开发者

Seam security with external authentication

I use Seam 2.2.1.CR1 on Weblogic 10.3.2 (11g). I want to use an external SSO (the proprietary one Oracle provides, based on OID). I would like to integrate this external login (the login screen belongs to the SSO). Please note that I don't want to use an LdapStore. If I got this right, this would require me to have a login page through my application, which would then somehow connect to the LDAP and login. I want to use the external login screen provided by the SSO.

SOME THOUGHTS

I don't see the procedure of using this SSO to login to be any different than using any Authenticator of WebLogic. Both with the SSO and with the BASIC authentication on the Default Authenticator, the application-开发者_JS百科wise result is the same: the user enters the application and on each HttpServletRequest the method getRemoteUser() returns the username with which the user logged in (either on the SSO or the BASIS login), and the .isUserInRole('blah') returns true/false depending on the roles assigned through the authentication. So, I see the two authentications to be exactly the same, programming-wise.

THE QUESTION

My question concerns how this can be integrated with the Seam Security. Seam in Action explains how a custom login screen can be included in the application, which populates the Identity component and the Credentials components. Seam then uses these components to apply the high-level security restrictions, like s:hasRole.

However, in my application I DON'T want a login screen. All I want is to be able to somehow use the Seam Security with what I already have: The roles and username in the HttpServletRequest.

I have found this thread (See at the end), but I am not sure I quite understand. A question, for instance, is if extending the Identity is what I need.

Another question is that in Seam in Action Dan Allen says that having a login page is mandatory, which I don't want to have. From page 449:

Only Seam isn’t going to know where to direct a nonauthenticated user when this page is requested because you haven’t specified a login page. If a login page hasn’t been set, Seam throws a NotLoggedInException.

Generally, I think that integrating an external SSO (or any Application Server authenticator) with Seam is still poorly documented, although it is a very common business requirement. I guess we'll all hang in until the guys finish with Seam 3.

Meanwhile, any general / specific directions?

Cheers!

-- http://seamframework.org/Community/HelpWithIdentityloginAndAcceptExternallyAuthenticatedPrincipal


It works with Seam 2.x.

Create a fake login view page in pages.xml. Then, use it with an or similar to login externally.

Then, add a navigation rule to redirect to success/failed login pages in that navigation view.

And you will need to override the authentication method.

Something like this:

<page view-id="/fakeLogin.xhtml">
        <action execute="#{identity.login}" if="#{not identity.loggedIn}" />
        <param name="username" />
        <navigation from-action="#{identity.login}">
                <rule if="#{identity.loggedIn}">
                        <redirect view-id="/home.xhtml"/>
                </rule>
                <rule if="#{not identity.loggedIn}">
                        <redirect view-id="/error.xhtml"/>
                </rule>
        </navigation>
</page>

And:

@In(required = true)
private String username;

@In
Identity identity;

public boolean authenticate() {
   //...
   throw new AuthorizationException("login failed");
   //...
   return true;
}
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