After updating to the head of cvs, I'm able to get this stuff to work. For the most part. But, one problem remains-on the first view of a protected resource(like wildcarded restriction below), the user is not being forced to authenticate:-). On the second request, when the jsessionid cookie of the server is set, authentication occurs and the correct things seem to happen. | <page view-id="*"> | <restrict>#{identity.isLoggedIn(true)}</restrict> | <navigation> | <rule if-outcome="home"> | <redirect view-id="/home.xhtml"/> | </rule> | </navigation> | </page> | if my description is vague, here's a list of actions and their results. 1)A user makes a request to the server(let's say it's http://localhost/JAASTest). The user doesn't have a jsessionid cookie. 2)the server, upon reciept of the user's request, creates a jesssionid cookie and sends it back on the response. The server also renders the protected resource and returns that back to the user. *****at this step, the user should have been forced to authenticate**** 3)the user then makes another request to the protected resource. 4)The server then forces authentication and good things seem to happen. I'm thinking my error is occurring in my custom Identity class-maybe I'm missing a critial annotation or I'm misunderstanding about when Seam starts a session or something. Does anyone see what I'm doing wrong? | import static org.jboss.seam.ScopeType.SESSION; | import edu.umn.ictr.mentor.action.CookieCallbackHandler; | import edu.umn.ictr.mentor.action.X500LoginModule; | import javax.security.auth.callback.CallbackHandler; | import javax.security.auth.login.Configuration; | import javax.security.auth.login.LoginContext; | import javax.security.auth.login.LoginException; | import javax.servlet.http.Cookie; | import org.jboss.seam.Component; | import org.jboss.seam.ScopeType; | import org.jboss.seam.annotations.In; | import org.jboss.seam.annotations.Name; | import org.jboss.seam.annotations.Scope; | import org.jboss.seam.annotations.Startup; | import org.jboss.seam.annotations.intercept.BypassInterceptors; | import org.jboss.seam.contexts.Contexts; | import org.jboss.seam.core.Events; | import org.jboss.seam.core.Expressions; | import org.jboss.seam.security.AuthorizationException; | import org.jboss.seam.security.Identity; | import org.jboss.seam.log.LogProvider; | import org.jboss.seam.log.Logging; | import org.jboss.seam.security.RuleBasedIdentity; | | | /** | * | * @author mwkohout | */ | @Name(value = "org.jboss.seam.security.identity") | @Scope(value = SESSION) | @Startup | public class X500Identity extends Identity { | | private static final LogProvider log = Logging.getLogProvider(X500Identity.class); | | @In("org.jboss.seam.security.configuration") | Configuration config; | | | | private Cookie X500Cookie; | | | | public X500Identity() | { | setJaasConfigName("default"); | setAuthenticateEveryRequest(true); | log.error("in X500Identity constructor. jaas config name = "+this.getJaasConfigName()); | } | @Override | public void create() | { | super.create(); | } | | public Cookie getX500Cookie() { | return X500Cookie; | } | | public void setX500Cookie(Cookie X500Cookie) { | this.X500Cookie = X500Cookie; | } | | | public Configuration getConfig() { | return config; | } | | public void setConfig(Configuration config) { | log.error("in setConfig. config = "+config); | this.config = config; | } | | @Override | protected LoginContext getLoginContext() throws LoginException { | log.error("in my getLoginContext()"); | | if (getJaasConfigName() == null) { | throw new RuntimeException("In X500Identity. JAAS config name not set. Please set it up."); | } | if( config == null ) | throw new RuntimeException("In X500Identity. \"org.jboss.seam.security.configuration\" component not injected. Please set it up."); | | log.error( "new LoginContext(getJaasConfigName(), getSubject(), getDefaultCallbackHandler(), config)=+new LoginContext("+getJaasConfigName()+","+ getSubject()+","+ getDefaultCallbackHandler()+","+ config+")"); | log.error("config's # of app configurationEntry's entries= "+config.getAppConfigurationEntry("default").length); | log.error("config's app configurationEntry's LoginModuleName= "+config.getAppConfigurationEntry("default")[0].getLoginModuleName()); | return new LoginContext(getJaasConfigName(), getSubject(), getDefaultCallbackHandler(), config); | } | | @Override | public CallbackHandler getDefaultCallbackHandler() { | log.error("in my getDefaultCallbackHandler()"); | return new CookieCallbackHandler(); | } | | | | @Override | public void checkRestriction(String expr) { | log.error("in my checkRestriction(String expr) expr=" + expr); | if (!evaluateExpression(expr)) { | if (!isLoggedIn()) { | this.login(); | } else { | Events.instance().raiseEvent("org.jboss.seam.notAuthorized"); | throw new AuthorizationException(String.format("Authorization check failed for expression [%s]", expr)); | } | } | } | | | | | public static X500Identity instance() { | if (!Contexts.isSessionContextActive()) { | throw new IllegalStateException("No active session context"); | } | | X500Identity instance = (X500Identity) Component.getInstance(X500Identity.class, ScopeType.SESSION); | | if (instance == null) { | throw new IllegalStateException("No Identity could be created"); | } | | return instance; | } | } | thanks Mike Kohout View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4069279#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...