[jboss-user] [JBoss Seam] - Security context propagation between Seam EJB components and

eyrignou do-not-reply at jboss.com
Tue Aug 14 12:52:49 EDT 2007 

I use Seam 1.2.1GA in my application, under JBoss 4.0.5GA; the presentation layer is made of Session EJBs which are Seam components, and the service and persistance layers are made of "standard" EJBs (ie. not Seam components).

Therefore I need a way to communicate the security context from the Seam components to the "standard" EJBs.

I use the Seam authentication and authorization mecanisms, which work very fine... But only in Seam components.

The user gets authenticated thanks to an "authenticator" JavaBean-Seam Component which I wrote after from the Seam Documentation (I have also put in place all the configuration indicated in the Seam Documentation http://docs.jboss.org/seam/1.2.1.GA/reference/en/html/security.html):

  | public boolean authenticate() {
  | 		
  |   boolean result = false;
  | 		
  |   SylveaUser user = getSecurityDAO().getUser(Identity.instance().getUsername());
  | 			
  |   if ( user != null ) {
  |     Identity.instance().addRole(user.getProfile().getName());
  | 			
  |     if ( Encryption.getInstance().equals(user.getPassword(), Identity.instance().getPassword())) {
  |       result = true;
  |     }
  |   }
  |   return result;
  | }
  | 

In the components.xml, I use the "pure" Seam authentication:

  | <security:identity authenticate-method="#{authenticator.authenticate}"/>
  | 

In my Seam-EJBs components, everything works fine when I use the Seam API, ie. Identity.instance( ).*
But if I try to use the JEE API, I get an exception: "java.lang.IllegalStateException: No valid security context for the caller identity"
Here is an example of my code:

  | @Stateful
  | @Scope(ScopeType.CONVERSATION)
  | @Name("myAction")
  | public class MyActionImpl extends MyAction {
  | 
  |   @Resource
  |   private SessionContext context;
  | 
  |   @Factory(value="intermediaireList", scope=ScopeType.EVENT)
  |   public void findIntermediaires() {
  |     boolean loggedIn = Identity.instance().isLoggedIn();    // works fine
  |     Principal principal = context.getCallerPrincipal();    // IllegalArgumentException
  |     String name = principal.getName();
  |     ...
  |   }
  | }
  | 	

When I try to use the JEE API in my "standard" EJBs if the service and persistance layers, I get the same IllegalArgumentException. Does anyone have an idea ?

Thanks in advance,
Marc.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4074106#4074106

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4074106

More information about the jboss-user mailing list