// copied from org.jboss.seam.security.Identity protected void postAuthenticate() { // Populate the working memory with the user's principals for (Principal p : getSubject().getPrincipals()) { if (!(p instanceof Group)) { if (principal == null) { principal = p; break; } } } if (!preAuthenticationRoles.isEmpty() && isLoggedIn()) { for (String role : preAuthenticationRoles) { addRole(role); } preAuthenticationRoles.clear(); } credentials.clearPassword(); // It's used in: // - org.jboss.seam.security.management.JpaIdentityStore.setUserAccountForSession() // - org.jboss.seam.security.FacesSecurityEvents.postAuthenticate(Identity) // -org.jboss.seam.security.RememberMe.postAuthenticate(Identity) // to avoid a class cast exception, we pass Identity here (FacesSecurityEvents is not doing // anything with it) // We already set authenticatedUser in session so no need to raise this event any more // if (Events.exists()) { // Events.instance().raiseEvent(Identity.EVENT_POST_AUTHENTICATE, // new Identity()); // } }
// copied from org.jboss.seam.security.Identity.tryLogin() public boolean tryLogin() { if (!authenticating && getPrincipal() == null && credentials.isSet() && Contexts.isRequestContextActive() && !requestContextValueStore.contains(LOGIN_TRIED)) { requestContextValueStore.put(LOGIN_TRIED, true); quietLogin(); } return isLoggedIn(); }
// based on org.jboss.seam.security.Identity.authenticate() private synchronized void authenticate() throws LoginException { // If we're already authenticated, then don't authenticate again if (!isLoggedIn()) { principal = null; subject = new Subject(); try { authenticating = true; preAuthenticate(); getLoginContext().login(); postAuthenticate(); } finally { // Set password to null whether authentication is successful or not credentials.clearPassword(); authenticating = false; } } }
// copied from org.jboss.seam.security.Identity.quietLogin() private void quietLogin() { try { // N.B. this will trigger Seam's RememberMe functionality and causes // a class cast exception (ZanataIdentity is no loger Identity) // if (Events.exists()) Events.instance().raiseEvent(Identity.EVENT_QUIET_LOGIN); // Ensure that we haven't been authenticated as a result of the EVENT_QUIET_LOGIN event if (!isLoggedIn()) { if (credentials.isSet()) { authenticate(); if (isLoggedIn() && Contexts.isRequestContextActive()) { requestContextValueStore.put(SILENT_LOGIN, true); } } } } catch (LoginException ex) { // Quiet login, exceptions are not displayed } }
/** Resets all security state and credentials */ public void unAuthenticate() { principal = null; subject = new Subject(); credentials.clear(); }