improve OpenID integration with security API

api/src/main/java/org/jboss/seam/security/Identity.java

@@ -1,11 +1,8 @@
 package org.jboss.seam.security;
 
-import java.security.Principal;
 import java.util.Collection;
 import java.util.Set;
 
-import javax.security.auth.Subject;
-
 import org.picketlink.idm.api.Group;
 import org.picketlink.idm.api.Role;
 import org.picketlink.idm.api.User;

examples/openid-rp/pom.xml

@@ -29,20 +29,62 @@
                <artifactId>validation-api</artifactId>
                <groupId>javax.validation</groupId>
             </exclusion>
+            <exclusion>
+               <groupId>org.jboss.seam.solder</groupId>
+               <artifactId>seam-solder-api</artifactId>
+            </exclusion>
+            <exclusion>
+               <groupId>org.jboss.seam.solder</groupId>
+               <artifactId>seam-solder-impl</artifactId>
+            </exclusion>
+            <exclusion>
+               <groupId>org.jboss.logging</groupId>
+               <artifactId>jboss-logging</artifactId>
+            </exclusion>
          </exclusions>
       </dependency>
 
       <dependency>
          <groupId>org.jboss.seam.security</groupId>
          <artifactId>seam-security-impl</artifactId>
          <version>${project.version}</version>
+         <exclusions>
+            <exclusion>
+               <groupId>org.jboss.seam.solder</groupId>
+               <artifactId>seam-solder-api</artifactId>
+            </exclusion>
+            <exclusion>
+               <groupId>org.jboss.seam.solder</groupId>
+               <artifactId>seam-solder-impl</artifactId>
+            </exclusion>
+            <exclusion>
+               <groupId>org.jboss.logging</groupId>
+               <artifactId>jboss-logging</artifactId>
+            </exclusion>
+         </exclusions>
       </dependency>
 
       <dependency>
          <groupId>org.jboss.seam.servlet</groupId>
          <artifactId>seam-servlet</artifactId>
       </dependency>
 
+      <dependency>
+         <groupId>org.jboss.seam.config</groupId>
+         <artifactId>seam-config-xml</artifactId>
+         <version>3.0.0.Beta2</version>
+         <exclusions>
+            <exclusion>
+               <groupId>org.jboss.seam.solder</groupId>
+               <artifactId>seam-solder-api</artifactId>
+            </exclusion>
+            <exclusion>
+               <groupId>org.jboss.seam.solder</groupId>
+               <artifactId>seam-solder-impl</artifactId>
+            </exclusion>
+         </exclusions>
+      </dependency>
+
       <dependency>
          <groupId>javax.enterprise</groupId>
          <artifactId>cdi-api</artifactId>

examples/openid-rp/src/main/resources/META-INF/seam-beans.xml

@@ -6,9 +6,9 @@
    xsi:schemaLocation="
       http://java.sun.com/xml/ns/javaee http://jboss.org/schema/cdi/beans_1_0.xsd">
 
-   <security:Identity>
-      <s:replaces/>
+   <security:IdentityImpl>
+      <s:modifies/>
       <security:authenticatorName>openIdAuthenticator</security:authenticatorName>
-   </security>
+   </security:IdentityImpl>
 
 </beans>

external/src/main/java/org/jboss/seam/security/external/openid/OpenIdAuthenticator.java

@@ -3,11 +3,13 @@
 import java.util.LinkedList;
 import java.util.List;
 
-import javax.enterprise.inject.Model;
+import javax.enterprise.context.RequestScoped;
 import javax.faces.context.FacesContext;
 import javax.inject.Inject;
+import javax.inject.Named;
 import javax.servlet.http.HttpServletResponse;
 
+import org.jboss.logging.Logger;
 import org.jboss.seam.security.Authenticator;
 import org.jboss.seam.security.external.openid.api.OpenIdRelyingPartyApi;
 import org.jboss.seam.security.external.openid.api.OpenIdRequestedAttribute;
@@ -18,14 +20,16 @@
  * @author Shane Bryzak
  *
  */
-public @Model class OpenIdAuthenticator implements Authenticator
+public @Named("openIdAuthenticator") @RequestScoped class OpenIdAuthenticator implements Authenticator
 {
    private String openIdProviderUrl;
 
