ansaurus

Question

How to remove a status message added by the seam security module?

Answer 1

+2 A:

You can see the status messages used by Seam (You must define them in the resource bundle)

org.jboss.seam.loginFailed
org.jboss.seam.loginSuccessful
org.jboss.seam.NotLoggedIn

So you may want to override org.jboss.seam.loginFailed key (Do not forget register your resource bundle)

somePropertiesFile.properties

org.jboss.seam.loginFailed=<YOUR_CUSTOM_MESSAGE_GOES_HERE>

And use the following one

<h:messages globalOnly="true"/>

To show authentication messages

UPDATE

If you want a custom message, do as Follows

Starting with Seam 2.1, your should authenticate your user by injecting Credential instead of Identity

@Name("authenticationManager")
public class AuthenticationManager {

    private @In org.jboss.seam.security.Credentials credentials;

    public boolean authenticate() {

        private String username = credentials.getUsername();
        private String password = credentials.getPassword();

        try {

            Query query = entityManager.createNamedQuery("user.by.login.id");
            query.setParameter("loginId", username);
            query.setParameter("status", "ACTIVE");

            currentUser = (User) query.getSingleResult();

        } catch (PersistenceException ignore) {
            return false;
        }

        return true;
    }

}

And inside you JSF Form, use, again, credentials instead of identity

<h:inputText id="username" value="#{credentials.username}"/>
<h:inputText id="password" value="#{credentials.password}"/>

To show your custom message, do as follows

<h:outputText value="#{credentials.username} has been suspended" rendered="#{not identity.loggedIn}"/>

Now i hope it works fine!

Arthur Ronald F D Garcia 2010-04-24 15:34:14

render seems to be an invalid tag in seam 2.2

Joshua 2010-04-24 16:54:58

I did try your suggestion with redirect in my WEB-INF\pages.xml but I still happen to get the "Login Failed" message only. I don't get the "custom message" even if I throw the LockedAccount exception.

Joshua 2010-04-24 17:19:31

<h:messages globalOnly="true"/> = this is present by default in my template.xhtml file

Joshua 2010-04-24 17:20:32

I have the following filters, but it doesn't seem to trap the exception.org.jboss.seam.servlet.characterEncodingFilter13:51:01,447 INFO [SeamFilter] Initializing filter: org.jboss.seam.web.redirectFilter13:51:01,447 INFO [SeamFilter] Initializing filter: org.jboss.seam.web.exceptionFilter13:51:01,448 INFO [SeamFilter] Initializing filter: org.jboss.seam.web.multipartFilter13:51:01,449 INFO [SeamFilter] Initializing filter: org.jboss.seam.web.identityFilter13:51:01,449 INFO [SeamFilter] Initializing filter: org.jboss.seam.web.rewriteFilter

Joshua 2010-04-25 08:22:59

@Joshua Have you done as shown by **UPDATE** ???

Arthur Ronald F D Garcia 2010-04-25 09:15:02

thanks, it works now

Joshua 2010-04-25 19:25:16

Answer 2

A:

I had similar problems (this message thing was one of many trust me!) and I just don't use the seam security module anymore. It's not very flexible/extensible, even all the doc say it is (I think it's a lot of self-back-patting by the part of the developer who wrote it all). A similar example I had a bunch of trouble trying to squeeze into this was the handling of a forced password change during the login process. I tore out a lot of my hair before deciding that the whole seam security module just wasn't up to par. It was a bit of a pain, but I have absolutely no regrets. Good luck!

jtougas 2010-05-04 15:31:12

JPA based permission store definitely needs improvement from a performance perspective. User defined messages is not as easily customizable as you had mentioned. But I am happy with the overall security framework in seam.

Joshua 2010-05-07 02:21:54

ansaurus

tags:

views:

answers:

How to remove a status message added by the seam security module?

related questions