After reviewing the seam security documentation, I've written some code:
1) A JAAS Module:
| public class CustomLoginModule extends SeamLoginModule {
|
| private static final LogProvider log =
Logging.getLogProvider(SeamLoginModule.class);
|
| public CustomLoginModule() {
| }
|
| @Override
| public boolean login() throws LoginException {
|
| boolean isLoggedIn = false;
| javax.faces.context.FacesContext ctx =
javax.faces.context.FacesContext.getCurrentInstance();
| javax.servlet.http.Cookie cookie = (javax.servlet.http.Cookie)
ctx.getExternalContext().getRequestCookieMap().get("umnAuthV2");
|
| log.debug("in Module. cookie == "+cookie);
| try{
| if (cookie == null) //if we can't find it, redirect them
to the auth server. the auth server will redirect them back, using the desturl
param
|
ctx.getExternalContext().redirect("https://authserver.somewhere?desurl="; +
((javax.servlet.http.HttpServletRequest)
ctx.getExternalContext().getRequest()).getRequestURL());
| }
| catch (IOException ex) {
| Logger.getLogger("global").log(Level.SEVERE, null, ex);
| }
|
|
| org.jboss.seam.core.Expressions.MethodExpression mb =
org.jboss.seam.security.Identity.instance().getAuthenticateMethod();
| if (mb == null) {
| throw new java.lang.IllegalStateException("No
authentication method defined - please define <security:authenticate-method/>
for <security:identity/> in components.xml");
| }
|
| try {
| isLoggedIn = (java.lang.Boolean) mb.invoke();
| } catch (java.lang.Exception ex) {
| log.error("Error invoking login method", ex);
| }
| return isLoggedIn;
| }
| }
And a new security configuration factory(that exposes my JAAS module):
| @Name("org.jboss.seam.security.configurationFactory")
| @BypassInterceptors
| @Scope(ScopeType.STATELESS)
| public class JAASConfigFactory {
|
| @Logger
| private Log log;
| public JAASConfigFactory() {
| }
|
| static final String DEFAULT_JAAS_CONFIG_NAME = "custom";
|
| protected javax.security.auth.login.Configuration createConfiguration()
| {
| return new javax.security.auth.login.Configuration()
| {
| private AppConfigurationEntry[] aces = {
createAppConfigurationEntry() };
|
| @Override
| public AppConfigurationEntry[] getAppConfigurationEntry(String
name)
| {
| return DEFAULT_JAAS_CONFIG_NAME.equals(name) ? aces : null;
| }
|
| @Override
| public void refresh() {}
|
|
| };
| }
|
| protected AppConfigurationEntry createAppConfigurationEntry()
| {
| log.debug("in JAASConfigFactory..");
| return new AppConfigurationEntry(
| CustomLoginModule.class.getName(),
| LoginModuleControlFlag.REQUIRED,
| new HashMap<String,String>()
| );
| }
|
| @Factory(value="org.jboss.seam.security.configuration", autoCreate=true,
scope=APPLICATION)
| public javax.security.auth.login.Configuration getConfiguration()
| {
| return createConfiguration();
| }
|
| public static javax.security.auth.login.Configuration instance()
| {
| if ( !Contexts.isApplicationContextActive() )
| {
| throw new IllegalStateException("No active application scope");
| }
| return (javax.security.auth.login.Configuration)
Component.getInstance("org.jboss.seam.security.configuration");
| }
|
| }
|
I've also altered the security:identity component:
| <security:identity authenticate-method="#{authBean.authenticate}"
| security-rules="#{securityRules}"
| authenticate-every-request="true"
| auto-create="true" jaas-config-name="custom"/>
|
However, Seam does not seem to be installing my JAAS module(it fails to output
any of my logs). Am I missing something?
Any ideas would be helpful
Thanks
Mike Kohout
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4067168#4067168
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4067168
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
