What happens when you login?
The login page is defined using pure XHTML with JSF controls.
The form uses JSF EL value binding and method binding
expressions to refer to Seam components. For example,
#{identity.username}
refers to a property of the
Identity
component and #{identity.login}
refers to a method of the Identity
component.
<div>
<h:outputLabel for="username">Login Name</h:outputLabel>
<h:inputText id="username" value="#{identity.username}" />
</div>
<div>
<h:outputLabel for="password">Password</h:outputLabel>
<h:inputSecret id="password" value="#{identity.password}" />
</div>
... ...
<div class="buttonBox">
<h:commandButton id="login"
action="#{identity.login}"
value="Account Login" />
</div>
After logging in, the User
enity bean is mapped to the Seam
context variable named user
bean via the
@Name
annotation. User
is
a session scoped bean, meaning that the user
component value is retained for the entire session for
each user. You might also notice there are validation annotation
on the data properties. We will discuss those annotations in the
next step.
@Entity
@Name("user")
@Scope(SESSION)
public class User implements Serializable {
private String username;
private String password;
private String name;
@NotNull
@Length(min=5, max=15)
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
@Id
@Length(min=4, max=15)
@Pattern(regex="^\\w*$", message="not a valid username")
public String getUsername () {
return username;
}
public void setUsername (String username) {
this.username = username;
}
// ... ...
}
Seam comes with its own Security framework, based on JAAS. It allows you
to perform user authentication by configuring your own authentication method
in components.xml
.
<security:identity authenticate-method="#{authenticator.authenticate}"/>
AuthenticatorAction
is an EJB 3.0 session bean mapped
to the Seam context variable named authenticator
. When
the login button is clicked, the JSF method binding
#{identity.login}
is evaluated, and based upon the previous configuration, the
authenticate()
method is invoked upon AuthenticatorAction
.
@Stateless
@Scope(EVENT)
@Name("authenticator")
public class AuthenticatorAction implements Authenticator
{
@PersistenceContext EntityManager em;
@Out(required=false, scope = SESSION)
private User user;
public boolean authenticate()
{
List results = em.createQuery("select u from User u where" +
" u.username=#{identity.username}" +
" and u.password=#{identity.password}")
.getResultList();
if ( results.size()==0 )
{
return false;
}
else
{
user = (User) results.get(0);
return true;
}
}
}
The @Out
annotation indicates the AuthenticatorAction
bean can change the
value of the user
context variable and make the new instance
available to other session beans and JSF pages. The query expression
makes use of a special syntax in Seam that allows EL expressions to
serve as query parameters. This query references the identity
component,
a built-in Seam component that provides security functionality.