[jboss-user] [JBoss Seam] - Security: Better support for single sign on?!

stephen.friedrich do-not-reply at jboss.com
Wed Sep 19 18:49:08 EDT 2007 

I need to integrate my seam app with an existing custom made SSO solution.
After some trial and error I came up with this solution that is basically working, even with login redirection configured (using redirect.captureCurrentView/returnToCapturedView exactly like documented in the seam reference).

  | @Name("authenticator")
  | @Scope(ScopeType.CONVERSATION)
  | public class Authenticator {
  |     @In
  |     private Identity identity;
  | 
  |     private UserData userData;
  | 
  |     // This method is configured in pages.xml as an action called for all pages:
  |     // 	<page view-id="/*" login-required="true" action="#{authenticator.checkLogin}"/>
  |     public void checkLogin() {
  |         // if already logged on, simply continue
  |         if (identity.isLoggedIn()) {
  |             return;
  |         }
  | 
  |         // try SSO auto login
  |         HttpServletRequest request = FacesUtil.getServletRequest();
  |         userData = new SsoAuthenticator().validateSsoToken(request); // results in a web service call
  |         if(userData != null) {
  |             identity.login(); // Don't know another, more direct way to login, so store 
  |                               // userData in field and check it in the authenticate method
  |         }
  |     }
  | 
  |     // This method is configured in components.xml to as the identity's authenticate-method:
  |     // 	<security:identity authenticate-method="#{authenticator.authenticate}"/>
  |     public boolean authenticate() {
  |         if (userData != null) {
  |             // previously a sso token has been validated - log in automatically
  |             userData = null;
  |             return true;
  |         }
  | 
  |         String userName = Identity.instance().getUsername();
  |         String password = Identity.instance().getPassword();
  |         userData = new SsoAuthenticator().login(userName, password); // results in a web service call
  | 
  |         if (userData == null) {
  |             FacesMessages.instance().add("Invalid username/password");
  |             return false;
  |         }
  | 
  |         return true;
  |     }
  | }
  | 

Small problem: After a successful sso auto login the next page displays
anonymous wrote : Warning
  | 
  |    1. Please log in first
  |    2. Welcome, Stephen
How can I prevent these messages or clear them afterwards?

Open issue:
If the user hit the login page directly (as opposed to being redirected when trying to access another page) I'd like to redirect after the login to different pages depending on the user's roles.
Any suggestions?

Proposal:  Here's a way to make integration into an SSO solution easier:
Add an attribute to identity that lets me specify a method that is used to try auto-login:

  | 	<security:identity authenticate-method="#{authenticator.authenticate}" auto-login-method="#{authenticator.tryAutoLogin}"/>
  | 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4086376#4086376

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4086376

More information about the jboss-user mailing list