}"/>
| <h:commandButton value="Login" action="#{identity.login}"/>
|
What am I doing wrong? All neccessary libaries are in place. Am I missing some configuration files? Has anybody an idea?
If neccessary I would send you my full project structure.
Thank in advance
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4040920#4040920
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4040920
More information about the jboss-user
mailing list