SeamFramework.orgCommunity Documentation
A number of CDI events are fired during the course of many security-related operations, allowing additional business logic to be executed in response to certain security events. This is useful if you would like to generate additional logging or auditing, or produce messages to display to the user.
The following table contains the list of event classes that may be fired by Seam Security, along
with a description of when the event is fired. All event classes are contained in the
org.jboss.seam.security.events package.
| Event | Description |
|---|---|
| AlreadyLoggedInEvent | Fired when a user who is already logged in attempts to log in again |
| AuthorizationCheckEvent | Fired when an authorization check is performed, such as Identity.hasPermission(). |
| CredentialsUpdatedEvent | Fired whenever a user's credentials (such as their username or password) are updated. |
| DeferredAuthenticationEvent | Fired when a deferred authentication occurs. For example, at the end of the OpenID authentication process when the OpenID provider redirects the user back to the application. |
| LoggedInEvent | Fired when the user is successfully logged in. |
| LoginFailedEvent | Fired when an authentication attempt by the user fails. |
| NotAuthorizedEvent | Fired when the user is not authorized to invoke a particular operation. |
| NotLoggedInEvent | Fired when the user attempts to invoke a privileged operation before they have authenticated. |
| PreAuthenticateEvent | Fired just before a user is authenticated |
| PostAuthenticateEvent | Fired after a user has authenticated successfully. |
| PreLoggedOutEvent | Fired just before a user is logged out. |
| PostLoggedOutEvent | Fired after a user has logged out. |
| PrePersistUserEvent | Fired just before a new user is persisted (when using Identity Management). |
| PrePersistUserRoleEvent | Fired just before a new user role is persisted (when using Identity Management). |
| QuietLoginEvent | Fired when a user is quietly authenticated. |
| SessionInvalidatedEvent | Fired when a user's session is invalidated. |
| UserAuthenticatedEvent | Fired when a user is authenticated. |
| UserCreatedEvent |
The following code listing shows the SecurityEventMessages class, from the Seam Security
implementation library. This class (which is disabled by default due to the @Veto annotation)
uses the Messages API from Seam International to generate user-facing messages in response to certain
security events.
package org.jboss.seam.security;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.event.Observes;
import org.jboss.seam.international.status.Messages;
import org.jboss.seam.security.events.AlreadyLoggedInEvent;
import org.jboss.seam.security.events.LoggedInEvent;
import org.jboss.seam.security.events.LoginFailedEvent;
import org.jboss.seam.security.events.NotLoggedInEvent;
import org.jboss.seam.security.events.PostAuthenticateEvent;
import org.jboss.solder.core.Requires;
import org.jboss.solder.core.Veto;
public @ApplicationScoped @Veto @Requires("org.jboss.seam.international.status.Messages")
class SecurityEventMessages {
private static final String DEFAULT_LOGIN_FAILED_MESSAGE = "Login failed - please check your username and password before trying again.";
private static final String DEFAULT_LOGIN_SUCCESSFUL_MESSAGE = "Welcome, {0}.";
private static final String DEFAULT_ALREADY_LOGGED_IN_MESSAGE = "You're already logged in. Please log out first if you wish to log in again.";
private static final String DEFAULT_NOT_LOGGED_IN_MESSAGE = "Please log in first.";
public void postAuthenticate(@Observes PostAuthenticateEvent event, Messages messages, Identity identity) {
messages.info(DEFAULT_LOGIN_SUCCESSFUL_MESSAGE, identity.getUser().getId());
}
public void addLoginFailedMessage(@Observes LoginFailedEvent event, Messages messages) {
messages.error(DEFAULT_LOGIN_FAILED_MESSAGE);
}
public void addLoginSuccessMessage(@Observes LoggedInEvent event, Messages messages, Credentials credentials) {
messages.info(DEFAULT_LOGIN_SUCCESSFUL_MESSAGE, credentials.getUsername());
}
public void addAlreadyLoggedInMessage(@Observes AlreadyLoggedInEvent event, Messages messages) {
messages.error(DEFAULT_ALREADY_LOGGED_IN_MESSAGE);
}
public void addNotLoggedInMessage(@Observes NotLoggedInEvent event, Messages messages) {
messages.error(DEFAULT_NOT_LOGGED_IN_MESSAGE);
}
}