Version 6

    Follow the Seam Security chapter in the reference guide, this is out of date.

     

    -


    -


     

    Steps for configuring a Seam application with authentication in JBoss AS

     

    Important! The security features in Seam are under construction, and as such APIs may change. This approach does not work in Seam 1.1.0.GA and up.

     

    The instructions contained within this page are relevant for the CVS version of Seam only.  You can find a usage example of these security features within the examples/security directory.

     

    1. Configure a ProviderAuthenticator in components.xml.  This is the Seam component that will actually perform the authentication:

     

        <component class="org.jboss.seam.security.authenticator.ProviderAuthenticator">
          <property name="providers">#{authenticatorAction}</property>
          <property name="adapters">org.jboss.seam.security.adapter.jboss.JBossAuthenticationAdapter</property>
        </component>
    

     

    2. Create the authenticatorAction component.  It should implement the org.jboss.seam.security.provider.AuthenticationProvider interface.  In the following example, the AuthenticationProvider uses a managed persistence context to authenticate against a database:

     

    @Name("authenticatorAction")
    public class AuthenticatorAction implements AuthenticationProvider
    {
      @In(create=true)
        private EntityManager entityManager;
    
      public Authentication authenticate(Authentication authentication)
          throws AuthenticationException
      {
        try
        {
          User user = (User) entityManager.createQuery(
              "from User where username = :username and password = :password")
              .setParameter("username", authentication.getPrincipal().toString())
              .setParameter("password", authentication.getCredentials())
              .getSingleResult();
    
          String[] roles = new String[user.getRoles().size()];
          int idx = 0;
          for (Role role : user.getRoles())
            roles[idx++] = role.getRole();
    
          return new UsernamePasswordToken(authentication.getPrincipal(),
                                           authentication.getCredentials(), roles);
        }
        catch (NoResultException ex)
        {
          throw new AuthenticationException("Invalid username/password");
        }
        catch (Exception ex)
        {
          throw new AuthenticationException("Unknown authentication error", ex);
        }
      }
    }
    

     

    3. Implement a loginAction component that performs login and logout via the Authenticator (the one configured in components.xml).

     

    @Stateless
    @Name("login")
    public class LoginAction implements LoginLocal
    {
      @In(required = false) @Out(required = false) User user;
    
      public String login()
      {
        try
        {
          Authenticator.instance().authenticate(user.getUsername(), user.getPassword());
          return "success";
        }
        catch (AuthenticationException ex)
        {
          FacesMessages.instance().add("Invalid login");
          return "login";
        }
      }
    
      public String logout()
      {
        Authenticator.instance().unauthenticateSession();
        Seam.invalidateSession();
        return "login";
      }
    }
    

     

    That's the basics covered.  Once a user has logged in you can start using the @Secure annotation to control access to your component's methods.