[JBoss Seam] - Re: Security: Better support for single sign on?!
by sweetlandj
I have a slightly different solution that avoids the need to add action parameters to pages. Basically I extended Identity and overrode the isLoggedIn method. Here is some code that will implement a trivial and unsecure SSO across many co-located applications simply by passing the username and password around in a session cookie:
| package foo.seam;
|
| import java.util.Map;
| import javax.faces.context.ExternalContext;
| import javax.faces.context.FacesContext;
| import javax.servlet.http.Cookie;
| import javax.servlet.http.HttpServletResponse;
| import org.jboss.seam.ScopeType;
| import org.jboss.seam.annotations.Install;
| import org.jboss.seam.annotations.Name;
| import org.jboss.seam.annotations.Scope;
| import org.jboss.seam.annotations.Startup;
| import org.jboss.seam.annotations.intercept.BypassInterceptors;
| import org.jboss.seam.security.Identity;
|
| @Name("org.jboss.seam.security.identity")
| @Scope(ScopeType.SESSION)
| @Install(precedence = Install.APPLICATION)
| @BypassInterceptors
| @Startup
| public class SSOIdentity extends Identity {
| @Override
| public boolean isLoggedIn(boolean attemptLogin) {
| FacesContext facesCtx = FacesContext.getCurrentInstance();
| ExternalContext extCtx = facesCtx.getExternalContext();
| Map<String, Object> cookies = extCtx.getRequestCookieMap();
| Cookie username = (Cookie)cookies.get("sso.username");
| Cookie password = (Cookie)cookies.get("sso.password");
| if((username != null) && (password != null)) {
| setUsername(username.getValue());
| setPassword(password.getValue());
| }
| return super.isLoggedIn(attemptLogin);
| }
|
| @Override
| protected void postAuthenticate() {
| FacesContext facesCtx = FacesContext.getCurrentInstance();
| ExternalContext extCtx = facesCtx.getExternalContext();
| HttpServletResponse response = (HttpServletResponse)extCtx.getResponse();
|
| Cookie username = new Cookie("sso.username", getUsername());
| username.setMaxAge(-1);
| username.setPath("/");
| response.addCookie(username);
|
| Cookie password = new Cookie("sso.password", getPassword());
| password.setMaxAge(-1);
| password.setPath("/");
| response.addCookie(password);
|
| super.postAuthenticate();
| }
|
| @Override
| public void logout() {
| super.logout();
|
| FacesContext facesCtx = FacesContext.getCurrentInstance();
| ExternalContext extCtx = facesCtx.getExternalContext();
| Map<String, Object> cookies = extCtx.getRequestCookieMap();
| HttpServletResponse response = (HttpServletResponse)extCtx.getResponse();
|
| Cookie username = (Cookie)cookies.get("sso.username");
| username.setMaxAge(0);
| username.setValue(null);
| username.setPath("/");
| response.addCookie(username);
|
| Cookie password = (Cookie)cookies.get("sso.password");
| password.setMaxAge(0);
| password.setValue(null);
| username.setPath("/");
| response.addCookie(password);
| }
| }
|
|
Just drop this class in the EJB module of each app you're working with (or web module if you're using the J2EE packaging strategy with POJOs). It should work with a customer authenticate method, but I haven't tried it (I'm using the LDAP JAAS authenticate module).
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4114401#4114401
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4114401
18 years, 4 months
[JBoss/Spring Integration] - Re: Deploying multiple XML files as a single SpringApplicati
by acricken
It's often useful to break beans out into separate XML files for legibility, as well as making it easier to swap certain portions for different configurations or environments. While this may speak to an over-reliance on Spring for DI, I still find it useful. When doing this, it's desirable to avoid the individual XML files being aware of each other if possible.
I find it's a pretty common use case for Spring, eg (from their docs):
ApplicationContext context = new ClassPathXmlApplicationContext(
| new String[] {"applicationContext.xml", "applicationContext-part2.xml"});
In my case, I'm working with an app based heavily on Apache Camel. I'd like to use the same Apache Camel route definitions but with varying component configurations. So, use routes-spring.xml, which refers to beans that could be in components-dev-spring.xml or in components-prod-spring.xml depending on the environment. Currently, if I want to deploy this app to JBoss, I have to resort to hardcoding an import or using JNDI to get at beans. Am I missing something obvious?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4114387#4114387
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4114387
18 years, 4 months