- problem with security and login

Hi

I have a problem with security.
I am using JBoss Seam 1.1.6
when I press login button I encounter following exception:

| ERROR Servlet.service() for servlet Faces Servlet threw exception
| javax.faces.FacesException: Error calling action method of component with id login:_id13
| at org.apache.myfaces.application.ActionListenerImpl.processAction (ActionListenerImpl.java:72)
| at javax.faces.component.UICommand.broadcast (UICommand.java:109)
| at javax.faces.component.UIViewRoot._broadcastForPhase (UIViewRoot.java:97)
| at javax.faces.component.UIViewRoot.processApplication (UIViewRoot.java:171)
| at org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:32)
| at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase (LifecycleImpl.java:95)
| at org.apache.myfaces.lifecycle.LifecycleImpl.execute (LifecycleImpl.java:70)
| at javax.faces.webapp.FacesServlet.service (FacesServlet.java:139)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter (ApplicationFilterChain.java:252)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter (ApplicationFilterChain.java:173)
| at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter (ExtensionsFilter.java:100)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter (ApplicationFilterChain.java:202)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter (ApplicationFilterChain.java:173)
| at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter (ExtensionsFilter.java:147)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter (ApplicationFilterChain.java:202)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter (ApplicationFilterChain.java:173)
| at org.jboss.seam.servlet.SeamRedirectFilter.doFilter(SeamRedirectFilter.java:29)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter (ApplicationFilterChain.java:202)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter (ApplicationFilterChain.java:173)
| at org.jboss.seam.servlet.SeamCharacterEncodingFilter.doFilter(SeamCharacterEncodingFilter.java:41)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter (ApplicationFilterChain.java:202)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter (ApplicationFilterChain.java:173)
| at org.apache.catalina.core.StandardWrapperValve.invoke (StandardWrapperValve.java:213)
| at org.apache.catalina.core.StandardContextValve.invoke (StandardContextValve.java:178)
| at org.apache.catalina.core.StandardHostValve.invoke (StandardHostValve.java:126)
| at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:105)
| at org.apache.catalina.core.StandardEngineValve.invoke (StandardEngineValve.java:107)
| at org.apache.catalina.connector.CoyoteAdapter.service (CoyoteAdapter.java:148)
| at org.apache.coyote.http11.Http11Processor.process (Http11Processor.java:856)
| at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
| at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket (PoolTcpEndpoint.java:527)
| at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt (LeaderFollowerWorkerThread.java:80)
| at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
| at java.lang.Thread.run (Thread.java:595)
| Caused by: javax.faces.el.EvaluationException: /pages/main/login.xhtml @35,71 action="#{identity.login}": java.lang.IllegalStateException: no security rule base available - please install a RuleBase with the name 'securityRules'
| at com.sun.facelets.el.LegacyMethodBinding.invoke (LegacyMethodBinding.java:73)
| at org.apache.myfaces.application.ActionListenerImpl.processAction (ActionListenerImpl.java:61)
| ... 33 more
| Caused by: java.lang.IllegalStateException: no security rule base available - please install a RuleBase with the name 'securityRules'
| at org.jboss.seam.security.Identity.assertSecurityContextExists(Identity.java:276)
| at org.jboss.seam.security.Identity.populateSecurityContext(Identity.java:245)
| at org.jboss.seam.security.Identity.postAuthenticate(Identity.java:223)
| at org.jboss.seam.security.Identity.authenticate(Identity.java:207)
| at org.jboss.seam.security.Identity.authenticate(Identity.java:199)
| at org.jboss.seam.security.Identity.login(Identity.java:184)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke (Method.java:585)
| at com.sun.el.parser.AstValue.invoke (AstValue.java:151)
| at com.sun.el.MethodExpressionImpl.invoke (MethodExpressionImpl.java:283)
| at com.sun.facelets.el.TagMethodExpression.invoke (TagMethodExpression.java:68)
| at com.sun.facelets.el.LegacyMethodBinding.invoke (LegacyMethodBinding.java:69)
| ... 34 more
|
|

and this is the authenticator class:

| @Name("authenticator")
| public class Authenticator {
|
| @PersistenceContext (unitName="SearchEngineDB")
| @In
| private EntityManager entityManager;
|
| @Out(required = false, scope = SESSION)
| private User user;
|
| @In
| private Identity identity;
|
| public boolean authenticate() {
| try{
| User user = (User) entityManager.createQuery(
| "from User where username = :username and password = :password")
| .setParameter("username", Identity.instance().getUsername())
| .setParameter("password", Identity.instance().getPassword())
| .getSingleResult();
|
|
| if (user.getRoles() != null)
| {
| for (UserRole mr : user.getRoles()){
| Identity.instance().addRole(mr.getRoleName());
| }
| }
| return true;
| }
| catch (NoResultException ex)
| {
| FacesMessages.instance().add("Invalid username/password");
| ex.printStackTrace();
| return false;
| }
| }
|
|

and security-rules.drl:

| package SearchEnginePermissions;
|
| import java.security.Principal;
|
| import org.jboss.seam.security.PermissionCheck;
| import org.jboss.seam.security.Role;
|
| rule AdminIsAUser
| salience 10
| no-loop
| when
| Role(name == "admin")
| then
| assert(new Role("admin"));
| end;
|

component.xml:

| <?xml version="1.0" encoding="UTF-8"?>
| <components xmlns="http://jboss.com/products/seam/components"
| xmlns:core="http://jboss.com/products/seam/core"
| xmlns:security="http://jboss.com/products/seam/security"
| xmlns:drools="http://jboss.com/products/seam/drools"
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| xsi:schemaLocation=
| "http://jboss.com/products/seam/core http://jboss.com/products/seam/core-1.1.xsd
| http://jboss.com/products/seam/components http://jboss.com/products/seam/components-1.1.xsd
| http://jboss.com/products/seam/security http://jboss.com/products/seam/security-1.1.xsd
| http://jboss.com/products/seam/drools http://jboss.com/products/seam/drools-1.1.xsd">
|
|
| <core:init jndi-pattern="#{ejbName}/local" my-faces-lifecycle-bug="false" />
| <core:ejb installed="true"/>
|
| <core:manager conversation-timeout="1200000"
| concurrent-request-timeout="500"
| conversation-id-parameter="cid"
| conversation-is-long-running-parameter="clr"/>
|
| <security:identity authenticate-method="#{authenticator.authenticate}" />
| <drools:rule-base name="securityRules">
| <drools:rule-files><value>/META-INF/security-rules.drl</value></drools:rule-files>
| </drools:rule-base>
|
| <component name="entityManager" auto-create="true" class="org.jboss.seam.core.ManagedPersistenceContext">
| <property name="persistenceUnitJndiName">java:/searchengineEntityManagerFactory</property>
| </component>
|
|
| </components>
|
|

lots of Thanks

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4043412#4043412

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4043412
_______________________________________________
jboss-user mailing list
jboss-user@(protected)
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [JBoss Seam] - problem with security and login

scott.stark@jboss.org

2007-05-05