// copied from org.jboss.seam.security.Identity
protected void postAuthenticate() {
// Populate the working memory with the user's principals
for (Principal p : getSubject().getPrincipals()) {
if (!(p instanceof Group)) {
if (principal == null) {
principal = p;
break;
}
}
}
if (!preAuthenticationRoles.isEmpty() && isLoggedIn()) {
for (String role : preAuthenticationRoles) {
addRole(role);
}
preAuthenticationRoles.clear();
}
credentials.clearPassword();
// It's used in:
// - org.jboss.seam.security.management.JpaIdentityStore.setUserAccountForSession()
// - org.jboss.seam.security.FacesSecurityEvents.postAuthenticate(Identity)
// -org.jboss.seam.security.RememberMe.postAuthenticate(Identity)
// to avoid a class cast exception, we pass Identity here (FacesSecurityEvents is not doing
// anything with it)
// We already set authenticatedUser in session so no need to raise this event any more
// if (Events.exists()) {
// Events.instance().raiseEvent(Identity.EVENT_POST_AUTHENTICATE,
// new Identity());
// }
}
// copied from org.jboss.seam.security.Identity.tryLogin()
public boolean tryLogin() {
if (!authenticating
&& getPrincipal() == null
&& credentials.isSet()
&& Contexts.isRequestContextActive()
&& !requestContextValueStore.contains(LOGIN_TRIED)) {
requestContextValueStore.put(LOGIN_TRIED, true);
quietLogin();
}
return isLoggedIn();
}
// based on org.jboss.seam.security.Identity.authenticate()
private synchronized void authenticate() throws LoginException {
// If we're already authenticated, then don't authenticate again
if (!isLoggedIn()) {
principal = null;
subject = new Subject();
try {
authenticating = true;
preAuthenticate();
getLoginContext().login();
postAuthenticate();
} finally {
// Set password to null whether authentication is successful or not
credentials.clearPassword();
authenticating = false;
}
}
}
// copied from org.jboss.seam.security.Identity.quietLogin()
private void quietLogin() {
try {
// N.B. this will trigger Seam's RememberMe functionality and causes
// a class cast exception (ZanataIdentity is no loger Identity)
// if (Events.exists()) Events.instance().raiseEvent(Identity.EVENT_QUIET_LOGIN);
// Ensure that we haven't been authenticated as a result of the EVENT_QUIET_LOGIN event
if (!isLoggedIn()) {
if (credentials.isSet()) {
authenticate();
if (isLoggedIn() && Contexts.isRequestContextActive()) {
requestContextValueStore.put(SILENT_LOGIN, true);
}
}
}
} catch (LoginException ex) {
// Quiet login, exceptions are not displayed
}
}
/** Resets all security state and credentials */
public void unAuthenticate() {
principal = null;
subject = new Subject();
credentials.clear();
}
