seam 如何自动登陆,以及配置?
 |
dd2086
2009-08-26
原来有东西是用seam开发的,现在需要与另一个单点登陆系统做接口
啥都做好了,就搞不清seam的登陆机制 如何让他自动登陆 有做过的给点提示 |
 |
yangbo
2009-09-01
请看<<Seam Reference>>中的 Security 部分
|
 |
5day
2009-09-01
在做portletbridge版本的seam应用的时候接触到过。
而portletbridge也有实现seam和jboss portal使用的SSO。 可以下载一个portletbridge版本的seam extention看看。 svn co http://anonsvn.jboss.org/repos/portletbridge/ portletbridge
package org.jboss.portletbridge.extension.seam;
import org.jboss.seam.ScopeType;
import org.jboss.seam.Component;
import org.jboss.seam.core.Events;
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.annotations.*;
import org.jboss.seam.annotations.intercept.BypassInterceptors;
import org.jboss.seam.log.Log;
import org.jboss.seam.log.Logging;
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.Credentials;
import org.jboss.portletbridge.BufferedRenderResponseWrapper;
import org.jboss.portletbridge.context.ServletApplicationScopeSessionMap;
import org.jboss.portletbridge.context.PortletApplicationScopeSessionMap;
import org.jboss.portal.portlet.impl.jsr168.api.RenderRequestImpl;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import javax.security.auth.login.LoginException;
import javax.portlet.RenderRequest;
import javax.portlet.RenderResponse;
import javax.portlet.PortletRequest;
import javax.portlet.faces.Bridge;
import javax.servlet.http.HttpServletRequest;
import java.lang.reflect.Method;
import java.security.Principal;
import java.io.Serializable;
@Name("org.jboss.seam.security.identity")
@Scope(ScopeType.SESSION)
@BypassInterceptors
@Install(precedence = Install.APPLICATION, classDependencies = "javax.portlet.Portlet")
@Startup
public class PortalIdentity extends Identity
{
private static final Log log = Logging.getLog(PortalIdentity.class);
private JBossLoginDelegate loginDelegate = new JBossLoginDelegate();
@In
private Credentials credentials;
private Principal bridgePrincipal;
public Credentials getCredentials()
{
if (credentials == null)
{
credentials = (Credentials)Component.getInstance(Credentials.class);
}
return credentials;
}
public PortalIdentity()
{
super();
}
private boolean isPortletPhase()
{
return (FacesContext.getCurrentInstance().getExternalContext().getRequestMap().get(Bridge.PORTLET_LIFECYCLE_PHASE)
instanceof Bridge.PortletPhase);
}
/**
* Attempts to authenticate the user. This method is distinct to the authenticate() method in that it raises events
* in response to whether authentication is successful or not. The following events may be raised by calling
* login():
* <p/>
* org.jboss.seam.security.loginSuccessful - raised when authentication is successful
* org.jboss.seam.security.loginFailed - raised when authentication fails org.jboss.seam.security.alreadyLoggedIn -
* raised if the user is already authenticated
*
* @return String returns "loggedIn" if user is authenticated, or null if not.
*/
@Override
public String login()
{
try
{
if (isLoggedIn())
{
// If authentication has already occurred during this request via a silent login,
// and login() is explicitly called then we still want to raise the LOGIN_SUCCESSFUL event,
// and then return.
