Seam Reference Guide

seam-reference-guide

User Manual:
Open the PDF directly: View PDF .
Page Count: 596
Download
Open PDF In Browser	View PDF
Seam - Contextual Components

A Framework for
Enterprise Java
2.3.1.Final
by Gavin King, Pete Muir, Norman Richards, Shane Bryzak, Michael Yuan,
Mike Youngstrom, Christian Bauer, Jay Balunas, Dan Allen, Max Rydahl
Andersen, Emmanuel Bernard, Nicklas Karlsson, Daniel Roth, Matt Drees,
Jacob Orshalick, Denis Forveille, Marek Novotny, and Jozef Hartinger
edited by Samson Kittoli
and thanks to James Cobb (Graphic Design), Cheyenne Weaver (Graphic Design),
Mark Newton, Steve Ebersole, Michael Courcy (French Translation), Nicola
Benaglia (Italian Translation), Stefano Travelli (Italian Translation), Francesco
Milesi (Italian Translation), and Japan JBoss User Group (Japanese Translation)

Introduction to JBoss Seam .............................................................................................. xv
1. Contribute to Seam ............................................................................................. xix
1. Seam Tutorial .............................................................................................................. 1
1.1. Using the Seam examples .................................................................................. 1
1.1.1. Running the examples on JBoss AS ......................................................... 1
1.1.2. Running the example tests ....................................................................... 2
1.2. Your first Seam application: the registration example ............................................ 2
1.2.1. Understanding the code ........................................................................... 3
1.2.2. How it works .......................................................................................... 14
1.3. Clickable lists in Seam: the messages example .................................................. 15
1.3.1. Understanding the code .......................................................................... 15
1.3.2. How it works .......................................................................................... 21
1.4. Seam and jBPM: the todo list example ............................................................... 21
1.4.1. Understanding the code .......................................................................... 22
1.4.2. How it works .......................................................................................... 29
1.5. Seam pageflow: the numberguess example ........................................................ 30
1.5.1. Understanding the code .......................................................................... 30
1.5.2. How it works ..........................................................................................
1.6. A complete Seam application: the Hotel Booking example ...................................
1.6.1. Introduction ............................................................................................
1.6.2. Overview of the booking example ............................................................
1.6.3. Understanding Seam conversations .........................................................
1.6.4. The Seam Debug Page ..........................................................................
1.7. Nested conversations: extending the Hotel Booking example ...............................
1.7.1. Introduction ............................................................................................
1.7.2. Understanding Nested Conversations ......................................................
1.8. A complete application featuring Seam and jBPM: the DVD Store example ...........
1.9. Bookmarkable URLs with the Blog example ........................................................
1.9.1. Using "pull"-style MVC ............................................................................
1.9.2. Bookmarkable search results page ..........................................................
1.9.3. Using "push"-style MVC in a RESTful application .....................................
2. Getting started with Seam, using seam-gen ..............................................................
2.1. Before you start ................................................................................................
2.2. Setting up a new project ...................................................................................
2.3. Creating a new action .......................................................................................
2.4. Creating a form with an action ...........................................................................
2.5. Generating an application from an existing database ...........................................
2.6. Generating an application from existing JPA/EJB3 entities ...................................
2.7. Deploying the application as an EAR .................................................................
2.8. Seam and incremental hot deployment ...............................................................
3. Getting started with Seam, using JBoss Tools ..........................................................
3.1. Before you start ................................................................................................
4. Migration from 2.2 to 2.3 ...........................................................................................
4.1. Migration of XML Schemas ...............................................................................

37
38
38
40
40
49
50
50
52
58
60
61
63
66
71
71
72
75
76
77
78
78
78
81
81
83
83

iii

Seam - Contextual Components

4.1.1. Seam schema migration ......................................................................... 83
4.1.2. Java EE 6 schema changes ................................................................... 85
4.2. Java EE 6 upgrade ...........................................................................................
4.2.1. Using Bean Validation standard instead of Hibernate Validator ..................
4.2.2. Migration of JSF 1 to JSF 2 Facelets templates ........................................
4.2.3. Migration to JPA 2.0 ...............................................................................
4.2.4. Using compatible JNDI for resources .......................................................
4.3. JBoss AS 7.1 deployment .................................................................................
4.3.1. Deployment changes ..............................................................................
4.3.2. Datasource migration ..............................................................................
4.4. Changes in testing framework ...........................................................................
4.5. Dependency changes with using Maven .............................................................
4.5.1. Seam Bill of Materials ............................................................................
5. The contextual component model .............................................................................
5.1. Seam contexts ..................................................................................................
5.1.1. Stateless context ....................................................................................
5.1.2. Event context .........................................................................................

86
86
86
87
87
87
87
88
89
91
91
93
93
93
94

5.1.3. Page context .......................................................................................... 94
5.1.4. Conversation context .............................................................................. 94
5.1.5. Session context ...................................................................................... 95
5.1.6. Business process context ....................................................................... 95
5.1.7. Application context ................................................................................. 95
5.1.8. Context variables ................................................................................... 95
5.1.9. Context search priority ............................................................................ 96
5.1.10. Concurrency model .............................................................................. 96
5.2. Seam components ............................................................................................ 97
5.2.1. Stateless session beans ......................................................................... 98
5.2.2. Stateful session beans ........................................................................... 98
5.2.3. Entity beans ........................................................................................... 99
5.2.4. JavaBeans ............................................................................................. 99
5.2.5. Message-driven beans ............................................................................ 99
5.2.6. Interception .......................................................................................... 100
5.2.7. Component names ............................................................................... 100
5.2.8. Defining the component scope .............................................................. 102
5.2.9. Components with multiple roles ............................................................. 103
5.2.10. Built-in components ............................................................................ 103
5.3. Bijection .......................................................................................................... 104
5.4. Lifecycle methods ........................................................................................... 107
5.5. Conditional installation ..................................................................................... 107
5.6. Logging .......................................................................................................... 109
5.7. The Mutable interface and @ReadOnly ............................................................ 110
5.8. Factory and manager components ................................................................... 112
6. Configuring Seam components ............................................................................... 115
6.1. Configuring components via property settings ................................................... 115

iv

6.2. Configuring components via components.xml .................................................... 115
6.3. Fine-grained configuration files ........................................................................ 119
6.4. Configurable property types .............................................................................
6.5. Using XML Namespaces .................................................................................
7. Events, interceptors and exception handling ...........................................................
7.1. Seam events ..................................................................................................
7.2. Page actions ...................................................................................................
7.3. Page parameters ............................................................................................
7.3.1. Mapping request parameters to the model .............................................
7.4. Propagating request parameters ......................................................................
7.5. URL rewriting with page parameters .................................................................
7.6. Conversion and Validation ...............................................................................
7.7. Navigation ......................................................................................................
7.8. Fine-grained files for definition of navigation, page actions and parameters ..........
7.9. Component-driven events ................................................................................
7.10. Contextual events .........................................................................................
7.11. Seam interceptors .........................................................................................

