JBoss.orgCommunity Documentation
In this section you will see how easy it is to secure the facelets and facelet components in Seam. Let’s go ahead and secure the action button, then we will secure the entire page.
There is a class called Authenticator.java
. The login page will
execute the Authenticator.authenticate() method by default, so we’ll
start by viewing the authentication logic.
Open Authenticator.java
in JBoss Developer Studio and you will see that it contains the
authenticate() method with this code:
public boolean authenticate() { log.info("authenticating {0}", credentials.getUsername()); //write your authentication logic here, //return true if the authentication was //successful, false otherwise if ("admin".equals(credentials.getUsername())) { identity.addRole("admin"); return true; } return false; }
Open myAction.xhtml
and add a new secured command button:
<h:commandButton id="myActionSecured" value="Secured Action Button" action="#{myAction.myAction}" rendered="#{s:hasRole('admin')}"/>
Refresh http://localhost:8080/workshop/myAction.seam If you are not logged in you will only see one button. If you are logged in, there will be two buttons.
The secured button is not visible because the user isn’t logged in as "admin".
The user is logged in as "admin". Securing components is easy but securing pages is pretty simple as well.
Open
WebContent/WEB-INF/pages.xml
. Then add this markup directly underneath the <pages> element:
<page view-id="/myAction.xhtml" login-required="true"/>
Refresh http://localhost:8080/workshop/myAction.seam If you are not logged in you will get bounced back to the login page.
Thus, if you enter login credentials for the "admin" user, you will be re-directed to the secured page and secured component. If you enter different login credentials, page access will be granted, but the secured component will not be displayed.
Congratulations! You have secured your new action both at the facelet component and page level. You also added custom authentication logic to the login action.