no

How to setup seam3-security in JBoss 7

Recently, I've done some research on several Java Security Framework that can perform authentication, authorization and cryptography. ...

Recently, I've done some research on several Java Security Framework that can perform authentication, authorization and cryptography.

I've worked with Apache Shiro, it's really good and complete but I've found several problems like there's no default implementation for CDI interceptor for security annotations. Here's a sample implementation and setup that I did long ago: http://czetsuya-tech.blogspot.com/2012/10/how-to-integrate-apache-shiro-with.html.

And long time ago I've used seam2-security and now I'm trying with seam3, here goes.

1.) I started by creating a javaee6 project generated from jboss maven archetype (ear type). This could also be done on a war type project ofcourse (where the ejbs are in ejb project).

2.) In your main project maven's depedencyManagement section add:
<dependency>
 <groupId>org.jboss.seam</groupId>
 <artifactId>seam-bom</artifactId>
 <version>3.1.0.Final</version>
 <scope>import</scope>
 <type>pom</type>
</dependency>
This will ensure that we are using the correct seam-jar versions across our projects.

3.) And in the ejb project maven's dependencies section add seam3-security dependency:
<dependency>
 <groupId>org.jboss.seam.security</groupId>
 <artifactId>seam-security</artifactId>
 <scope>compile</scope>
</dependency>

4.) In web project, create a beans.xml file in WEB-INF folder. This file is also required for CDI to work. And here we define the interceptor:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns:s="urn:java:ee" xmlns:security="urn:java:org.jboss.seam.security"
 xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://jboss.org/schema/cdi/beans_1_0.xsd">

 <interceptors>
  <class>org.jboss.seam.security.SecurityInterceptor</class>
 </interceptors>

 <security:IdentityImpl>
  <s:modifies />
  <security:authenticatorClass>com.czetsuya.security.Authenticator
  </security:authenticatorClass>
 </security:IdentityImpl>

</beans>

5.) Then we have to define the interceptor class:
package com.czetsuya.security;

import javax.enterprise.inject.Model;
import javax.inject.Inject;

import org.jboss.seam.security.BaseAuthenticator;
import org.jboss.seam.security.Credentials;
import org.picketlink.idm.impl.api.PasswordCredential;
import org.picketlink.idm.impl.api.model.SimpleUser;

@Model
public class Authenticator extends BaseAuthenticator {
 @Inject
 Credentials credentials;

 public Authenticator() {

 }

 @Override
 public void authenticate() {
  System.out.println("logging in: " + credentials.getUsername());

  if ("demo".equals(credentials.getUsername())
    && credentials.getCredential() instanceof PasswordCredential
    && "demo".equals(((PasswordCredential) credentials.getCredential()).getValue())) {

   setStatus(AuthenticationStatus.SUCCESS);
   setUser(new SimpleUser("demo"));

  }

 }

}

6.) To hide a component in the UI you can use identity.hasPermission or identity.hasRole.

7.) You can download the source code from google code at: http://code.google.com/p/czetsuya/source/browse/#svn%2Ftrunk%2Fjboss7-seam3-security

Related

java 5911441856484357696

Post a Comment

item