120
122
127
127
128
129
129
130
131
132
133
137
137
139
141

7.12. Managing exceptions .....................................................................................
7.12.1. Exceptions and transactions ................................................................
7.12.2. Enabling Seam exception handling ......................................................
7.12.3. Using annotations for exception handling .............................................
7.12.4. Using XML for exception handling .......................................................
7.12.5. Some common exceptions ..................................................................
8. Conversations and workspace management ...........................................................
8.1. Seam's conversation model .............................................................................
8.2. Nested conversations ......................................................................................
8.3. Starting conversations with GET requests .........................................................
8.4. Requiring a long-running conversation ..............................................................
8.5. Using  and  ..........................................................................
8.6. Success messages .........................................................................................
8.7. Natural conversation ids ..................................................................................
8.8. Creating a natural conversation .......................................................................
8.9. Redirecting to a natural conversation ...............................................................
8.10. Workspace management ...............................................................................
8.10.1. Workspace management and JSF navigation .......................................
8.10.2. Workspace management and jPDL pageflow ........................................
8.10.3. The conversation switcher ...................................................................
8.10.4. The conversation list ...........................................................................
8.10.5. Breadcrumbs ......................................................................................
8.11. Conversational components and JSF component bindings ...............................
8.12. Concurrent calls to conversational components ...............................................
8.12.1. How should we design our conversational AJAX application? .................
8.12.2. Dealing with errors .............................................................................
9. Pageflows and business processes .........................................................................

143
143
144
144
145
147
149
149
152
153
154
155
157
158
158
159
160
160
161
162
162
163
164
165
166
167
169

v

Seam - Contextual Components

9.1. Pageflow in Seam ........................................................................................... 169
9.1.1. The two navigation models ................................................................... 169

10.

11.
12.

13.

vi

9.1.2. Seam and the back button ....................................................................
9.2. Using jPDL pageflows .....................................................................................
9.2.1. Installing pageflows ..............................................................................
9.2.2. Starting pageflows ................................................................................
9.2.3. Page nodes and transitions ...................................................................
9.2.4. Controlling the flow ...............................................................................
9.2.5. Ending the flow ....................................................................................
9.2.6. Pageflow composition ...........................................................................
9.3. Business process management in Seam ..........................................................
9.4. Using jPDL business process definitions ...........................................................
9.4.1. Installing process definitions ..................................................................
9.4.2. Initializing actor ids ...............................................................................
9.4.3. Initiating a business process .................................................................
9.4.4. Task assignment ..................................................................................
9.4.5. Task lists .............................................................................................

173
174
174
175
176
177
178
178
178
180
180
180
180
181
181

9.4.6. Performing a task .................................................................................
Seam and Object/Relational Mapping ....................................................................
10.1. Introduction ...................................................................................................
10.2. Seam managed transactions ..........................................................................
10.2.1. Disabling Seam-managed transactions .................................................
10.2.2. Configuring a Seam transaction manager .............................................
10.2.3. Transaction synchronization ................................................................
10.3. Seam-managed persistence contexts .............................................................
10.3.1. Using a Seam-managed persistence context with JPA ..........................
10.3.2. Using a Seam-managed Hibernate session ..........................................
10.3.3. Seam-managed persistence contexts and atomic conversations .............
10.4. Using the JPA "delegate" ...............................................................................
10.5. Using EL in EJB-QL/HQL ..............................................................................
10.6. Using Hibernate filters ...................................................................................
JSF form validation in Seam ..................................................................................
Groovy integration .................................................................................................
12.1. Groovy introduction .......................................................................................
12.2. Writing Seam applications in Groovy ..............................................................
12.2.1. Writing Groovy components ................................................................
12.2.2. seam-gen ...........................................................................................
12.3. Deployment ...................................................................................................
12.3.1. Deploying Groovy code .......................................................................
12.3.2. Native .groovy file deployment at development time ..............................
12.3.3. seam-gen ...........................................................................................
Writing your presentation layer using Apache Wicket ...........................................
13.1. Adding Seam to your wicket application ..........................................................
13.1.1. Bijection .............................................................................................

182
185
185
186
187
187
188
188
189
189
190
192
193
194
195
203
203
203
203
205
205
206
206
206
207
207
207

13.1.2. Orchestration ...................................................................................... 208
13.2. Setting up your project .................................................................................. 209
13.2.1. Runtime instrumentation .....................................................................
13.2.2. Compile-time instrumentation ..............................................................
13.2.3. The @SeamWicketComponent annotation ...........................................
13.2.4. Defining the Application ......................................................................
14. The Seam Application Framework .........................................................................
14.1. Introduction ...................................................................................................
14.2. Home objects ................................................................................................
14.3. Query objects ................................................................................................
14.4. Controller objects ..........................................................................................
15. Seam and JBoss Rules ..........................................................................................
15.1. Installing rules ...............................................................................................
15.2. Using rules from a Seam component ..............................................................
15.3. Using rules from a jBPM process definition .....................................................
16. Security ..................................................................................................................
16.1. Overview ......................................................................................................

209
210
212
212
215
215
217
222
225
227
227
230
230
233
233

16.2. Disabling Security .........................................................................................
16.3. Authentication ...............................................................................................
16.3.1. Configuring an Authenticator component ..............................................
16.3.2. Writing an authentication method .........................................................
16.3.3. Writing a login form ............................................................................
16.3.4. Configuration Summary .......................................................................
16.3.5. Remember Me ...................................................................................
16.3.6. Handling Security Exceptions ..............................................................
16.3.7. Login Redirection ................................................................................
16.3.8. HTTP Authentication ...........................................................................
16.3.9. Advanced Authentication Features .......................................................
16.4. Identity Management .....................................................................................
16.4.1. Configuring IdentityManager ................................................................
16.4.2. JpaIdentityStore ..................................................................................
16.4.3. LdapIdentityStore ................................................................................
16.4.4. Writing your own IdentityStore .............................................................
16.4.5. Authentication with Identity Management ..............................................
16.4.6. Using IdentityManager ........................................................................
16.5. Error Messages .............................................................................................
16.6. Authorization .................................................................................................
16.6.1. Core concepts ....................................................................................
16.6.2. Securing components .........................................................................
16.6.3. Security in the user interface ...............................................................
16.6.4. Securing pages ..................................................................................
16.6.5. Securing Entities ................................................................................
16.6.6. Typesafe Permission Annotations ........................................................
16.6.7. Typesafe Role Annotations .................................................................

233
234
234
234
237
238
238
241
242
243
244
244
245
246
252
254
254
254
259
260
260
261
263
265
265
268
269

vii

Seam - Contextual Components

16.6.8. The Permission Authorization Model .................................................... 270
16.6.9. RuleBasedPermissionResolver ............................................................ 273
16.6.10. PersistentPermissionResolver ............................................................
16.7. Permission Management ...............................................................................
16.7.1. PermissionManager ............................................................................
16.7.2. Permission checks for PermissionManager operations ..........................
16.8. SSL Security .................................................................................................
16.8.1. Overriding the default ports .................................................................
16.9. CAPTCHA ....................................................................................................
16.9.1. Configuring the CAPTCHA Servlet .......................................................
16.9.2. Adding a CAPTCHA to a form .............................................................
16.9.3. Customising the CAPTCHA algorithm ..................................................
16.10. Security Events ...........................................................................................
16.11. Run As .......................................................................................................
16.12. Extending the Identity component .................................................................
16.13. OpenID .......................................................................................................
16.13.1. Configuring OpenID ..........................................................................