    @Inject private OpenIdRelyingPartyApi openIdApi;
 
    @Inject List<OpenIdProvider> providers;
 
+   @Inject Logger log;
+
    private String providerCode;
 
    public String getProviderCode()
@@ -66,9 +70,12 @@ public AuthStatus authenticate()
       attributes.add(openIdApi.createOpenIdRequestedAttribute("email", "http://schema.openid.net/contact/email", false, null));
 
       OpenIdProvider selectedProvider = getSelectedProvider();
+      String url = selectedProvider != null ? selectedProvider.getUrl() : getOpenIdProviderUrl();
+
+      if (log.isDebugEnabled()) log.debug("Logging in using OpenID url: " + url);
 
-      openIdApi.login(selectedProvider != null ? selectedProvider.getUrl() : getOpenIdProviderUrl(), 
-            attributes, (HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse());      
+      openIdApi.login(url, attributes, 
+            (HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse());      
 
       return AuthStatus.DEFERRED;
    }

external/src/main/java/org/jboss/seam/security/external/openid/OpenIdRpAuthenticationService.java

@@ -88,6 +88,10 @@ public void handleIncomingMessage(HttpServletRequest httpRequest, HttpServletRes
 
          // retrieve the previously stored discovery information
          DiscoveryInformation discovered = openIdRequest.getDiscoveryInformation();
+         if (discovered == null)
+         {
+            throw new IllegalStateException("No discovery information found in OpenID request");
+         }         
 
          // extract the receiving URL from the HTTP request
          StringBuffer receivingURL = httpRequest.getRequestURL();

impl/pom.xml

@@ -59,12 +59,14 @@
          <groupId>org.drools</groupId>
          <artifactId>drools-core</artifactId>
          <version>${drools.version}</version>
+         <optional>true</optional>
       </dependency>
 
       <dependency>
          <groupId>org.drools</groupId>
          <artifactId>drools-compiler</artifactId>
          <version>${drools.version}</version>
+         <optional>true</optional>
       </dependency>
 
       <!--dependency>
@@ -144,7 +146,6 @@
       <dependency>
          <groupId>org.jboss.seam.persistence</groupId>
          <artifactId>seam-persistence</artifactId>
-         <optional>true</optional>
       </dependency>
 
       <dependency>

impl/src/main/java/org/jboss/seam/security/IdentityImpl.java

@@ -12,6 +12,7 @@
 
 import javax.enterprise.context.SessionScoped;
 import javax.enterprise.inject.AmbiguousResolutionException;
+import javax.enterprise.inject.Any;
 import javax.enterprise.inject.Instance;
 import javax.enterprise.inject.UnsatisfiedResolutionException;
 import javax.enterprise.inject.spi.BeanManager;
@@ -64,7 +65,7 @@
    @Inject private PermissionMapper permissionMapper;
 
    @Inject Instance<RequestSecurityState> requestSecurityState;
-   @Inject Instance<Authenticator> authenticators;
+   @Inject @Any Instance<Authenticator> authenticators;
 
    private User user;
 
@@ -276,7 +277,7 @@ protected boolean authenticate() throws AuthenticationException
 
          if (authenticator == null)
          {
-            throw new AuthenticationException("No Authenticator could be located");
+            throw new AuthenticationException("An Authenticator could be located");
          }
 
