Help

Built with Seam

You can find the full source code for this website in the Seam package in the directory /examples/wiki. It is licensed under the LGPL.

Please note that as of Seam 2.1.2 you can add identity management to an existing seam-gen project using the command seam add-identity-management. This page documents the steps performed by this command.

The trickiest issue is handling creation of the necessary tables in the database. The simplest way to go about it is to set the hibernate.hbm2ddl.auto setting in the persistence unit descriptor (META-INF/persistence.xml) to create or create-drop if the database can be recreated on application startup or update if you are working with an existing database that cannot be destroyed. Then Hibernate's schema task will ensure that there are matching tables for the new entities.

Note that the assets mentioned in the steps can be found under the seam-gen directory in a Seam >= 2.1.2 distribution. If one of the steps isn't right, consult the logic in the seam-gen/build.xml file and correct this document.

Step 1: Copy views - the following views must be copied to the /view directory:

  • usermanager.xhtml
  • usermanager.page.xml
  • userdetail.xhtml
  • userdetail.page.xml
  • rolemanager.xhtml
  • rolemanager.page.xml
  • roledetail.xhtml
  • roledetail.page.xml

Step 2: Copy images - the following images must be copied to the /view/img directory:

  • btn_newuser.png
  • btn_newrole.png
  • btn_newpermission.png
  • checkmark.png
  • cross.png

Step 3: Copy Seam components - the following Seam components must be copied to the /src/main/${model.package} directory:

  • UserAccount.java
  • UserRole.java
  • UserPermission

Step 4: Modify WEB-INF/components.xml:

  • Activate the identity store and permission store components:
<security:jpa-identity-store
    user-class="com.domain.model.UserAccount"
    role-class="com.domain.model.UserRole"/>

<security:jpa-permission-store
    user-permission-class="com.domain.model.UserPermission"/>
  • Remove the identity component:and add the remember-me component (if not already present)
<security:remember-me enabled="true"/>

Step 5: Create security rules in security.drl for identity manager permission:

rule ManageAccount
   no-loop
   // The first rule in an activation-group to fire will cancel the
   // other rules activations (stop them from firing). The activation
   // group can be any string, as long as the string is identical for
   // all the rules you need to be in the one group.
   activation-group "permissions"
when
   $check: PermissionCheck(name == "seam.user" || == "seam.role", granted == false)
   Role(name == "admin")
then
   $check.grant();
end

Step 6: Modify import.sql to create an admin role and default user:

-- admin password is blank; passwords are hashed using the username as a salt
insert into user_account (id, username, password_hash, enabled) values (1, 'admin', 'Ss/jICpf9c9GeJj8WKqx1hUClEE=', 1);
insert into user_role (id, name, conditional) values (1, 'admin', false);
insert into user_role (id, name, conditional) values (2, 'member', false);
insert into user_account_role (account_id, user_of_role) values (1, 1);
insert into user_role_group (role_id, user_of_role) values (1, 2);

Step 7: Remove (or don't create) the authenticator component. It's not required when using IdentityManager for authentication.

Step 8: Add a menu link to the user manager splash screen:

<s:link view="/useradmin/home.xhtml" value="Identity Management" propagation="none"
   rendered="#{true or identity.hasRole('admin')}"/>