278
287
287
288
289
290
290
290
291
291
292
292
293
294
294

16.13.2. Presenting an OpenIdDLogin form .....................................................
16.13.3. Logging in immediately .....................................................................
16.13.4. Deferring login ..................................................................................
16.13.5. Logging out ......................................................................................
17. Internationalization, localization and themes .........................................................
17.1. Internationalizing your app .............................................................................
17.1.1. Application server configuration ...........................................................
17.1.2. Translated application strings ..............................................................
17.1.3. Other encoding settings ......................................................................
17.2. Locales .........................................................................................................
17.3. Labels ..........................................................................................................
17.3.1. Defining labels ....................................................................................
17.3.2. Displaying labels ................................................................................
17.3.3. Faces messages ................................................................................
17.4. Timezones ....................................................................................................
17.5. Themes ........................................................................................................
17.6. Persisting locale and theme preferences via cookies .......................................
18. Seam Text ..............................................................................................................
18.1. Basic fomatting .............................................................................................
18.2. Entering code and text with special characters ................................................
18.3. Links ............................................................................................................
18.4. Entering HTML ..............................................................................................
18.5. Using the SeamTextParser ............................................................................
19. iText PDF generation .............................................................................................
19.1. Using PDF Support .......................................................................................
19.1.1. Creating a document ..........................................................................
19.1.2. Basic Text Elements ...........................................................................

295
295
296
296
297
297
297
298
298
299
300
300
301
302
302
303
304
305
305
307
308
309
309
311
311
311
312

viii

19.1.3. Headers and Footers .......................................................................... 317
19.1.4. Chapters and Sections ........................................................................ 318
19.1.5. Lists ...................................................................................................
19.1.6. Tables ................................................................................................
19.1.7. Document Constants ..........................................................................
19.2. Charting ........................................................................................................
19.3. Bar codes .....................................................................................................
19.4. Fill-in-forms ...................................................................................................
19.5. Rendering Swing/AWT components ................................................................
19.6. Configuring iText ...........................................................................................
19.7. Further documentation ...................................................................................
20. The Microsoft® Excel® spreadsheet application ....................................................
20.1. The Microsoft® Excel® spreadsheet application support ..................................
20.2. Creating a simple workbook ...........................................................................
20.3. Workbooks ....................................................................................................
20.4. Worksheets ...................................................................................................
20.5. Columns .......................................................................................................

320
321
324
324
333
334
335
336
337
339
339
340
341
343
347

20.6. Cells .............................................................................................................
20.6.1. Validation ...........................................................................................
20.6.2. Format masks ....................................................................................
20.7. Formulas ......................................................................................................
20.8. Images .........................................................................................................
20.9. Hyperlinks .....................................................................................................
20.10. Headers and footers ....................................................................................
20.11. Print areas and titles ...................................................................................
20.12. Worksheet Commands .................................................................................
20.12.1. Grouping ..........................................................................................
20.12.2. Page breaks .....................................................................................
20.12.3. Merging ............................................................................................
20.13. Datatable exporter .......................................................................................
20.14. Fonts and layout .........................................................................................
20.14.1. Stylesheet links ................................................................................
20.14.2. Fonts ...............................................................................................
20.14.3. Borders ............................................................................................
20.14.4. Background ......................................................................................
20.14.5. Column settings ................................................................................
20.14.6. Cell settings .....................................................................................
20.14.7. The datatable exporter ......................................................................
20.14.8. Layout examples ..............................................................................
20.14.9. Limitations ........................................................................................
20.15. Internationalization .......................................................................................
20.16. Links and further documentation ...................................................................
21. RSS support ...........................................................................................................
21.1. Installation ....................................................................................................

348
349
353
353
354
355
356
358
359
359
360
361
361
362
363
363
364
365
365
365
366
366
366
366
367
369
369

ix

Seam - Contextual Components

21.2. Generating feeds ........................................................................................... 369
21.3. Feeds ........................................................................................................... 370
21.4. Entries ..........................................................................................................
21.5. Links and further documentation ....................................................................
22. Email ......................................................................................................................
22.1. Creating a message ......................................................................................
22.1.1. Attachments .......................................................................................
22.1.2. HTML/Text alternative part ..................................................................
22.1.3. Multiple recipients ...............................................................................
22.1.4. Multiple messages ..............................................................................
22.1.5. Templating .........................................................................................
22.1.6. Internationalisation ..............................................................................
22.1.7. Other Headers ....................................................................................
22.2. Receiving emails ...........................................................................................
22.3. Configuration .................................................................................................
22.3.1. mailSession ........................................................................................
22.4. Tags .............................................................................................................

370
371
373
373
374
376
376
376
376
377
378
378
379
379
380

23. Asynchronicity and messaging ..............................................................................
23.1. Messaging in Seam .......................................................................................
23.1.1. Configuration ......................................................................................
23.1.2. Sending messages .............................................................................
23.1.3. Receiving messages using a message-driven bean ..............................
23.1.4. Receiving messages in the client .........................................................
23.2. Asynchronicity ...............................................................................................
23.2.1. Asynchronous methods .......................................................................
23.2.2. Asynchronous methods with the Quartz Dispatcher ...............................
23.2.3. Asynchronous events ..........................................................................
23.2.4. Handling exceptions from asynchronous calls .......................................
24. Caching ..................................................................................................................
24.1. Using Caching in Seam .................................................................................
24.2. Page fragment caching ..................................................................................
25. Web Services .........................................................................................................
25.1. Configuration and Packaging .........................................................................
25.2. Conversational Web Services ........................................................................
25.2.1. A Recommended Strategy ..................................................................
25.3. An example web service ................................................................................
25.4. RESTful HTTP webservices with RESTEasy ...................................................
25.4.1. RESTEasy configuration and request serving .......................................
25.4.2. Resources as Seam components ........................................................
25.4.3. Securing resources .............................................................................
25.4.4. Mapping exceptions to HTTP responses ..............................................
25.4.5. Exposing entities via RESTful API .......................................................
25.4.6. Testing resources and providers ..........................................................
26. Remoting ................................................................................................................

383
383
383
384
385
386
386
387
390
393
393
395
396
398
401
401
401
402
403
405
405
408
411
411
412
415
417

x

26.1. Configuration ................................................................................................. 417
26.2. The "Seam" object ........................................................................................ 418
26.2.1. A Hello World example .......................................................................
26.2.2. Seam.Component ...............................................................................
26.2.3. Seam.Remoting ..................................................................................
26.3. Client Interfaces ............................................................................................
26.4. The Context ..................................................................................................
26.4.1. Setting and reading the Conversation ID ..............................................
26.4.2. Remote calls within the current conversation scope ..............................
26.5. Batch Requests .............................................................................................
26.6. Working with Data types ................................................................................
26.6.1. Primitives / Basic Types ......................................................................
26.6.2. JavaBeans .........................................................................................
26.6.3. Dates and Times ................................................................................
26.6.4. Enums ...............................................................................................
26.6.5. Collections .........................................................................................
26.7. Debugging ....................................................................................................

418
420
422
422
423
423
423
424
424
424
425
425
425
426
427

26.8. Handling Exceptions ......................................................................................
26.9. The Loading Message ...................................................................................
26.9.1. Changing the message .......................................................................
26.9.2. Hiding the loading message ................................................................
26.9.3. A Custom Loading Indicator ................................................................
26.10. Controlling what data is returned ..................................................................
26.10.1. Constraining normal fields .................................................................
26.10.2. Constraining Maps and Collections ....................................................
26.10.3. Constraining objects of a specific type ...............................................
26.10.4. Combining Constraints ......................................................................
26.11. Transactional Requests ...............................................................................
26.12. JMS Messaging ...........................................................................................
26.12.1. Configuration ....................................................................................
26.12.2. Subscribing to a JMS Topic ...............................................................
26.12.3. Unsubscribing from a Topic ...............................................................
26.12.4. Tuning the Polling Process ................................................................
27. Seam and the Google Web Toolkit ........................................................................
27.1. Configuration .................................................................................................
27.2. Preparing your component .............................................................................
27.3. Hooking up a GWT widget to the Seam component .........................................
27.4. GWT Ant Targets ..........................................................................................
27.5. GWT Maven plugin .......................................................................................
28. Spring Framework integration ...............................................................................
28.1. Injecting Seam components into Spring beans ................................................
28.2. Injecting Spring beans into Seam components ................................................
28.3. Making a Spring bean into a Seam component ...............................................
28.4. Seam-scoped Spring beans ...........................................................................

427
427
428
428
428
428
429
429
430
430
430
431
431
431
432
432
433
433
433
434
436
437
439
439
441
441
442

xi

Seam - Contextual Components

28.5. Using Spring PlatformTransactionManagement ............................................... 443
28.6. Using a Seam Managed Persistence Context in Spring .................................... 444
28.7. Using a Seam Managed Hibernate Session in Spring ......................................
28.8. Spring Application Context as a Seam Component ..........................................
28.9. Using a Spring TaskExecutor for @Asynchronous ...........................................
29. Guice integration ...................................................................................................
29.1. Creating a hybrid Seam-Guice component ......................................................
29.2. Configuring an injector ...................................................................................
29.3. Using multiple injectors ..................................................................................
30. Hibernate Search ...................................................................................................
30.1. Introduction ...................................................................................................
30.2. Configuration .................................................................................................
30.3. Usage ...........................................................................................................
31. Configuring Seam and packaging Seam applications ............................................
31.1. Basic Seam configuration ..............................................................................
31.1.1. Integrating Seam with JSF and your servlet container ...........................
31.1.2. Seam Resource Servlet ......................................................................

446
446
447
449
449
450
451
453
453
453
454
457
457
457
459

31.1.3. Seam servlet filters ............................................................................. 459
31.1.4. Integrating Seam with your EJB container ............................................ 464
31.1.5. Don't forget! ....................................................................................... 468
31.2. Using Alternate JPA Providers ....................................................................... 468
31.3. Configuring Seam in Java EE 6 ..................................................................... 469
31.3.1. Packaging .......................................................................................... 469
31.4. Configuring Seam without EJB ....................................................................... 471
31.4.1. Boostrapping Hibernate in Seam ......................................................... 471
31.4.2. Boostrapping JPA in Seam ................................................................. 472
31.4.3. Packaging .......................................................................................... 472
31.5. Configuring Seam in Java SE ........................................................................ 473
31.6. Configuring jBPM in Seam ............................................................................. 473
31.6.1. Packaging .......................................................................................... 474
31.7. Deployment in JBoss AS 7 ............................................................................ 475
31.8. Configuring SFSB and Session Timeouts in JBoss AS 7 .................................. 478
31.9. Running Seam in a Portlet ............................................................................. 479
31.10. Deploying custom resources ........................................................................ 479
32. Seam annotations .................................................................................................. 483
32.1. Annotations for component definition .............................................................. 483
32.2. Annotations for bijection ................................................................................ 486
32.3. Annotations for component lifecycle methods .................................................. 490
32.4. Annotations for context demarcation ............................................................... 491
32.5. Annotations for use with Seam JavaBean components in a J2EE environment... 495
32.6. Annotations for exceptions ............................................................................. 496
32.7. Annotations for Seam Remoting ..................................................................... 496
32.8. Annotations for Seam interceptors .................................................................. 497
32.9. Annotations for asynchronicity ........................................................................ 497

xii

32.10. Annotations for use with JSF ....................................................................... 498
32.10.1. Annotations for use with dataTable .................................................... 499
32.11. Meta-annotations for databinding ..................................................................
32.12. Annotations for packaging ............................................................................
32.13. Annotations for integrating with the servlet container ......................................
33. Built-in Seam components .....................................................................................
33.1. Context injection components ........................................................................
33.2. JSF-related components ................................................................................
33.3. Utility components .........................................................................................
33.4. Components for internationalization and themes ..............................................
33.5. Components for controlling conversations .......................................................
33.6. jBPM-related components ..............................................................................
33.7. Security-related components ..........................................................................
33.8. JMS-related components ...............................................................................
33.9. Mail-related components ................................................................................
33.10. Infrastructural components ...........................................................................
33.11. Miscellaneous components ..........................................................................

500
500
501
503
503
503
505
506
507
508
510
510
510
511
513

33.12. Special components ....................................................................................
Seam JSF controls .................................................................................................
34.1. Tags .............................................................................................................
34.1.1. Navigation Controls ............................................................................
34.1.2. Converters and Validators ...................................................................
34.1.3. Formatting ..........................................................................................
34.1.4. Seam Text .........................................................................................
34.1.5. Form support ......................................................................................
34.1.6. Other .................................................................................................
34.2. Annotations ...................................................................................................
JBoss EL ................................................................................................................
35.1. Parameterized Expressions ............................................................................
35.1.1. Usage ................................................................................................
35.1.2. Limitations and Hints ..........................................................................
35.2. Projection ......................................................................................................
Clustering and EJB Passivation ............................................................................
36.1. Clustering .....................................................................................................
36.1.1. Programming for clustering .................................................................
36.1.2. Deploying a Seam application to a JBoss AS cluster with session
replication ......................................................................................................
36.2. EJB Passivation and the ManagedEntityInterceptor .........................................
36.2.1. The friction between passivation and persistence ..................................
36.2.2. Case #1: Surviving EJB passivation .....................................................
36.2.3. Case #2: Surviving HTTP session replication ........................................
36.2.4. ManagedEntityInterceptor wrap-up .......................................................
Performance Tuning ...............................................................................................
37.1. Bypassing Interceptors ..................................................................................

514
517
517
517
520
526
529
530
533
537
539
539
539
541
542
545
545
546

34.

35.

36.

37.

546
549
550
551
551
552
553
553

xiii

Seam - Contextual Components

38. Testing Seam applications ..................................................................................... 555
38.1. Unit testing Seam components ....................................................................... 555
38.2. Integration testing Seam components .............................................................
38.2.1. Configuration ......................................................................................
38.2.2. Using JUnitSeamTest with Arquillian ....................................................
38.2.3. Integration testing Seam application user interactions ............................
39. Dependencies .........................................................................................................
39.1. JDK Dependencies ........................................................................................
39.1.1. Oracle's JDK 6 Considerations ............................................................
39.2. Project Dependencies ....................................................................................
39.2.1. Core ..................................................................................................
39.2.2. RichFaces ..........................................................................................
39.2.3. Seam Mail ..........................................................................................
39.2.4. Seam PDF .........................................................................................
39.2.5. Seam Microsoft Excel .........................................................................
39.2.6. Seam RSS support .............................................................................
39.2.7. Drools ................................................................................................

556
558
559
561
569
569
569
569
569
570
570
571
571
571
572

39.2.8. JBPM .................................................................................................
39.2.9. GWT ..................................................................................................
39.2.10. Spring ..............................................................................................
39.2.11. Groovy .............................................................................................
39.3. Dependency Management using Maven .........................................................

572
572
572
573
573

xiv

Introduction to JBoss Seam
Seam is an application framework for Enterprise Java. It is inspired by the following principles:
One kind of "stuff"
Seam defines a uniform component model for all business logic in your application. A
Seam component may be stateful, with the state associated with any one of several welldefined contexts, including the long-running, persistent, business process context and the
conversation context, which is preserved across multiple web requests in a user interaction.
There is no distinction between presentation tier components and business logic components
in Seam. You can layer your application according to whatever architecture you devise, rather
than being forced to shoehorn your application logic into an unnatural layering scheme forced
upon you by whatever combination of stovepipe frameworks you're using today.
Unlike plain Java EE or Java EE components, Seam components may simultaneously access
state associated with the web request and state held in transactional resources (without the
need to propagate web request state manually via method parameters). You might object
that the application layering imposed upon you by the old Java EE platform was a Good
Thing. Well, nothing stops you creating an equivalent layered architecture using Seam — the
difference is that you get to architect your own application and decide what the layers are and
how they work together.
Integrate JSF with EJB 3.0
JSF and EJB 3 are two of the best new features of Java EE 5. EJB3 is a brand new
component model for server side business and persistence logic. Meanwhile, JSF is a great
component model for the presentation tier. Unfortunately, neither component model is able
to solve all problems in computing by itself. Indeed, JSF and EJB3 work best used together.
But the Java EE 5 specification provides no standard way to integrate the two component
models. Fortunately, the creators of both models foresaw this situation and provided standard
extension points to allow extension and integration with other frameworks.
Seam unifies the component models of JSF and EJB 3, eliminating glue code, and letting the
developer think about the business problem.
It is possible to write Seam applications where "everything" is an EJB. This may come as a
surprise if you're used to thinking of EJBs as coarse-grained, so-called "heavyweight" objects.
However, version 3.0 has completely changed the nature of EJB from the point of view of
the developer. An EJB is a fine-grained object — nothing more complex than an annotated
JavaBean. Seam even encourages you to use session beans as JSF action listeners!
On the other hand, if you prefer not to adopt EJB 3.0 at this time, you don't have to. Virtually
any Java class may be a Seam component, and Seam provides all the functionality that you
expect from a "lightweight" container, and more, for any component, EJB or otherwise.
Integrated with Java EE6
While Seam 2.2 was targeted Java EE 5 mainly, you can use some Java EE 6 technologies
also on Seam 2.3.x.

xv

Introduction to JBoss Seam

Seam 2 and some of its extensions/implementations were added into Java EE 6 as CDI
technology. So this should be a current focus of majority users. But for previous Seam 2.2
users who doesn't want or can't use pure Java EE 6, we bring some new features from the
Java EE 6 set like JSF 2, JPA 2 and Bean Validation integrations into Seam 2.3.x.

Note
Be warned - Seam 2.3 should work only on Java EE 6 certified server like
JBoss AS 7 is.

Integrated AJAX
Seam supports the best open source JSF-based AJAX solutions: RichFaces and ICEfaces.
These solutions let you add AJAX capability to your user interface without the need to write
any JavaScript code.
Alternatively, Seam provides a built-in JavaScript remoting layer that lets you call components
asynchronously from client-side JavaScript without the need for an intermediate action layer.
You can even subscribe to server-side JMS topics and receive messages via AJAX push.
Neither of these approaches would work well, were it not for Seam's built-in concurrency and
state management, which ensures that many concurrent fine-grained, asynchronous AJAX
requests are handled safely and efficiently on the server side.
Business process as a first class construct
Optionally, Seam provides transparent business process management via jBPM. You won't
believe how easy it is to implement complex workflows, collaboration and task management
using jBPM and Seam.
Seam even allows you to define presentation tier pageflow using the same language (jPDL)
that jBPM uses for business process definition.
JSF provides an incredibly rich event model for the presentation tier. Seam enhances this
model by exposing jBPM's business process related events via exactly the same event
handling mechanism, providing a uniform event model for Seam's uniform component model.
Declarative state management
We're all used to the concept of declarative transaction management and declarative
security from the early days of EJB. EJB 3.0 even introduces declarative persistence
context management. These are three examples of a broader problem of managing state
that is associated with a particular context, while ensuring that all needed cleanup occurs
when the context ends. Seam takes the concept of declarative state management much
further and applies it to application state. Traditionally, Java EE applications implement
state management manually, by getting and setting servlet session and request attributes.
This approach to state management is the source of many bugs and memory leaks when
applications fail to clean up session attributes, or when session data associated with different

xvi

workflows collides in a multi-window application. Seam has the potential to almost entirely
eliminate this class of bugs.
Declarative application state management is made possible by the richness of the context
model defined by Seam. Seam extends the context model defined by the servlet spec —
request, session, application — with two new contexts — conversation and business process
— that are more meaningful from the point of view of the business logic.
You'll be amazed at how many things become easier once you start using conversations. Have
you ever suffered pain dealing with lazy association fetching in an ORM solution like Hibernate
or JPA? Seam's conversation-scoped persistence contexts mean you'll rarely have to see a
LazyInitializationException. Have you ever had problems with the refresh button? The
back button? With duplicate form submission? With propagating messages across a postthen-redirect? Seam's conversation management solves these problems without you even
needing to really think about them. They're all symptoms of the broken state management
architecture that has been prevalent since the earliest days of the web.
Bijection
The notion of Inversion of Control or dependency injection exists in both JSF and EJB3, as
well as in numerous so-called "lightweight containers". Most of these containers emphasize
injection of components that implement stateless services. Even when injection of stateful
components is supported (such as in JSF), it is virtually useless for handling application
state because the scope of the stateful component cannot be defined with sufficient flexibility,
and because components belonging to wider scopes may not be injected into components
belonging to narrower scopes.
Bijection differs from IoC in that it is dynamic, contextual, and bidirectional. You can think of
it as a mechanism for aliasing contextual variables (names in the various contexts bound to
the current thread) to attributes of the component. Bijection allows auto-assembly of stateful
components by the container. It even allows a component to safely and easily manipulate the
value of a context variable, just by assigning it to an attribute of the component.
Workspace management and multi-window browsing
Seam applications let the user freely switch between multiple browser tabs, each associated
with a different, safely isolated, conversation. Applications may even take advantage of
workspace management, allowing the user to switch between conversations (workspaces) in
a single browser tab. Seam provides not only correct multi-window operation, but also multiwindow-like operation in a single window!
Prefer annotations to XML
Traditionally, the Java community has been in a state of deep confusion about precisely
what kinds of meta-information counts as configuration. Java EE and popular "lightweight"
containers have provided XML-based deployment descriptors both for things which are
truly configurable between different deployments of the system, and for any other kinds or
declaration which can not easily be expressed in Java. Java 5 annotations changed all this.
EJB 3.0 embraces annotations and "configuration by exception" as the easiest way to provide
information to the container in a declarative form. Unfortunately, JSF is still heavily dependent

xvii

Introduction to JBoss Seam

on verbose XML configuration files. Seam extends the annotations provided by EJB 3.0 with
a set of annotations for declarative state management and declarative context demarcation.
This lets you eliminate the noisy JSF managed bean declarations and reduce the required
XML to just that information which truly belongs in XML (the JSF navigation rules).
Integration testing is easy
Seam components, being plain Java classes, are by nature unit testable. But for complex
applications, unit testing alone is insufficient. Integration testing has traditionally been a messy
and difficult task for Java web applications. Therefore, Seam provides for testability of Seam
applications as a core feature of the framework. You can easily write JUnit or TestNG tests
that reproduce a whole interaction with a user, exercising all components of the system apart
from the view. You can run these tests directly inside your IDE, where Seam will automatically
deploy EJB components using Arquillian.
The specs ain't perfect
We think the latest incarnation of Java EE is great. But we know it's never going to be perfect.
Where there are holes in the specifications (for example, limitations in the JSF lifecycle for
GET requests), Seam fixes them. And the authors of Seam are working with the JCP expert
groups to make sure those fixes make their way back into the next revision of the standards.
There's more to a web application than serving HTML pages
Today's web frameworks think too small. They let you get user input off a form and into
your Java objects. And then they leave you hanging. A truly complete web application
framework should address problems like persistence, concurrency, asynchronicity, state
management, security, email, messaging, PDF and chart generation, workflow, wikitext
rendering, webservices, caching and more. Once you scratch the surface of Seam, you'll be
amazed at how many problems become simpler...
Seam integrates JPA and Hibernate for persistence, the EJB Timer Service and Quartz for
lightweight asychronicity, jBPM for workflow, JBoss Rules for business rules, Meldware Mail
for email, Hibernate Search and Lucene for full text search, JMS for messaging and JBoss
Cache for page fragment caching. Seam layers an innovative rule-based security framework
over JAAS and JBoss Rules. There's even JSF tag libraries for rendering PDF, outgoing
email, charts and wikitext. Seam components may be called synchronously as a Web Service,
asynchronously from client-side JavaScript or Google Web Toolkit or, of course, directly from
JSF.
Get started now!
Seam should work in any Java EE application server, and even works in Tomcat. If your
environment supports EJB 3.0 or 3.1, great! If it doesn't, no problem, you can use Seam's
built-in transaction management with JPA or Hibernate for persistence.

xviii

Contribute to Seam

It turns out that the combination of Seam, JSF and EJB is the simplest way to write a complex
web application in Java. You won't believe how little code is required!

1. Contribute to Seam
Visit SeamFramework.org [http://www.seamframework.org/Community/Contribute] to find out
how to contribute to Seam!

xix

xx

Chapter 1.

Seam Tutorial
1.1. Using the Seam examples
Seam provides a number of example applications demonstrating how to use the various features of
Seam. This tutorial will guide you through a few of those examples to help you get started learning
Seam. The Seam examples are located in the examples subdirectory of the Seam distribution. The
registration example, which will be the first example we look at, is in the examples/registration
directory.
Each example has the very similar directory structure which is based on
Maven
project structure defaults [http://maven.apache.org/guides/introduction/introduction-to-thestandard-directory-layout.html]:

• The -ear directory contains enterprise application submodule files such as
aggregator for web application files, EJB project.
• The -web directory contains web application submodule view-related files such as
web page templates, images and stylesheets.
• The -ejb directory contains Enterprise Java Beans components.
• The -tests directory contains integration and functional tests.

• The -web/src/main/webapp directory contains view-related files such as web page
templates, images and stylesheets.
• The -[ear|ejb]/src/main/resources directory contains deployment descriptors
and other configuration files.
• The -ejb/src/main/java directory contains the application source code.
The example applications run on JBoss AS 7.1.1 with no additional configuration. The following
sections will explain the procedure. Note that all the examples are built and run from the Maven
pom.xml, so you'll need at least version 3.x of Maven installed before you get started. At the time
of writing this text recent version of Maven was 3.0.4.

1.1.1. Running the examples on JBoss AS
The examples are configured for use on JBoss AS 7.1. You'll need to set JBOSS_HOME, in your
environment, to the location of your JBoss AS installation.
Once you've set the location of JBoss AS and started the application server, you can build any
example by typing mvn install in the example root directory. Any example is deployed by

1

Chapter 1. Seam Tutorial

changing directory to *-ear or *-web directory in case of existence only *-web submodule. Type in
that submodule mvn jboss-as:deploy. Any example that is packaged as an EAR deploys to a
URL like /seam-example, where example is the name of the example folder, with one exception.
If the example folder begins with seam, the prefix "seam" is ommitted. For instance, if JBoss AS
is running on port 8080, the URL for the registration example is http://localhost:8080/seamregistration/ [http://localhost:8080/seam-registration/], whereas the URL for the seamspace
example is http://localhost:8080/seam-space/ [http://localhost:8080/seam-space/].
If, on the other hand, the example gets packaged as a WAR, then it deploys to a URL like /jbossseam-example. Several of the examples can only be deployed as a WAR. Those examples are
groovybooking, hibernate, jpa, and spring.

1.1.2. Running the example tests
Most of the examples come with a suite of Arquillian JUnit integration tests. The easiest way to
run the tests is to run mvn verify -Darquillian=jbossas-managed-7. It is also possible to run
the tests inside your IDE using the JUnit plugin. Consult the readme.txt in the examples directory
of the Seam distribution for more information.

1.2. Your first Seam application: the registration
example
The registration example is a simple application that lets a new user store his username, real name
and password in the database. The example isn't intended to show off all of the cool functionality
of Seam. However, it demonstrates the use of an EJB3 session bean as a JSF action listener,
and basic configuration of Seam.
We'll go slowly, since we realize you might not yet be familiar with EJB 3.0.
The start page displays a very basic form with three input fields. Try filling them in and then
submitting the form. This will save a user object in the database.

2

Understanding the code

1.2.1. Understanding the code
The example is implemented with two Facelets templates, one entity bean and one stateless
session bean. Let's take a look at the code, starting from the "bottom".

1.2.1.1. The entity bean: User.java
We need an JPA entity bean for user data. This class defines persistence and validation
declaratively, via annotations. It also needs some extra annotations that define the class as a
Seam component.

