I have a slightly different solution that avoids the need to add action
parameters to pages. Basically I extended Identity and overrode the isLoggedIn
method. Here is some code that will implement a trivial and unsecure SSO
across many co-located applications simply by passing the username and
Sorry, should have included that already. For me this works fine:
|
|
|
|
The checkLogin method is the very one I already posted.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4089839#4089839
Reply to the post :
http://www.jboss.com/index.ht
"[EMAIL PROTECTED]" wrote : You could probably define a navigation rule in
pages.xml for your login page that uses isLoggedIn(true) to attempt an
authentication and if successful redirect to another page without displaying
the login page. You may need to extend Identity (or RuleBasedIdentity) a
"stephen.friedrich" wrote :
|
| Proposal: Here's a way to make integration into an SSO solution easier:
| Add an attribute to identity that lets me specify a method that is used to
try auto-login:
|
| |
| |
|
| Like the authenticate-method the auto-login-method o
Brad, thanks for spotting that.
No particular reason other than I have been through quite some trial and error
until I arrived at this code. I'll switch completely to Identity.instance().
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4089694#4089694
Reply to
"stephen.friedrich" wrote : Brad, can't you use a similar checkLogin() method
like in my code above?
| It call identity.login(); which will call your authenticate method.
| In that method I use
|redirect.setViewId(nextPage);
| to redirect to a different page depending on the users rol
Brad, can't you use a similar checkLogin() method like in my code above?
It call identity.login(); which will call your authenticate method.
In that method I use
redirect.setViewId(nextPage);
to redirect to a different page depending on the users role.
(With "@Redirect redirect;" in my Authenti
You could probably define a navigation rule in pages.xml for your login page
that uses isLoggedIn(true) to attempt an authentication and if successful
redirect to another page without displaying the login page. You may need to
extend Identity (or RuleBasedIdentity) and override the isCredential
Hello,
I want to chime in with a friendly reminder regarding this task
http://jira.jboss.org/jira/browse/JBSEAM-967 (which if you search the forum,
shane, you'll find that you offered to add this if I posted a JIRA issue).
Anyway, by the time the Seam web-app gets to process the request, the
Thanks Shane!
Using identity.authenticate() got rid of the "Welcome, Stephen" message.
To get rid of the "Please log in first" message I did this:
@Scope(ScopeType.APPLICATION)
| @Intercept(NEVER)
| @Name("org.jboss.seam.core.pages")
| @Install(precedence=Install.APPLICATION)
| public class
If you don't want the auto-generated messages then use identity.authenticate()
instead of identity.login(), although you'll need to handle any exceptions
yourself if you do this. Identity also has an overloaded isLoggedIn(boolean)
method which if passed true will attempt to do perform a silent
(I hate replying to myself, but somehow the last couple of lines in my first
post got clipped.)
Like the authenticate-method the auto-login-method on successful login would
set roles at identity and return true.
That would spare me from configuring a page action for all pages. It would
prevent
Forgot to add the most important comment:
Thanks a million for implementing Seam's security features!
Just looking at pure JAAS gives me the creeps...
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4086377#4086377
Reply to the post :
http://www.jboss.com/index
13 matches
Mail list logo
