From seam-commits at lists.jboss.org Mon Jan 28 22:15:19 2008 Content-Type: multipart/mixed; boundary="===============5696997683378764464==" MIME-Version: 1.0 From: seam-commits at lists.jboss.org To: seam-commits at lists.jboss.org Subject: [seam-commits] Seam SVN: r7276 - in branches/Seam_2_0/doc/reference/en: modules and 1 other directory. Date: Mon, 28 Jan 2008 22:15:19 -0500 Message-ID: --===============5696997683378764464== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Author: shane.bryzak(a)jboss.com Date: 2008-01-28 22:15:19 -0500 (Mon, 28 Jan 2008) New Revision: 7276 Removed: branches/Seam_2_0/doc/reference/en/images/security-identitymanager.png branches/Seam_2_0/doc/reference/en/images/security-useraccount.png branches/Seam_2_0/doc/reference/en/images/security-useraccountschema.png branches/Seam_2_0/doc/reference/en/images/security-usermanager1.png branches/Seam_2_0/doc/reference/en/images/security-usermanager2.png Modified: branches/Seam_2_0/doc/reference/en/modules/security.xml Log: removed identity management from 2.0.x documentation Deleted: branches/Seam_2_0/doc/reference/en/images/security-identitymanager= .png =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D (Binary files differ) Deleted: branches/Seam_2_0/doc/reference/en/images/security-useraccount.png =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D (Binary files differ) Deleted: branches/Seam_2_0/doc/reference/en/images/security-useraccountsche= ma.png =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D (Binary files differ) Deleted: branches/Seam_2_0/doc/reference/en/images/security-usermanager1.png =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D (Binary files differ) Deleted: branches/Seam_2_0/doc/reference/en/images/security-usermanager2.png =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D (Binary files differ) Modified: branches/Seam_2_0/doc/reference/en/modules/security.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- branches/Seam_2_0/doc/reference/en/modules/security.xml 2008-01-29 03:1= 1:47 UTC (rev 7275) +++ branches/Seam_2_0/doc/reference/en/modules/security.xml 2008-01-29 03:1= 5:19 UTC (rev 7276) @@ -1514,553 +1514,5 @@ = = - - Identity Management - = - - Seam Security provides an optional identity management API, which of= fers the following features: - - = - - - - User management - the ability to create, delete and modify user = accounts and their role memberships. - - - - - Authentication of users without the need for writing an Authenti= cator component. - - - - - A hierarchical role/group membership structure, allowing roles t= o be members of other roles. - - = - - - Pluggable identity store, allowing the developer to choose their= security provider, whether it be - JPA, LDAP, Kerberos, etc. - - - - = - - The core of the identity management API is the IdentityMana= ger component. Before it can be - used however, it must be configured with an IdentityStore implementation. The = - IdentityStore does the actual work of interacting= with the underlying security provider, = - whatever it may be. - - = - - - - - - - - = - = - - Configuration - = - - Configuration of the IdentityManager is extreme= ly simple, requiring only an = - IdentityStore to be configured in comp= onents.xml. - The identity management namespace is http://jboss.com/pro= ducts/seam/security/management - and its schema location is http://jboss.com/products/seam= /identity-management-2.0.xsd. - Here's a simple example showing the configuration of a JP= AIdentityStore - for the - IdentityManager to use it, it must be named identityStore: - - = - = - ]]> - - = - - JPAIdentityStore - = - - JPAIdentityStore is an IdentityStore implementation that uses - JPA as its underlying security provider. User accounts and their = role memberships are stored in a - self-referencing database table, for which the corresponding entit= y bean must extend = - org.jboss.seam.security.management.UserAccount = to provide the following properties: - - = - - - - - - - - - = - - To provide a complete example, here's what the actual database tab= les may look like: - - = - - - - - - - - = - = - - And an example of the corresponding entity bean: - - = - memberships; - = - @Id @GeneratedValue public Integer getAccountId() { return accountId; }= = - public void setAccountId(Integer accountId) { this.accountId =3D accoun= tId; } - = - @NotNull @Override public String getUsername() { return username; } = - @Override public void setUsername(String username) { this.username =3D = username; } - = - @Override public String getPasswordHash() { return passwordHash; } = - @Override public void setPasswordHash(String passwordHash) { this.passw= ordHash =3D passwordHash; } = - = - @Override public AccountType getAccountType() { return accountType; } = - @Override public void setAccountType(AccountType accountType) { this.ac= countType =3D accountType; } - = - @Override public boolean isEnabled() { return enabled; } - @Override public void setEnabled(boolean enabled) { this.enabled =3D en= abled; } = = - @ManyToMany(targetEntity =3D MemberAccount.class) @JoinTable(name =3D "= ACCOUNT_MEMBERSHIP", = - joinColumns =3D @JoinColumn(name =3D "ACCOUNT_ID"), - inverseJoinColumns =3D @JoinColumn(name =3D "MEMBER_OF")) - @Override public Set getMemberships() { return memberships= ; } = - @Override public void setMemberships(Set memberships) { th= is.memberships =3D memberships; }}]]> - - - In the above example, the implementation of UserAccount is self-referencing - in that it has a many-to-many relationship with itself via its memberships - property. To keep the model simple, both user accounts and roles = are persisted