          if (AuthStatus.SUCCESS.equals(authenticator.authenticate()))
@@ -313,26 +314,25 @@ protected Authenticator lookupAuthenticator() throws AuthenticationException
    {
       if (!Strings.isEmpty(authenticatorName))
       {
-         try
+         Instance<Authenticator> selected = authenticators.select(new NamedLiteral(authenticatorName));
+         if (selected.isAmbiguous())
          {
-            return authenticators.select(new NamedLiteral(authenticatorName)).get();
+            log.error("Multiple Authenticators found with configured name [" + authenticatorName + "]");
+            return null;
          }
-         catch (UnsatisfiedResolutionException ex)
-         {
-            throw new AuthenticationException("The specified Authenticator [" + 
-                  authenticatorName + "] cannot be located");
-         }
-         catch (AmbiguousResolutionException ex)
+
+         if (selected.isUnsatisfied())
          {
-            throw new AuthenticationException("Multiple Authenticator instances named [" +
-                  authenticatorName + "] were located");
+            log.error("No authenticator with name [" + authenticatorName + "] was found");
+            return null;               
          }
+
+         return selected.get();
       }
-
-
+
       for (Authenticator auth : authenticators)
       {
-       //  auth.
+         log.debug("Found authenticator: " + auth);
       }      
 
       return null;

impl/src/main/java/org/jboss/seam/security/management/action/ChangePasswordAction.java

@@ -7,13 +7,11 @@
 
 import org.jboss.seam.persistence.transaction.Transactional;
 import org.jboss.seam.security.Identity;
-import org.jboss.seam.solder.core.Requires;
 import org.picketlink.idm.api.Credential;
 import org.picketlink.idm.api.IdentitySession;
 import org.picketlink.idm.common.exception.IdentityException;
 import org.picketlink.idm.impl.api.PasswordCredential;
 
-@Requires("org.jboss.seam.persistence.transaction.TransactionInterceptor")
 public @Transactional @Model class ChangePasswordAction implements Serializable
 {
    private static final long serialVersionUID = -8727330690588109980L;

impl/src/main/java/org/jboss/seam/security/management/action/GroupAction.java

@@ -10,7 +10,6 @@
 
 import org.jboss.seam.persistence.transaction.Transactional;
 import org.jboss.seam.security.GroupImpl;
-import org.jboss.seam.solder.core.Requires;
 import org.picketlink.idm.api.Group;
 import org.picketlink.idm.api.IdentitySession;
 import org.picketlink.idm.common.exception.IdentityException;
@@ -20,7 +19,6 @@
  *  
  * @author Shane Bryzak
  */
-@Requires("org.jboss.seam.persistence.transaction.TransactionInterceptor")
 public @Named @ConversationScoped class GroupAction implements Serializable
 {
    private static final long serialVersionUID = -1553124158319503903L;

impl/src/main/java/org/jboss/seam/security/management/action/RoleAction.java

@@ -8,7 +8,6 @@
 import javax.inject.Named;
 
 import org.jboss.seam.persistence.transaction.Transactional;
-import org.jboss.seam.solder.core.Requires;
 import org.picketlink.idm.api.IdentitySession;
 import org.picketlink.idm.common.exception.FeatureNotSupportedException;
 import org.picketlink.idm.common.exception.IdentityException;
@@ -18,7 +17,6 @@
  * 
  * @author Shane Bryzak
  */
-@Requires("org.jboss.seam.persistence.transaction.TransactionInterceptor")
 public @Named @ConversationScoped class RoleAction implements Serializable
 {
    private static final long serialVersionUID = -4215849488301658353L;

impl/src/main/java/org/jboss/seam/security/management/action/UserAction.java

@@ -12,7 +12,6 @@
 
 import org.jboss.seam.persistence.transaction.Transactional;
 import org.jboss.seam.security.UserImpl;
-import org.jboss.seam.solder.core.Requires;
 import org.picketlink.idm.api.Attribute;
 import org.picketlink.idm.api.Group;
 import org.picketlink.idm.api.IdentitySession;
@@ -28,7 +27,6 @@
  * 
  * @author Shane Bryzak
  */
-@Requires("org.jboss.seam.persistence.transaction.TransactionInterceptor")
 public @Named @ConversationScoped class UserAction implements Serializable
 {
    private static final long serialVersionUID = 5820385095080724087L;