Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 3.1.0.Beta3
    • Fix Version/s: 3.1.0.Beta4
    • Labels:
      None

      Description

      Security
      1.2.1. Maven Dependencies

      • "<seam.version>3.0.0.Final</seam.version>" should be changed to 3.1.0.Final
      • "<artifactId>seam-security-impl</artifactId>" is no longer valud, should be seam-security (only if the suggested seam version "seam.version" is changed to e.g. 3.1.0.Final in the docs)

      2.3. Which Authenticator will Seam use?

      • "Seam Config" should be something like "Solder XML Config" instead, mentioned twice

      3.4.3. Applying the binding to your business methods

      • "Seam Catch" should be something like "Solder Exception Handling" instead

      4.2.4. Credential

      • the example of IdentityObjectCredential should probably contain annotations on "IdentityObject identityObject;" for clarity (as the getter is omitted)
        (e.g. @ManyToOne @JoinColumn(name = "IDENTITY_OBJECT_ID")

      5.2.2.1. Using OpenID as your only authentication method

      • "Seam Config" should be something like "Solder XML Config" instead
      • "<security:Identity>" should be "<security:IdentityImpl>"
      • "<security:authenticatorClass>org.jboss.seam.security.external.openid.OpenIdAuthenticator</security:authenticator>" is invalid XML (end tag doesn't match)

      5.2.4. Managing the OpenID authentication process

      • "The API described in this section will likely be changed in a future version of Seam to allow for easier handling of the OpenID authentication lifecycle."
        is this still true?
      • "The above example assumes that the Seam Servlet module is used to allow injection of the ServletContext."
        this note can probably be removed, as Servlet is now in Solder, or changed to reflect that Solder is now responsible for this.

      Missing Pieces

      1. anything from org.jboss.seam.security.annotations.permission and org.jboss.seam.security.permission (Identifier, Permission, SecuredView...) is not documented
        (is it supposed to be working yet?)
      2. package org.jboss.seam.security.annotations.rememberme (TokenValue, TokenUsername) is not documented (should it be removed?)
      3. security events are not documented (all events from org.jboss.seam.security.events except DeferredAuthenticationEvent, which is mentioned in an OpenID example)

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                shane.bryzak Shane Bryzak
                Reporter:
                maschmid Marek Schmidt
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: