Versions Compared

Old Version 2

changes.mady.by.user Bradley Smith

Saved on

compared with

New Version Current

changes.mady.by.user Bradley Smith

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

This page describes how to integrate Seam's Identity component (a.k.a - Seam Security) with a CAS Server.  My approach is based on the Yale CAS Client distribution. See also here and here

1.  web.xml
Configure your web.xml as directed in the Yale CAS Client distribution docs to use CAS for login and logout.

...

Code Block
titleLogout Block
<\!-\- CAS Logout Filter and Logout Mapping-->
&nbsp;  <filter>
&nbsp;&nbsp;&nbsp;
    <filter-name>LogoutFilter</filter-name>
&nbsp;&nbsp;&nbsp;
    <filter-class>edu.yale.its.tp.cas.client.filter.LogoutFilter</filter-class>
&nbsp;&nbsp;&nbsp;
    <init-param>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;      <param-name>edu.yale.its.tp.cas.client.filter.logoutUrl</param-name>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
      <param-value>https://YOUR_CAS_SERVER_HOST_ADDRESS_HERE/cas/logout</param-value>
&nbsp;&nbsp;&nbsp;
    </init-param>
 &nbsp; </filter>

&nbsp;  <filter-mapping>
&nbsp;&nbsp;&nbsp;    <filter-name>LogoutFilter</filter-name>
&nbsp;&nbsp;&nbsp;    <url-pattern>/logout/*</url-pattern>
 &nbsp; </filter-mapping>

2. Write a Seam-Identity authenticator class / component:

Code Block
titleSample Seam Identity Authenticator
@Name("ssoAuthenticator")
@Scope(ScopeType.SESSION)
public class SSOAuthenticator {

&nbsp;&nbsp;&nbsp;    @Logger
&nbsp;&nbsp;&nbsp;
    private Log log;

&nbsp;&nbsp;&nbsp;    private UserPrincipal userPrincipal;

&nbsp;&nbsp;&nbsp;    // see http://www.jboss.com/index.html?module=bb&op=viewtopic&t=119167
&nbsp;&nbsp;&nbsp;
    // This method is configured in pages.xml as an action called for all pages:
&nbsp;&nbsp;&nbsp;
    // &nbsp;&nbsp;&nbsp; 	<page view-id="/*" login-required="true" action="#{authenticator.checkLogin}"/>
&nbsp;&nbsp;&nbsp;    public void checkLogin() {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
        final boolean isLoggedIn = Identity.instance().isLoggedIn();
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
        // user may already be logged in - check
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;        if (isLoggedIn) {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
          return;
        }
        authenticate();
&nbsp;&nbsp;&nbsp;    }

&nbsp;&nbsp;&nbsp;    public boolean authenticate() {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
        Identity identity = Identity.instance();
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;        boolean authenticated = \!(userPrincipal == null);
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
        if (\!authenticated) {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; try {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
            try {
                // Obtain authenticated UserPrincipal from Servlet container
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                FacesContext facesContext = FacesContext.getCurrentInstance();
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                Principal rawPrincipal = facesContext.getExternalContext().getUserPrincipal();
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;                userPrincipal = (UserPrincipal) rawPrincipal;

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;                // trigger the identity login sequence and add roles
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                if (userPrincipal \!= null) {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                    // Identity must have 'fresh' credentials for authenticat() call to proceed
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                    identity.setUsername(userPrincipal.getUserid());
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                    identity.setPassword(userPrincipal.getUserid());
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;                    identity.authenticate();
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;                    // in my case, our system makes roles available in the UserPrincipal,
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;                    // do what is right for your system
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Group\[\
                    Group[] roleGroups = userPrincipal.getUserRoles();
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                    if (roleGroups \!= null) {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;                        for (Group group : userPrincipal.getUserRoles()) {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                            Enumeration<? extends Principal> roles = group.members();
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                            while (roles.hasMoreElements()) {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                                identity.addRole(roles.nextElement().getName());
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                            }
                        }
                    }
                    authenticated = true;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                }
            } catch (Exception e) {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                log.error(e, e);
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
            }
        }
        return authenticated;
&nbsp;&nbsp;&nbsp;    }
}

2. pages.xml
Configure Seam's pages.xml file in your web app to use your authenticator.

Code Block
<?xml version="1.0" encoding="UTF-8"?>
<pages xmlns="http://jboss.com/products/seam/pages"
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
       xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.0.xsd"

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

       no-conversation-view-id="/index.xhtml">

&nbsp;  <page view-id="/index.xhtml" action="#{ssoAuthenticator.checkLogin}" login-required="false"/>

 &nbsp; <page view-id="/*" login-required="true"/>

&nbsp;  <exception class="org.jboss.seam.security.NotLoggedInException">
&nbsp;&nbsp;&nbsp;    <redirect view-id="/index.xhtml">
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
      <message>Please log in first</message>
&nbsp;&nbsp;&nbsp;
    </redirect>
&nbsp;  </exception>

&nbsp;  ...

</pages>