@Name("authenticator")
public class authenticatorAction implements Authenticator {
@In
EntittyManager entityManager;
@In
Credentials credentials ;
@In
Identity identity;
@In(require=false)
@Out(require=false , scope=SESSION)
Member member ;
public boolean authenticate () {
List result = entityManager.createQuery("select m form Member m where m.username=:username and m.password=:passsword")
.setParameter("username" , identity.getCredentials().getUsername()).
setParameter("password" , identity.getCredentials().getPassword()).getResultList();
if (result.size() == 0){
return false ;
}
else
{
Member member = (Member) result.get(0);
Department dpt = (Department) member.getDepartment();
if( !member.getRoles().inEmpty()) { //The relationship of table member and role is many to many,so then will be a Entity declartion
// a member would have many role.
for (Role role : member.getRoles()) {
identity.addRole(role.getName());
}
}
return true;
}
}
}
<security:identity authenticate-method="#{authenticator.authenticate}" remember-me="true"/>
<pages>
<page view-id= "/password.xhtml" login-requred="true">
</page>
<page view-id="/rewads/*" login-requred="true">
</page>
<page view-id="/rewads/*" >
<description>Rewards Summay</description>
<restrict>#{hasRole('rewardsuser')}</restrict>
</page>
<!--如果想用户登陆之后重定向到最初请求页面使用如下配置-->
<event type="org.jboss.seam.security.notLoggedIn">
<action execute="#{redirect.captureCurrentView}"/>
</event>
<event type="org.jboss.seam.security.loginSuccessful">
<action execute="#{redirect.returnToCapturedView}"/>
</event>
</pages>
<security:jpa-identity-store entitty-manager="#{entityManager}"
user-class="org.jboss.seam.example.booking.MemberAccount"
role-class="org-jboss-sea.example.booking.MemberRole">