Skip to end of metadata
Go to start of metadata
Table of Contents

This page describes how to integrate Seam's Identity component (a.k.a - Seam Security) with a CAS Server.  My approach is based on the Yale CAS Client distribution. See also here and here

1.  web.xml
Configure your web.xml as directed in the Yale CAS Client distribution docs to use CAS for login and logout.

Login Block
Logout Block

2. Write a Seam-Identity authenticator class / component:

Sample Seam Identity Authenticator

2. pages.xml
Configure Seam's pages.xml file in your web app to use your authenticator.

  • No labels

1 Comment

  1. I was able to get JBoss-SEAM integration to work using the following authenticator:

    import org.jboss.seam.annotations.In;
    import org.jboss.seam.annotations.Logger;
    import org.jboss.seam.annotations.Name;
    import org.jboss.seam.annotations.Scope;
    import org.jboss.seam.contexts.Contexts;
    import org.jboss.seam.log.Log;
    import org.jboss.seam.security.Credentials;
    import org.jboss.seam.security.Identity;

    import edu.yale.its.tp.cas.client.filter.CASFilter;

    @Name("ssoAuthenticator")
    @Scope(org.jboss.seam.ScopeType.SESSION)
    public class SSOAuthenticator {

        @Logger
        private Log log;

        @In private Identity identity;
        @In Credentials credentials;

        // see

    http://www.jboss.com/index.html?module=bb&op=viewtopic&t=119167\\\\

        // This method is configured in pages.xml as an action called for all pages:
        //     <page view-id="/*" login-required="true" action="#{authenticator.checkLogin}"/>
        public void checkLogin()
        {
    //        log.info("checkLogin()");
            // user may already be logged in - check
            if (!identity.isLoggedIn())
            {
                authenticate();
            }
        }

        public boolean authenticate()
        {
    //        log.info("authenticate()");
            boolean authenticated = false;
            Identity identity = Identity.instance();
            String username =
                (String)Contexts.getSessionContext().get(CASFilter.CAS_FILTER_USER);
            try
            {
                if(username != null)
                {
                    credentials.setUsername(username);
                    credentials.setPassword(username);
                    if(!identity.hasRole("admin"))
                        identity.addRole("admin");
                    authenticated = true;
                }
            }
            catch (Exception e)
            {
                log.error(e, e);
            }

            return authenticated;
        }
    }


    To avoid getting the Seam login page I also had to create the following Override of the Seam Pages object:

    import org.jboss.seam.annotations.Install;
    import org.jboss.seam.annotations.Name;
    import org.jboss.seam.annotations.Scope;
    import org.jboss.seam.annotations.intercept.Interceptor;
    import org.jboss.seam.annotations.intercept.InterceptorType;
    import org.jboss.seam.core.Events;
    import org.jboss.seam.navigation.Pages;

    @Scope(org.jboss.seam.ScopeType.APPLICATION)
    @Interceptor(type=InterceptorType.ANY)
    @Name("org.jboss.seam.core.pages")
    @Install(precedence=Install.APPLICATION)
    public class SsoPages extends Pages {

        /**
         * Overridden to prevent "Please log in first" faces message
         */
        protected void notLoggedIn() {
            Events.instance().raiseEvent("org.jboss.seam.notLoggedIn");
        }
    }