as - UserAccounts, with the accountType property acting as the - discriminator between the two. With this model, roles can be memb= ers of other roles, making it - possible to define complex role membership hierarchies. - - = - - Once the UserAccount implementation has been cr= eated, the JPAIdentityStore - must be configured to use that implementation any time it performs= an identity management operation. = - This is done by specifying the account-class pr= operty in components.xml. - In the following example, it is configured as com.acme.Us= erAccount: - - = - ]]> = - = - - Please note that this is a required parameter, and must always be = specified when using the - JPAIdentityStore. - - = - - = - - Authentication with the Identity Management API - = - - To authenticate using the Identity Management API, it is as simple= as not specifying the - authenticate-method property for the I= dentity component. - If no authenticate-method is specified, then by= default the authentication - process (controlled by SeamLoginModule) will at= tempt to authenticate using - IdentityManager's authenticate() method, and no - Authenticator component is necessary. = - - - = - - Using the IdentityManager API - = - - The IdentityManager can be accessed either by i= njecting it into your Seam - component as follows: - - = - = - = - - or by accessing it through its static instance() method: - - - - = - - The following table describes each of the methods that the IdentityManager provides: - - = - - Identity Management API - = - - - - = - - - - Method - - - Returns - = - - Description - - - = - = - - = - - - - createAccount(String name, String password) - - = - - - boolean - - = - - - Creates a new user account, with the specified name and = password. Returns true - if successful, or false if not. - - - = - = - - - - deleteAccount(String name) - - = - - - boolean - - = - - - Deletes the user account with the specified name. Retur= ns true - if successful, or false if not. - - - = - = - - - - enableAccount(String name) - - = - - - boolean - - = - - - Enables the user account with the specified name. Accou= nts that are not enabled are - not able to authenticate. Returns true if successful, or = - false if not. - - - = - = - - - - disableAccount(String name) - - = - - - boolean - - = - - - Disables the user account with the specified name. Retu= rns true if = - successful, or false if not. - - - = - - - - - changePassword(String name, String password) - - = - - - boolean - - = - - - Changes the password for the user account with the speci= fied name. Returns = - true if successful, or false= if not. - - - - - - - - isEnabled(String name) - - = - - - boolean - - = - - - Returns true if the specified user ac= count is enabled, or = - false if it isn't. - - - = - - - - - grantRole(String name, String role) - - = - - - boolean - - = - - - Grants the specified role to the specified user account.= The role must already exist for it to - be granted. Returns true if the role= is successfully granted, or = - false if it is already granted to the= user. - - - - - - - - revokeRole(String name, String role) - - = - - - boolean - - = - - - Revokes the specified role from the specified user accou= nt. Returns true = - if the specified user is a member of the role and it is = successfully revoked, or = - false if the user is not a member of = the role. - - - - = - - - - accountExists(String name) - - = - - - boolean - - = - - - Returns true if the specified user ex= ists, or false - if it doesn't. - - - = - = - - - - listUsers() - - = - - - List - - = - - - Returns a list of all user names, sorted in alpha-numeri= c order. - - - = - = - - - - listUsers(String filter) - - = - - - List - - = - - - Returns a list of all user names filtered by the specifi= ed filter parameter, sorted in alpha-numeric order. - - - = - = - - - - listRoles() - - = - - - List - - = - - - Returns a list of all role names. - - - = - = - - - - getGrantedRoles(String name) - - = - - - List - - = - - - Returns a list of the names of all the roles explicitly = granted to the specified user name. - - - - - - - - getImpliedRoles(String name) - - = - - - List - - = - - - Returns a list of the names of all the roles implicitly = granted to the specified user name. - Implicitly granted roles include those that are not dire= ctly granted to a user, rather they are - granted to the roles that the user is a member of. For = example, is the admin - role is a member of the user role, an= d a user is a member of the admin - role, then the implied roles for the user are both the <= literal>admin, and user - roles. - - - - - - - - authenticate(String name, String password) - - = - - - boolean - - = - - - Authenticates the specified username and password using = the configured Identity Store. Returns - true if successful or false<= /literal> if authentication failed. - Successful authentication implies nothing beyond the ret= urn value of the method. It does not - change the state of the Identity comp= onent - to perform a proper Seam login the - Identity.login() must be used instead. - - - = - = - - -
- = - - = - - Seam-gen and Identity Management - = - - When creating a new project using seam-gen (see ), by default the = - IdentityManager will be configured with a JPAIdentityStore - and a UserAccount implementation will be genera= ted as part of the new project. - In addition to this, the project will include the following user m= anagement screens, allowing - new users to be created, roles assigned, etc: - - = - - - - - - - - - = - - The user detail screen: - - = - - - - - - - - = - = - = - - - - --===============5696997683378764464==--