What happens when you login?

The login page is defined using pure XHTML with JSF controls.
The form uses JSF EL value binding and method binding
expressions to refer to Seam components. For example,
#{identity.username}
refers to a property of the
Identity
component and #{identity.login}
refers to a method of the Identity
component.
<div>
<h:outputLabel for="username">Login Name</h:outputLabel>
<h:inputText id="username" value="#{identity.username}" />
</div>
<div>
<h:outputLabel for="password">Password</h:outputLabel>
<h:inputSecret id="password" value="#{identity.password}" />
</div>
... ...
<div class="buttonBox">
<h:commandButton action="#{identity.login}"
value="Account Login" class="button" />
</div>
After logging in, the User
enity bean is mapped to the Seam
context variable named user
bean via the
@Name
annotation. User
is
a session scoped bean, meaning that the user
component value is retained for the entire session for
each user. You might also notice there are validation annotation
on the data properties. We will discuss those annotations in the
next step.
@Entity
@Name("user")
@Scope(SESSION)
public class User implements Serializable {
private String username;
private String password;
private String name;
@NotNull
@Length(min=5, max=15)
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
@Id
@Length(min=5, max=15)
public String getUsername () {
return username;
}
public void setUsername (String username) {
this.username = username;
}
// ... ...
}
Seam comes with its own Security framework, based on JAAS. It allows you
to perform user authentication by configuring your own authentication method
in components.xml
.
<security:identity authenticate-method="#{authenticator.authenticate}"/>
AuthenticatorAction
is an EJB 3.0 session bean mapped
to the Seam context variable named authenticator
. When
the login button is clicked, the JSF method binding
#{identity.login}
is evaluated, and based upon the previous configuration, the
authenticate()
method is invoked upon AuthenticatorAction
.
@Stateful
@Scope(EVENT)
@Name("authenticator")
public class AuthenticatorAction implements Authenticator
{
@In Identity identity;
@PersistenceContext EntityManager em;
@Out(required=false, scope = SESSION)
private User user;
public boolean authenticate()
{
List results = em.createQuery(
"select u from User u where u.username=:username " +
"and u.password=:password")
.setParameter("username", identity.getUsername())
.setParameter("password", identity.getPassword())
.getResultList();
if ( results.size()==0 )
{
return false;
}
else
{
user = (User) results.get(0);
return true;
}
}
@Remove @Destroy
public void destroy() {}
}
The @In
annotation tells Seam to inject an Identity
(a built-in Seam component that provides security functionality)
when any method of AuthenticatorAction
is invoked. The @Out
annotation indicates the AuthenticatorAction
bean can change the
value of the user
context variable and make the new instance
available to other session beans and JSF pages.