Active development of Seam Security has been halted by Red Hat. Functionality has been absorbed by the Picketlink Project.

Seam Security

Offers simpler, yet more powerful authentication and authorization for Java EE applications.

Key links

• Bookmark: http://sfwk.org/Seam3/Security
  
• Git repository: http://github.com/seam/security
  
• Issue tracker: https://issues.jboss.org/browse/SEAMSECURITY (SEAMSECURITY)
• Documentation: Reference guide | API
• Download: Distribution
• Maven artifacts: seam-security (or seam-security-api & seam-security-impl)*
• Sister project: PicketLink

To get started, add the following dependencies to your pom.xml: :

<dependency>
   <groupId>org.jboss.seam.security</groupId>
   <artifactId>seam-security-api</artifactId>
   <version>3.1.0.Final</version>
</dependency>

<dependency>
   <groupId>org.jboss.seam.security</groupId>
   <artifactId>seam-security</artifactId>
   <version>3.1.0.Final</version>
   <scope>runtime</scope>
</dependency>

Module team

Name	Module role	Commit username (Git)	Organization	Hometown (Time zone)
Shane Bryzak	Lead	sbryzak	Red Hat, Inc.	Brisbane, AU (UTC+10)
Marcel Kolsteren	Contributor	marcelk	Meandi ICT	Utrecht, The Netherlands (UTC+1)

Description

Seam Security provides a powerful set of authentication and authorization services for CDI applications. Authentication is based on the JAAS standard and allows for total control over the user authentication process. Authorization is based on a pluggable, extendable API and offers a number of features for locking down the sensitive parts of your application - ranging from simple role-based security checks all the way through to advanced rule-based and ACL permissions.

To make life even easier, Seam Security provides an Identity Management API for managing the users and roles within your application, and a Permission Management API for managing the permissions for individual domain objects and other user-defined permissions.

For more advanced security requirements, seamless integration with PicketLink allows you to take advantage of an even greater range of security backends, such as SSO, Kerberos and SAML.

Release plan

Features

Among others, the security module will have the following features.

Support for externally authenticated users

The security module will allow CDI applications to delegate user authentication to an identity provider like OpenId. This will allow developers to open up their application for users that own an account at Google or Yahoo or any other SAMLv2 or OpenID provider. The user experience will be better: the user doesn't have to register a new account, doesn't need to remember another password, and only needs to login once. The developer experience will also be better: no need for administering user passwords and no need to implement password recovery mechanisms.

You can expect:

• Single Sign On
• Single Logout
• Metadata import- and export
• User attribute exchange
• Virtual application support (multi-tenancy)

Ideas for additional features:

• Integration with the JPA identity store (enable linking of internal identity store account with external accounts)

Support for exposing IDM users to other applications

If you have a CDI application with an own user/password database, you can use the security module to expose those users to other applications. This turns your application into a SAMLv2 identity provider and/or an OpenID provider. Other applications (Seam based or not Seam based) can delegate authentication to your IDM application.

Design whiteboard

This section serves as a whiteboard for design and ideas for this module. Once you've decided to pursue a feature, it should be added to JIRA as a feature request and optionally linked from this page.