[jboss-user] [JBoss Seam] - Can't integrate Web JAAS authentication with Seam Identity c

[gilsontavares]

Hi guys,

I need to use SSO (Single Sign On) in my web apps and I have a LoginModule of my own declared in JBoss' login-config.xml.

My web apps use request.getUserPrincipal() to get info 'bout the authenticated user. I'm trying to migrate to Seam and I just can't figure out how to make identity.getPrincipal() return the same info that request.getUserPrincipal() does.

To authenticate in the container I must use a form with a "j_security_check" action, that makes request.getUserPrincipal() return the principal correctly but does not update identity's principal.
If I configure components.xml with <security:identity jaas-config-name="a"/> and call identity.login(), my LoginModule is called and that updates identity but my calls to request.getUserPrincipal() return null.

To go around the problem I'm authenticating twice, what is really bad. Seam's documentation, book, forum and white papers don't mention this problem/scenario.

Is there a way to accomplish this?
Does anyone else with this kind of problem?

I inspected the code in org.jboss.seam.security package and there is no way to update the identity's principal, even if I subclass it, cause the field is private. Can the development team make a remark about this subject? Is it possible to integrate the container security mechanism and Seam security components?

Thanks in advance for any help.

Gilson

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4087448#4087448

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4087448