I recently used seam_gen to create a josso_console application. If you want to use JOSSO, but you don't yet want to take the leap to hook it up to an LDAP or other industrial strength credential store, then this is the app may come in handly. Figure 1 shows the welcome screen of josso_console application.
Figure 1. The JOSSO console.
If your objective is simply to hook your Seam application up to JOSSO then you should keep reading too.
1. Seam and JAAS
Seam comes with its own security framework which is based on JAAS. The easiest way to hook Seam up to JOSSO is to first configure your Seam-based application the conventional JOSSO way and then hooking up Seam and JOSSO using a Seam authenticator. I worked on a jossoAuthenticator that will set the SSO user and roles information into Seam context, so that you can use all the Seam security features while using JOSSO.
2. Configure JOSSO
In your josso-agent-config.xml add the josso_console in as a partner app
Now your application will have access to the JOSSO cookie.
3. Configure Seam
Next we're going to protect our application using the standard security constraints to the web.xml. For instance if we only want users that have the admin role to access our console you would add
This web.xml references the login-redirect.jsp which you will need to add to the root of your war file. Now, you will be redirected to the josso login screen when trying to access the web application.
Next we have to propagate the authorization information into Seam context. For this we use the jossoAuthenticator.
Next you need to reference this class in your pages.xml, by adding
and commenting out the default authenticator
Finally we need to modify the pages.xml, where we reference the jossoAuthenticator on our welcome page (index.xhtml) like
which will cause the jossoAuthenticator.checkLogin to be called for this page, and in the exception class configuration we specify the index.xhtml page
All should now be working. If you want, you can obtain the full sources from the josso_console application to see the complete application.
Some other resources in this context you may find useful are: