Chapter 12. Security

12.1. Overview

12.1.1. Which mode is right for my application?

12.2. Requirements

12.3. Authentication

12.3.1. Configuration
12.3.2. Writing an authentication method
12.3.3. Writing a login form
12.3.4. Simplified Configuration - Summary
12.3.5. Handling Security Exceptions
12.3.6. Login Redirection
12.3.7. Advanced Authentication Features

12.4. Error Messages

12.5. Authorization

12.5.1. Core concepts
12.5.2. Securing components
12.5.3. Security in the user interface
12.5.4. Securing pages
12.5.5. Securing Entities

12.6. Writing Security Rules

12.6.1. Permissions Overview
12.6.2. Configuring a rules file
12.6.3. Creating a security rules file

12.7. SSL Security

12.8. Implementing a Captcha Test

12.8.1. Configuring the Captcha Servlet
12.8.2. Adding a Captcha to a page

The Seam Security API is an optional Seam feature that provides authentication and authorization features for securing both domain and page resources within your Seam project.

Overview

Seam Security provides two different modes of operation:

simplified mode - this mode supports authentication services and simple role-based security checks.
advanced mode - this mode supports all the same features as the simplified mode, plus it offers rule-based security checks using JBoss Rules.

Which mode is right for my application?

That all depends on the requirements of your application. If you have minimal security requirements, for example if you only wish to restrict certain pages and actions to users who are logged in, or who belong to a certain role, then the simplified mode will probably be sufficient. The advantages of this is a more simplified configuration, significantly less libraries to include, and a smaller memory footprint.

If on the other hand, your application requires security checks based on contextual state or complex business rules, then you will require the features provided by the advanced mode.