How to seam-authenticate through Servlet
https://stackoverflow.com/questions/12252765
-
30-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianسؤال
I know it's not the way it's meant to be and it's totally wrong, but orders are orders, I need to do the following: The user access the servlet with the accesskey on the parameters, like this:
http://myhost/my_app/servlet?accesskey=XXXXX
The servlet then gets the key and authenticate the user on seam with it, is it possible? I couldn't manage to do it so far
المحلول
From your question it is not clear if you are required to create a custom servlet or you just need to make login based on a request parameter. The main difference is that a custom servlet is not intercepted by Seam and you cannot use components unless you manually start a seam lifecycle (as noted by Trind, you need to use LifeCycle.beginCall() and LifeCycle.endCall() to be able to use Seam components when calling from outside SeamFilter). Other than that, the two solutions work similarly.
Create a component that will handle authentication:
@Name("myAuthenticator")
public class MyAuthenticator implements Serializable {
// Seam's identity component
@In private transient Identity identity;
// When logged in, the user needs to have some roles, usually
// you assign these dynamically based on user name, type, etc., here
// I just initialize it to a fixed list of roles
ArrayList<String> roles = new ArrayList<String>(Arrays.toList(
new String[] { "base", "admin" }));
// Access key (getters and setters omitted but are necessary)
private String accessKey;
public String doAuth() {
// Check accessKey validity (against an SSO service or
// in your DB or whatever), here we do a trivial check.
boolean userCanAccess = "ADMINKEY".equals(accessKey);
if (userCanAccess) {
identity.acceptExternallyAuthenticatedPrincipal(
new SimplePrincipal("username"));
// Assign user roles
for (String role : roles) {
identity.addRole(role);
}
return "ok";
}
return "ko";
}
}
Now create a login page descriptor that will handle login via the parameter (say externalLogin.page.xml, you don't need to create an .xhtml page for this):
<page>
<!-- this sets the accessKey variable with the query parameter -->
<param name="accessKey" value="#{myAuthenticator.accessKey}" />
<!-- this invokes our authentication action -->
<action execute="#{myAuthenticator.doAuth}" />
<!-- navigation rules, these determine what to do if auth is ok or fails -->
<navigation from-action="#{myAuthenticator.doAuth}">
<rule if-outcome="ko">
<redirect view-id="/error.xhtml">
<message severity="ERROR">Invalid Authentication Key</message>
</redirect>
</rule>
<rule if-outcome="ok">
<redirect view-id="/home.xhtml">
<message severity="INFO">Welcome!</message>
</redirect>
</rule>
</navigation>
</page>
Now to perform login you can use that page, like so:
http://localhost:8080/yourapp/externalLogin.seam?accessKey=XXXXXXXX
If you need to use a custom servlet (very unlikely, but nevertheless), the above component does not change, just call it from within the servlet like this:
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
// Start Seam lifecycle
LifeCycle.beginCall();
// Get an instance of the authenticator component from Seam
MyAuthenticator auth = Component.getInstance("myAuthenticator");
// Set access key in component and perform auth
auth.setAccessKey(req.getParameter("accessKey"));
String result = auth.doAuth();
// End Seam lifecycle, no more component calls are needed.
LifeCycle.endCall();
// Do something here with the result
if ("ok".equals(result)) {
resp.sendRedirect(...);
}
}
نصائح أخرى
This code in your servlet should make you able to access your seam components.
Lifecycle.beginCall();
Authenticator authenticator = (Authenticator)Component.getInstance("authenticator");
LifeCycle.endCall();
