[jboss-user] [JBoss Seam] - Re: external authentication-any pointers for a beginner?
mwkohout
do-not-reply at jboss.com
Tue Jul 24 16:07:17 EDT 2007
After reviewing the seam security documentation, I've written some code:
1) A JAAS Module:
| public class CustomLoginModule extends SeamLoginModule {
|
| private static final LogProvider log = Logging.getLogProvider(SeamLoginModule.class);
|
| public CustomLoginModule() {
| }
|
| @Override
| public boolean login() throws LoginException {
|
| boolean isLoggedIn = false;
| javax.faces.context.FacesContext ctx = javax.faces.context.FacesContext.getCurrentInstance();
| javax.servlet.http.Cookie cookie = (javax.servlet.http.Cookie) ctx.getExternalContext().getRequestCookieMap().get("umnAuthV2");
|
| log.debug("in Module. cookie == "+cookie);
| try{
| if (cookie == null) //if we can't find it, redirect them to the auth server. the auth server will redirect them back, using the desturl param
| ctx.getExternalContext().redirect("https://authserver.somewhere?desurl=" + ((javax.servlet.http.HttpServletRequest) ctx.getExternalContext().getRequest()).getRequestURL());
| }
| catch (IOException ex) {
| Logger.getLogger("global").log(Level.SEVERE, null, ex);
| }
|
|
| org.jboss.seam.core.Expressions.MethodExpression mb = org.jboss.seam.security.Identity.instance().getAuthenticateMethod();
| if (mb == null) {
| throw new java.lang.IllegalStateException("No authentication method defined - please define <security:authenticate-method/> for <security:identity/> in components.xml");
| }
|
| try {
| isLoggedIn = (java.lang.Boolean) mb.invoke();
| } catch (java.lang.Exception ex) {
| log.error("Error invoking login method", ex);
| }
| return isLoggedIn;
| }
| }
And a new security configuration factory(that exposes my JAAS module):
| @Name("org.jboss.seam.security.configurationFactory")
| @BypassInterceptors
| @Scope(ScopeType.STATELESS)
| public class JAASConfigFactory {
|
| @Logger
| private Log log;
| public JAASConfigFactory() {
| }
|
| static final String DEFAULT_JAAS_CONFIG_NAME = "custom";
|
| protected javax.security.auth.login.Configuration createConfiguration()
| {
| return new javax.security.auth.login.Configuration()
| {
| private AppConfigurationEntry[] aces = { createAppConfigurationEntry() };
|
| @Override
| public AppConfigurationEntry[] getAppConfigurationEntry(String name)
| {
| return DEFAULT_JAAS_CONFIG_NAME.equals(name) ? aces : null;
| }
|
| @Override
| public void refresh() {}
|
|
| };
| }
|
| protected AppConfigurationEntry createAppConfigurationEntry()
| {
| log.debug("in JAASConfigFactory..");
| return new AppConfigurationEntry(
| CustomLoginModule.class.getName(),
| LoginModuleControlFlag.REQUIRED,
| new HashMap<String,String>()
| );
| }
|
| @Factory(value="org.jboss.seam.security.configuration", autoCreate=true, scope=APPLICATION)
| public javax.security.auth.login.Configuration getConfiguration()
| {
| return createConfiguration();
| }
|
| public static javax.security.auth.login.Configuration instance()
| {
| if ( !Contexts.isApplicationContextActive() )
| {
| throw new IllegalStateException("No active application scope");
| }
| return (javax.security.auth.login.Configuration) Component.getInstance("org.jboss.seam.security.configuration");
| }
|
| }
|
I've also altered the security:identity component:
| <security:identity authenticate-method="#{authBean.authenticate}"
| security-rules="#{securityRules}"
| authenticate-every-request="true"
| auto-create="true" jaas-config-name="custom"/>
|
However, Seam does not seem to be installing my JAAS module(it fails to output any of my logs). Am I missing something?
Any ideas would be helpful
Thanks
Mike Kohout
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4067168#4067168
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4067168
More information about the jboss-user
mailing list