Built with Seam
You can find the full source code for this website in the Seam package in the directory /examples/wiki. It is licensed under the LGPL.
| Online: | 7 Members of 4087 |
| Forum: Seam Users |
 |
12. May 2008, 19:58 CET | Link |
I have been working on a simple application and want to add authentication to one of the pages. I have setup a JAAS Realm and can use container managed security to restrict access to one of the directories in the application so I know that I can authenticate against the Realm. However, whenever I attempt to secure the application with seam it always returns login failed.
I know that I am missing something simple, but for the life of me can not figure it out.
My pages.xml file contains the following:
<pages login-view-id="/login.xhtml">
<page view-id="/application/news/administration/index.xhtml" action="#{newsListingService.list}" />
<page view-id="/securityTest/*" login-required="true" />
<exception class="org.jboss.seam.security.NotLoggedInException">
<redirect view-id="/login.xhtml">
<message>You must be logged in to perform this action.</message>
</redirect>
</exception>
<exception class="org.jboss.seam.security.AuthorizationException">
<end-conversation/>
<redirect view-id="/security_error.xhtml">
<message>You do not have the necessary security privileges to perform this action.</message>
</redirect>
</exception>
</pages>
I have the following in my components.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<components xmlns="http://jboss.com/products/seam/components"
xmlns:core="http://jboss.com/products/seam/core"
xmlns:persistence="http://jboss.com/products/seam/persistence"
xmlns:security="http://jboss.com/products/seam/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation=
"http://jboss.com/products/seam/core http://jboss.com/products/seam/core-2.0.xsd
http://jboss.com/products/seam/persistence http://jboss.com/products/seam/persistence-2.0.xsd
http://jboss.com/products/seam/security http://jboss.com/products/seam/security-2.0.xsd
http://jboss.com/products/seam/components http://jboss.com/products/seam/components-2.0.xsd">
<persistence:entity-manager-factory name="Website" />
<persistence:managed-persistence-context name="entityManager"
auto-create="true"
entity-manager-factory="#{Website}" />
<core:init jndi-pattern="java:comp/env/website/#{ejbName}/local"/>
<security:identity remember-me="true"
jaas-config-name="file" />
<event type="org.jboss.seam.security.notLoggedIn">
<action execute="#{redirect.captureCurrentView}" />
</event>
<event type="org.jboss.seam.security.postAuthenticate">
<action execute="#{redirect.returnToCapturedView}" />
</event>
</components>
If I make a request for he /securityTest/index.xhtml file I get presented with the login form, but it will not log me in. Has anyone seen this before or have any ideas what I should do to figure out what is going on?
I am using:
- seam 2.0.1.GA
- Glassfish v2ur2
Thanks
OK, So I just re-read my post and somehow I in-advertantly deleted the stack trace. However, I have been digging around a little more and was wondering if someone could help me out a little bit. I found a post on the internet that referred to the login.conf file. This file on Glassfish contains the following:
/* Copyright 2004 Sun Microsystems, Inc. All rights reserved. */ /* SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */ fileRealm { com.sun.enterprise.security.auth.login.FileLoginModule required; }; ldapRealm { com.sun.enterprise.security.auth.login.LDAPLoginModule required; }; solarisRealm { com.sun.enterprise.security.auth.login.SolarisLoginModule required; }; jdbcRealm { com.sun.enterprise.security.auth.login.JDBCLoginModule required; };When I changed the jaas-conf-name from to the exception changes from to .
The Original Stacktrace
javax.security.auth.login.LoginException: No LoginModules configured for file at javax.security.auth.login.LoginContext.init(LoginContext.java:256) at javax.security.auth.login.LoginContext.<init>(LoginContext.java:367) at javax.security.auth.login.LoginContext.<init>(LoginContext.java:444) at org.jboss.seam.security.Identity.getLoginContext(Identity.java:334) at org.jboss.seam.security.Identity.authenticate(Identity.java:248) at org.jboss.seam.security.Identity.login(Identity.java:205) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ...New Stacktrace
13924243 [httpSSLWorkerThread-8080-1] DEBUG org.jboss.seam.security.Identity - Login failed for: chadws javax.security.auth.login.LoginException: No credentials. at com.sun.appserv.security.AppservPasswordLoginModule.login(AppservPasswordLoginModule.java:155) at sun.reflect.GeneratedMethodAccessor168.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) ...I guess I am a little confused. When you configure a JAAS Realm (in Glassfish) you give that realm a name, a Class Name, a JAAS Context, and then the configuration parameters for that configuration. The JAAS contexts, represented by the entries in the login.conf file, are not specific to a single connection, but rather are shared by all connections using the same login modules.
How does Seam handle the configuration if you specify the JAASContext name and not the realm name. In otherwords in the login.conf file knows about the login module, but not the configuration (host, base dn, etc). Do I need to create a completely separate realm and create a context specifically for that realm with the same name.
I'm still lost, but getting closer!
Ok, So I figured out that SEAM does not use the servers JAAS configuration, but rather you must specify all of the properties in the domains login.conf file. After specifying the following I am now able to log in using SEAM.
testLDAP { com.sun.security.auth.module.LdapLoginModule REQUIRED userProvider="ldap://loader1.topeka.k12.ks.us/ou=staff,ou=users,o=webservices" userFilter="(&(cn={USERNAME})(objectClass=inetOrgPerson))" useSSL=false debug=true; };Having this much completed I have yet to figure out how to get the login module to return the roles for the user. Does anyone know how I specify what roles need checked or how to get the roles returned for a user who logs in?
First the question, what is the proper method of fixing the following problem? I can extend the JAAS login module to consult the callback or extend Identity to add the custom private credential to the identity before calling the authentication code?
The issue, After much digging and running through stack traces I found what I believe to be the problem. The AppservPasswordLoginModule does not use the callbackHandler, but rather expects to find the password credential in a privateCredential that is specific to the glassfish application server. Here is the javadoc:
Source Repository Link
Also, does anyone know why they would have chosen to ignore the callback? Are there security issues with having the module check the callback for the password?