15.3.8. HTTP Authentication
Although we do not recommend it unless absolutely necessary, Seam provides the means to authenticate with either HTTP Basic or HTTP Digest (RFC 2617) methods. For either form, you must first enable the
authentication-filter
component in components.xml
:
<web:authentication-filter url-pattern="*.seam" auth-type="basic"/>
To enable basic authentication, set
auth-type
to basic
. For digest authentication, set it to digest
. If you want to use digest authentication, you must also set the key
and realm
:
<web:authentication-filter url-pattern="*.seam" auth-type="digest" key="AA3JK34aSDlkj" realm="My App"/>
The
key
can be any String value. The realm
is the name of the authentication realm that is presented to the user when they authenticate.
15.3.8.1. Writing a Digest Authenticator
If using digest authentication, your authenticator class should extend the abstract class
org.jboss.seam.security.digest.DigestAuthenticator
, and use the validatePassword()
method to validate the user's plain text password against the digest request. Here is an example:
public boolean authenticate() { try { User user = (User) entityManager.createQuery( "from User where username = "username") .setParameter("username", identity.getUsername()) .getSingleResult(); return validatePassword(user.getPassword()); } catch (NoResultException ex) { return false; } }