Seam auto login using credentials

Question

Hi guys,

I succesfully created a project using seam credentials for authentication, but right now some requirements has change (as usual) and i need authenticate the user automatic. See example bellow:

user call the page: http://server%3Aport/project/index.jsp?parameter=xyz. This page has to call a seam component and get the parameter to populate credentials.username, but it's not working as expected.

my pages.xml:

<page view-id="*" action="#{authenticator.authenticate}" >
    <rewrite pattern="/index/{cpf}" />
    <rewrite pattern="/home/{cpf}" />
    <param name="#{credentials.username}" value="123456" />
    <param name="authenticator.teste" value="#{param['cpf']}" />
    <param name="cpf" value="#{param['cpf']}" />
    <param name="token" value="#{param['cpf']}" />
    <navigation >
        <rule if-outcome="home">
            <redirect view-id="/home.xhtml" />
        </rule>
        <rule if-outcome="index">
            <redirect view-id="#{authenticator.authenticate}" include-page-params="true" />
        </rule>
    </navigation>
</page>

my authenticatorBean (there is a lot of tests here, i tried everything):

@Stateless
@Name("authenticator")
public class AuthenticatorBean implements Authenticator {

    @Out String token;
    @Out String cpf;
    @Out String xyz;
    @Out String teste;

    @Logger private Log log;
    @In EntityManager entityManager;
    @In Identity identity;
    @In Credentials credentials;
    public boolean authenticate() {

     System.out.println(credentials.getUsername());

     System.out.println(cpf);
     System.out.println(xyz);
     System.out.println(teste);


     @SuppressWarnings("unused")
     FacesContext fcx = FacesContext.getCurrentInstance();
     String cpf = fcx.getExternalContext().getRequestContextPath();
     String cpf2 = fcx.getExternalContext().getRequestParameterMap().get("token");
     String cpf21 = fcx.getExternalContext().getRequestParameterMap().get("cpf");
     String cpf22 = fcx.getExternalContext().getRequestParameterMap().get("xyz");
     String cpf23 = fcx.getExternalContext().getRequestParameterMap().get("teste");
     String cpf3 = fcx.getExternalContext().getInitParameter("cpf");
     String cpf4 = fcx.getExternalContext().getRequestPathInfo();
     String cpf5 = fcx.getExternalContext().getRequestServletPath();
     Object cpf6 = fcx.getExternalContext().getRequest();
     Object cpf7 = fcx.getExternalContext().getContext();
     Object cpf8 = fcx.getExternalContext().getRequestMap();
     Object cpf9 = fcx.getExternalContext().getRequestParameterNames();

     log.info("authenticating {0}", credentials.getUsername());
     Usuario usuario = (Usuario) entityManager.createQuery("select u from Usuario u where u.cpf = :cpf")
        .setParameter("cpf", credentials.getUsername())
        .getSingleResult();

        log.info("authenticating {0}", credentials.getUsername());

        if (usuario != null) {
             identity.addRole("admin");
             return Boolean.TRUE;
        }

     return false;
    }

}

can someone help me ? i can't get the parameter in authenticatorBean

Thanks!

Answer 1

I'm facing a similar problem, though in my case there is no page:

http://stackoverflow.com/questions/1624890/seam-login-using-external-sso-application

I see you took a different route.

What I'm considering now is to make a JSF page that would take my parameter, save to form values through JS and autosubmit. it's a but ugly, but it should work.

Answer 2

Hi Vladimir ... it is quite simply. See bellow:

PAGES.XML

<page view-id="/home.xhtml">
     <action execute="#{identity.login}" if="#{not identity.loggedIn}" />
     <param name="username" />
        <navigation from-action="#{identity.login}">
      <rule if="#{identity.loggedIn}">
       <redirect view-id="/home.xhtml"/>
      </rule>
      <rule if="#{not identity.loggedIn}">
       <redirect view-id="/error.xhtml"/>
      </rule>
     </navigation>
    </page>

As you can see, i declare the parameter username and when the client input the url "http://host:port/project/home.seam?username=xyz" the parameter is gotten by username variable in seam component:

@Logger private Log log;

@In(required = true)
private String username;

@In(required=false, scope=ScopeType.SESSION)
Usuario usuario;

@In @Out
Identity identity;

@In @Out
Credentials credentials;

public boolean authenticate(){

    log.info("authenticating {0}", username);

    try {

     UsuarioBean usuarioBean = (UsuarioBean) Component.getInstance(UsuarioBean.class, true);
     usuario = usuarioBean.validaUsuario(username);

     if (usuario == null){
      throw new AuthorizationException("login failed");
     }else{
      credentials.setUsername(usuario.getNome());
      return Boolean.TRUE;
     }

    }catch(Exception e){
     log.error("falha na autenticação do usuario {0} : {1}", username, e.getCause().toString());
     throw new AuthorizationException("login failed");
    }

}

I hope this information be usefull for you. Good luck!

Answer 3

This Seam FAQ shows you how to get access to the HttpServletRequest object.

The HttpServletRequest object has a method named getRemoteUser().

This open source library, http://spnego.sourceforge.net, will allow your app server to perform integrated windows authentication/sso.

It is installed as a servlet filter.

In you web.xml file, define the filter so that it runs before any of the Seam stuff.