I have a Seam application that have to use an external one to login. The logic is as follows:
- My app sends user to external SSO URL
- User does what it takes to authenticate there
- On success, the external app redirects user back to my app with a random token
- My code should contact the external app via HTTP with the passed token and get complete user information in return
Pretty straightforward. But I'm stuck.
The redirect is coming to /seam/resources/token. I intended to get Identity from the session, populate it with token, and authenticate. But in the resource handler the user session is apparently not visible: session context is null. :(
I tried to do LifeCycle.beginCall there, and it works in a sense: authentication logic works, but the result never get available to the user (user's session still has empty Identity).
What do I do wrong?
P.S. Here is more or less complete code of my resource handler. Logging and other unrelated stuff removed for brevity.
@Scope(ScopeType.APPLICATION)
@Name("tokenResource")
// @BypassInterceptors
public class TokenResource extends AbstractResource {
@Override
public String getResourcePath() {
return "/token";
}
@Override
public void getResource(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
String token = request.getParameter("token");
// woot?
Lifecycle.beginCall();
Identity identity = Identity.instance();
MyIdentity mid = (MyIdentity) identity;
mid.setToken(token);
mid.login();
response.sendRedirect("/home.seam");
}