Example 1.1. User.java

@Entity
@Name("user")
@Scope(SESSION)
@Table(name="users")
public class User implements Serializable
{
private static final long serialVersionUID = 1881413500711441951L;
private String username;
private String password;

3

Chapter 1. Seam Tutorial

private String name;
public User(String name, String password, String username)
{
this.name = name;
this.password = password;
this.username = username;
}
public User() {}
@NotNull @Size(min=5, max=15)
public String getPassword()
{
return password;
}
public void setPassword(String password)
{
this.password = password;
}
@NotNull
public String getName()
{
return name;
}
public void setName(String name)
{
this.name = name;
}
@Id @NotNull @Size(min=5, max=15)
public String getUsername()
{
return username;
}
public void setUsername(String username)
{
this.username = username;
}

4

Understanding the code

}

The JPA standard @Entity annotation indicates that the User class is an entity bean.
A Seam component needs a component name specified by the @Name annotation. This
name must be unique within the Seam application. When JSF asks Seam to resolve a context
variable with a name that is the same as a Seam component name, and the context variable
is currently undefined (null), Seam will instantiate that component, and bind the new instance
to the context variable. In this case, Seam will instantiate a User the first time JSF encounters
a variable named user.
Whenever Seam instantiates a component, it binds the new instance to a context variable
in the component's default context. The default context is specified using the @Scope
annotation. The User bean is a session scoped component.
The JPA standard @Table annotation indicates that the User class is mapped to the users
table.
name, password and username are the persistent attributes of the entity bean. All of our
persistent attributes define accessor methods. These are needed when this component is
used by JSF in the render response and update model values phases.
An empty constructor is both required by both the JPA specification and by Seam.
The @NotNull and @Size annotations are part of the Bean Validation annotations
specification (JSR-303). Seam integrates Bean Validation through Hibernate Validator, which
is the reference implementation, and lets you use it for data validation (even if you are not
using Hibernate for persistence).
The JPA standard @Id annotation indicates the primary key attribute of the entity bean.
The most important things to notice in this example are the @Name and @Scope annotations. These
annotations establish that this class is a Seam component.
We'll see below that the properties of our User class are bound directly to JSF components and
are populated by JSF during the update model values phase. We don't need any tedious glue
code to copy data back and forth between the JSF pages and the entity bean domain model.
However, entity beans shouldn't do transaction management or database access. So we can't
use this component as a JSF action listener. For that we need a session bean.

1.2.1.2. The stateless session bean class: RegisterAction.java
Most Seam application use session beans as JSF action listeners (you can use JavaBeans instead
if you like).
We have exactly one JSF action in our application, and one session bean method attached to it.
In this case, we'll use a stateless session bean, since all the state associated with our action is
held by the User bean.
This is the only really interesting code in the example!

5

Chapter 1. Seam Tutorial

Example 1.2. RegisterAction.java

@Stateless
@Name("register")
public class RegisterAction implements Register
{
@In
private User user;
@PersistenceContext
private EntityManager em;
@Logger
private Log log;
public String register()
{
List existing = em.createQuery(
"select username from User where username = #{user.username}")
.getResultList();
if (existing.size()==0)
{
em.persist(user);
log.info("Registered new user #{user.username}");
return "/registered.xhtml";
}
else
{
FacesMessages.instance().add("User #{user.username} already exists");
return null;
}
}
}

The EJB @Stateless annotation marks this class as a stateless session bean.
The @In annotation marks an attribute of the bean as injected by Seam. In this case, the
attribute is injected from a context variable named user (the instance variable name).
The EJB standard @PersistenceContext annotation is used to inject the JPA entity
manager.

6

Understanding the code

The Seam @Logger annotation is used to inject the component's Log instance.
The action listener method uses the standard JPA EntityManager API to interact with the
database, and returns the JSF outcome. Note that, since this is a session bean, a transaction
is automatically begun when the register() method is called, and committed when it
completes.
Notice that Seam lets you use a JSF EL expression inside JPQL. Under the covers, this
results in an ordinary JPA setParameter() call on the standard JPA Query object. Nice,
huh?
The Log API lets us easily display templated log messages which can also make use of JSF
EL expressions.
JSF action listener methods return a string-valued outcome that determines what page will
be displayed next. A null outcome (or a void action listener method) redisplays the previous
page. In plain JSF, it is normal to always use a JSF navigation rule to determine the JSF view
id from the outcome. For complex application this indirection is useful and a good practice.
However, for very simple examples like this one, Seam lets you use the JSF view id as the
outcome, eliminating the requirement for a navigation rule. Note that when you use a view
id as an outcome, Seam always performs a browser redirect.
Seam provides a number of built-in components to help solve common problems. The
FacesMessages component makes it easy to display templated error or success messages.
(As of Seam 2.1, you can use StatusMessages instead to remove the semantic dependency
on JSF). Built-in Seam components may be obtained by injection, or by calling the
instance() method on the class of the built-in component.
Note that we did not explicitly specify a @Scope this time. Each Seam component type has a default
scope if not explicitly specified. For stateless session beans, the default scope is the stateless
context, which is the only sensible value.
Our session bean action listener performs the business and persistence logic for our miniapplication. In more complex applications, we might need require a separate service layer. This
is easy to achieve with Seam, but it's overkill for most web applications. Seam does not force you
into any particular strategy for application layering, allowing your application to be as simple, or
as complex, as you want.
Note that in this simple application, we've actually made it far more complex than it needs to be.
If we had used the Seam application framework controllers, we would have eliminated all of our
application code. However, then we wouldn't have had much of an application to explain.

1.2.1.3. The session bean local interface: Register.java
Naturally, our session bean needs a local interface.

Example 1.3. Register.java

@Local
public interface Register

7

Chapter 1. Seam Tutorial

{
public String register();
}

That's the end of the Java code. Now we'll look at the view.

1.2.1.4. The view: register.xhtml and registered.xhtml
The view pages for a Seam application could be implemented using any technology that supports
JSF. In this example we use Facelets, because we think it's better than JSF.

Example 1.4. register.xhtml





Register New User


f:view>



Username: 
Real Name: 
Password: 









8

Understanding the code

The only thing here that is specific to Seam is the  tag. This JSF component
tells JSF to validate all the contained input fields against the Bean Validation annotations specified
on the entity bean.

Example 1.5. registered.xhtml





Successfully Registered New User



Welcome, #{user.name}, you are successfully registered as #{user.username}.




This is a simple Facelets page using some inline EL. There's nothing specific to Seam here.

1.2.1.5. The Seam component deployment descriptor: components.xml
Since this is the first Seam app we've seen, we'll take a look at the deployment descriptors.
Before we get into them, it is worth noting that Seam strongly values minimal configuration. These
configuration files will be created for you when you create a Seam application. You'll never need
to touch most of these files. We're presenting them now only to help you understand what all the
pieces in the example are doing.
If you've used many Java frameworks before, you'll be used to having to declare all your
component classes in some kind of XML file that gradually grows more and more unmanageable
as your project matures. You'll be relieved to know that Seam does not require that application
components be accompanied by XML. Most Seam applications require a very small amount of
XML that does not grow very much as the project gets bigger.
Nevertheless, it is often useful to be able to provide for some external configuration of some
components (particularly the components built in to Seam). You have a couple of options here,
but the most flexible option is to provide this configuration in a file called components.xml, located
in the WEB-INF directory. We'll use the components.xml file to tell Seam how to find our EJB
components in JNDI:

9

Chapter 1. Seam Tutorial

Example 1.6. components.xml






This code configures a property named jndiPattern of a built-in Seam component named
org.jboss.seam.core.init. The funny @ symbols are there because our Maven build
puts the correct JNDI pattern in when we deploy the application, which it reads from the
components.properties file. You learn more about how this process works in Section 6.2,
“Configuring components via components.xml”.

Note
Eclipse M2e Web tools plugin can't use the @ for token property filtering. Fortunately
there works the other way which is in Maven filtering defined - ${property}.

1.2.1.6. The web deployment description: web.xml
The presentation layer for our mini-application will be deployed in a WAR. So we'll need a web
deployment descriptor.