if (!isPortletPhase())
{
if (Contexts.isEventContextActive() && Contexts.getEventContext().isSet("org.jboss.seam.security.silentLogin"))
{
if (Events.exists())
{
Events.instance().raiseEvent(EVENT_LOGIN_SUCCESSFUL);
}
return "loggedIn";
}
if (Events.exists())
{
Events.instance().raiseEvent(EVENT_ALREADY_LOGGED_IN);
}
return "loggedIn";
}
}
authenticate();
if (!isLoggedIn())
{
throw new LoginException();
}
if (log.isDebugEnabled())
{
log.debug("Login successful for: " + getCredentials().getUsername());
}
if (Events.exists())
{
Events.instance().raiseEvent(EVENT_LOGIN_SUCCESSFUL);
}
return "loggedIn";
}
catch (LoginException ex)
{
getCredentials().invalidate();
if (log.isDebugEnabled())
{
log.debug("Login failed for: " + getCredentials().getUsername(), ex);
}
if (Events.exists())
{
Events.instance().raiseEvent(EVENT_LOGIN_FAILED, ex);
}
}
return null;
}
/*
* (non-Javadoc)
*
* @see org.jboss.seam.security.Identity#authenticate()
*/
@Override
public void authenticate() throws LoginException
{
if (!isLoggedIn())
{
loginDelegate.login(getUsername(), getPassword());
}
}
@Override
public void logout()
{
loginDelegate.logout();
super.logout();
}
/*
* (non-Javadoc)
*
* @see org.jboss.seam.security.Identity#hasPermission(java.lang.String,
* java.lang.String, java.lang.Object[])
*/
@Override
public boolean hasPermission(String name, String action, Object... arg)
{
return super.hasPermission(name, action, arg);
}
/*
* (non-Javadoc)
*
* @see org.jboss.seam.security.Identity#hasRole(java.lang.String)
*/
@Override
public boolean hasRole(String role)
{
return getRenderRequest() != null && getRenderRequest().getRealRequest().isUserInRole(role);
}
private RenderRequestImpl getRenderRequest()
{
if (FacesContext.getCurrentInstance() != null)
{
Object responseObject = FacesContext.getCurrentInstance().getExternalContext().getRequest();
if (responseObject instanceof RenderRequest)
{
return (RenderRequestImpl)responseObject;
}
else
{
return null;
}
}
else
{
return null;
}
}
/*
* (non-Javadoc)
*
* @see org.jboss.seam.security.Identity#isLoggedIn()
*/
@Override
public boolean isLoggedIn()
{
return getPrincipal() != null;
}
/*
* (non-Javadoc)
*
* @see org.jboss.seam.security.Identity#isLoggedIn(boolean)
*/
@Override
public boolean isLoggedIn(boolean attemptLogin)
{
return isLoggedIn();
}
@Override
public String getUsername()
{
if (!isLoggedIn())
{
return super.getUsername();
}
else
{
String userName = null;
if (getRenderRequest() != null && getRenderRequest().getRealRequest().getUserPrincipal() != null)
{
userName = getRenderRequest().getRealRequest().getRemoteUser();
}
return userName;
}
}
//private int counter = 0;
public Principal getPrincipal()
{
if (FacesContext.getCurrentInstance() != null)
{
if (isPortletPhase())
{
if (getRenderRequest() != null)
{
bridgePrincipal = getRenderRequest().getRealRequest().getUserPrincipal();
}
}
if (bridgePrincipal == null){
bridgePrincipal = FacesContext.getCurrentInstance().getExternalContext().getUserPrincipal();
}
}
return bridgePrincipal;
}
/**
* jboss login delegate
*
* @author Egor Kolesnikov
*/
private static class JBossLoginDelegate
{
private Class authenticationClass;
private Object jbossAuthentication;
public JBossLoginDelegate()
{
try
{
authenticationClass = Class
.forName("org.jboss.web.tomcat.security.login.WebAuthentication");
}
catch (ClassNotFoundException ex)
{
log.info("JBoss Web Authentication is not available...");
}
try
{
jbossAuthentication = authenticationClass.newInstance();
}
catch (Exception e)
{
log.error("JBoss Web Authentication instantiation "
+ "exception, Web Authentication disabled", e);
}
}
public void login(String username, String password)
{
if (authenticationClass == null || jbossAuthentication == null)
{
return;
}
try
{
Method m = authenticationClass.getMethod("login", String.class, Object.class);
m.invoke(jbossAuthentication, username, password);
}
catch (Exception ex)
{
log.error("Error logging out with JBoss Web Authentication", ex);
}
}
public void logout()
{
if (authenticationClass == null || jbossAuthentication == null)
{
return;
}
try
{
Method m = authenticationClass.getMethod("logout");
m.invoke(jbossAuthentication);
}
catch (Exception ex)
{
log.error("Error logging out with JBoss Web Authentication", ex);
}
}
}
}
|
