I need to integrate my seam app with an existing custom made SSO solution.
After some trial and error I came up with this solution that is basically
working, even with login redirection configured (using
redirect.captureCurrentView/returnToCapturedView exactly like documented in the
seam reference).
| @Name("authenticator")
| @Scope(ScopeType.CONVERSATION)
| public class Authenticator {
| @In
| private Identity identity;
|
| private UserData userData;
|
| // This method is configured in pages.xml as an action called for all
pages:
| // <page view-id="/*" login-required="true"
action="#{authenticator.checkLogin}"/>
| public void checkLogin() {
| // if already logged on, simply continue
| if (identity.isLoggedIn()) {
| return;
| }
|
| // try SSO auto login
| HttpServletRequest request = FacesUtil.getServletRequest();
| userData = new SsoAuthenticator().validateSsoToken(request); //
results in a web service call
| if(userData != null) {
| identity.login(); // Don't know another, more direct way to
login, so store
| // userData in field and check it in the
authenticate method
| }
| }
|
| // This method is configured in components.xml to as the identity's
authenticate-method:
| // <security:identity
authenticate-method="#{authenticator.authenticate}"/>
| public boolean authenticate() {
| if (userData != null) {
| // previously a sso token has been validated - log in
automatically
| userData = null;
| return true;
| }
|
| String userName = Identity.instance().getUsername();
| String password = Identity.instance().getPassword();
| userData = new SsoAuthenticator().login(userName, password); //
results in a web service call
|
| if (userData == null) {
| FacesMessages.instance().add("Invalid username/password");
| return false;
| }
|
| return true;
| }
| }
|
Small problem: After a successful sso auto login the next page displays
anonymous wrote : Warning
|
| 1. Please log in first
| 2. Welcome, Stephen
How can I prevent these messages or clear them afterwards?
Open issue:
If the user hit the login page directly (as opposed to being redirected when
trying to access another page) I'd like to redirect after the login to
different pages depending on the user's roles.
Any suggestions?
Proposal: Here's a way to make integration into an SSO solution easier:
Add an attribute to identity that lets me specify a method that is used to try
auto-login:
| <security:identity authenticate-method="#{authenticator.authenticate}"
auto-login-method="#{authenticator.tryAutoLogin}"/>
|
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4086376#4086376
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4086376
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
