[seam-dev] [Security] Issues with JpaIdentityStore
Jason Porter
lightguard.jp at gmail.com
Fri Oct 28 21:59:26 EDT 2011
Comments inline.
On Thu, Oct 20, 2011 at 09:21, michal.kaplon at poczta.fm <
michal.kaplon at poczta.fm> wrote:
> Hi,
>
> This is my first message here, so is's perfect moment to say "Hello
> Everybody!". I'm a developer from Poland and big fan of Seam, starting
> from v2.1 :)
>
Welcome!
> Few weeks ago I built simple SeamSecurity client app based on
> idm-console example. I created very simple maven module (let's call it
> "core" for convenience) with identity-related entities which is used by
> customized idm-console project.
>
> (Almost) everything was fine with 3.0.0.Final, but yesterday I switched
> to 3.1.0.Beta3 and found the following issues:
>
> 1) Entities don't get configured via XML anymore. Maybe it is connected
> with the next point, I cannot say because haven't tried XML
> configuration after renaming seam-beans.xml.
>
Yep, this is related to your issue #2
> 2) Annotation based configuration for identity entities doesn't work if
> my "core" dependency contains META-INF/seam-beans.xml. Works fine after
> renaming it to beans.xml.
>
That's because beans.xml designates your archive as an archive that CDI
should scan. The configuration happens based on entities that are in a Bean
Archive (an archive CDI must scan) because it's done in one of the CDI life
cycle events.
> 3) IdentityObjectRelationship entity name is hardcoded in string queries
> :) I guess it will be fixed in next Beta. Or should I create Jira issue
> for this?
>
Ran into this one myself last night, took a little while to figure it out,
should have remembered this email. You can find the issue I created at
https://issues.jboss.org/browse/SEAMSECURITY-123. Shane should know about
it, so it should be fixed probably sometime next week.
> I have also one additional question:
>
> 4) PasswordHash utility is still not used anywhere, nor the
> PasswordCredential.getEncodedValue() utiliy. What are the plans for
> hashing support? In Seam 2.x this feature was working very fine and was
> very useful.
>
Shane would know better about this one.
> Anyway, thanks for this Beta3 version. I hope Seurity will be fully
> operational soon :)
>
> --
> Best regards,
> Michal Kaplon
>
> ----------------------------------------------------------------
> Najtansze auta w Internecie!
> http://linkint.pl/f2a5a
> _______________________________________________
> seam-dev mailing list
> seam-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/seam-dev
>
--
Jason Porter
http://lightguard-jp.blogspot.com
http://twitter.com/lightguardjp
Software Engineer
Open Source Advocate
Author of Seam Catch - Next Generation Java Exception Handling
PGP key id: 926CCFF5
PGP key available at: keyserver.net, pgp.mit.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/seam-dev/attachments/20111028/73ce3d7c/attachment.html
More information about the seam-dev
mailing list