Example 1.7. web.xml




10

Understanding the code


org.jboss.seam.servlet.SeamListener


javax.faces.DEFAULT_SUFFIX
.xhtml


Faces Servlet
javax.faces.webapp.FacesServlet
1


Faces Servlet
*.seam


10



This web.xml file configures Seam and JSF. The configuration you see here is pretty much
identical in all Seam applications.

1.2.1.7. The JSF configuration: faces-config.xml
Most Seam applications use JSF views as the presentation layer. So usually we'll need facesconfig.xml. In our case, we are going to use Facelets for defining our views, so we need to tell
JSF to use Facelets as its templating engine.

Example 1.8. faces-config.xml




11

Chapter 1. Seam Tutorial



Note that we don't need any JSF managed bean declarations and neither FaceletViewHandler
definition as Facelets are default view technology in JSF 2! Our managed beans are annotated
Seam components. So basically we don't need faces-config.xml at all, but here is the facesconfig.xml as the template for advanced JSF configurations.
In fact, once you have all the basic descriptors set up, the only XML you need to write as you
add new functionality to a Seam application is orchestration: navigation rules or jBPM process
definitions. Seam's stand is that process flow and configuration data are the only things that truly
belong in XML.
In this simple example, we don't even need a navigation rule, since we decided to embed the
view id in our action code.

1.2.1.8. The EJB deployment descriptor: ejb-jar.xml
The ejb-jar.xml file integrates Seam with EJB3, by attaching the SeamInterceptor to all
session beans in the archive.





org.jboss.seam.ejb.SeamInterceptor




*
org.jboss.seam.ejb.SeamInterceptor




12

Understanding the code

1.2.1.9. The JPA persistence deployment descriptor: persistence.xml
The persistence.xml file tells the JPA persistence provider where to find the datasource, and
contains some vendor-specific settings. In this case, enables automatic schema export at startup
time.




org.hibernate.ejb.HibernatePersistence
java:jboss/datasources/ExampleDS






1.2.1.10. The EAR deployment descriptor: application.xml
Finally, since our application is deployed as an EAR, we need a deployment descriptor there, too.

Note
This file can be generated by Maven EAR plugin and registration application has
got this set up in registration-ear/pom.xml.

Just for clarity, the following is the result of that generation:

Example 1.9. registration application



registration-ear


registration-web.war
/seam-registration



registration-ejb.jar


jboss-seam.jar



This deployment descriptor links modules in the enterprise archive and binds the web application
to the context root /seam-registration.
We've now seen all the files in the entire application!

1.2.2. How it works
When the form is submitted, JSF asks Seam to resolve the variable named user. Since there is no
value already bound to that name (in any Seam context), Seam instantiates the user component,
and returns the resulting User entity bean instance to JSF after storing it in the Seam session
context.
The form input values are now validated against the Bean Validator constraints specified on the
User entity. If the constraints are violated, JSF redisplays the page. Otherwise, JSF binds the form
input values to properties of the User entity bean.
Next, JSF asks Seam to resolve the variable named register. Seam uses the JNDI pattern
mentioned earlier to locate the stateless session bean, wraps it as a Seam component, and returns
it. Seam then presents this component to JSF and JSF invokes the register() action listener
method.
But Seam is not done yet. Seam intercepts the method call and injects the User entity from the
Seam session context, before allowing the invocation to continue.
The register() method checks if a user with the entered username already exists. If so, an error
message is queued with the FacesMessages component, and a null outcome is returned, causing
a page redisplay. The FacesMessages component interpolates the JSF expression embedded in
the message string and adds a JSF FacesMessage to the view.

14

Clickable lists in Seam: the messages example

If no user with that username exists, the "/registered.xhtml" outcome triggers a browser
redirect to the registered.xhtml page. When JSF comes to render the page, it asks Seam to
resolve the variable named user and uses property values of the returned User entity from Seam's
session scope.

1.3. Clickable lists in Seam: the messages example
Clickable lists of database search results are such an important part of any online application that
Seam provides special functionality on top of JSF to make it easier to query data using JPQL
or HQL and display it as a clickable list using a JSF . The messages example
demonstrates this functionality.

1.3.1. Understanding the code
The message list example has one entity bean, Message, one session bean, MessageListBean
and one JSF.

15

Chapter 1. Seam Tutorial

1.3.1.1. The entity bean: Message.java
The Message entity defines the title, text, date and time of a message, and a flag indicating whether
the message has been read:

Example 1.10. Message.java

@Entity
@Name("message")
@Scope(EVENT)
public class Message implements Serializable
{
private Long id;
private String title;
private String text;
private boolean read;
private Date datetime;
@Id @GeneratedValue
public Long getId()
{
return id;
}
public void setId(Long id)
{
this.id = id;
}
@NotNull @Size(max=100)
public String getTitle()
{
return title;
}
public void setTitle(String title)
{
this.title = title;
}
@NotNull @Lob
public String getText()
{
return text;
}
public void setText(String text)

16

Understanding the code

{
this.text = text;
}
@NotNull
public boolean isRead()
{
return read;
}
public void setRead(boolean read)
{
this.read = read;
}
@NotNull
@Basic @Temporal(TemporalType.TIMESTAMP)
public Date getDatetime()
{
return datetime;
}
public void setDatetime(Date datetime)
{
this.datetime = datetime;
}
}

1.3.1.2. The stateful session bean: MessageManagerBean.java
Just like in the previous example, we have a session bean, MessageManagerBean, which defines
the action listener methods for the two buttons on our form. One of the buttons selects a message
from the list, and displays that message. The other button deletes a message. So far, this is not
so different to the previous example.
But MessageManagerBean is also responsible for fetching the list of messages the first time we
navigate to the message list page. There are various ways the user could navigate to the page,
and not all of them are preceded by a JSF action — the user might have bookmarked the page, for
example. So the job of fetching the message list takes place in a Seam factory method, instead
of in an action listener method.
We want to cache the list of messages in memory between server requests, so we will make this
a stateful session bean.

17

Chapter 1. Seam Tutorial

Example 1.11. MessageManagerBean.java

@Stateful
@Scope(SESSION)
@Name("messageManager")
public class MessageManagerBean implements Serializable, MessageManager
{
@DataModel
private List messageList;
@DataModelSelection
@Out(required=false)
private Message message;
@PersistenceContext(type=EXTENDED)
private EntityManager em;
@Factory("messageList")
public void findMessages()
{
messageList = em.createQuery("select msg from Message msg order by msg.datetime desc")
.getResultList();
}
public void select()
{
message.setRead(true);
}
public void delete()
{
messageList.remove(message);
em.remove(message);
message=null;
}
@Remove
public void destroy() {}
}

18

Understanding the code

The @DataModel annotation exposes an attribute of type java.util.List to the JSF page
as an instance of javax.faces.model.DataModel. This allows us to use the list in a JSF
 with clickable links for each row. In this case, the DataModel is made

available in a session context variable named messageList.
The @DataModelSelection annotation tells Seam to inject the List element that
corresponded to the clicked link.
The @Out annotation then exposes the selected value directly to the page. So every time
a row of the clickable list is selected, the Message is injected to the attribute of the stateful
bean, and the subsequently outjected to the event context variable named message.
This stateful bean has an JPA extended persistence context. The messages retrieved in the
query remain in the managed state as long as the bean exists, so any subsequent method
calls to the stateful bean can update them without needing to make any explicit call to the
EntityManager.
The first time we navigate to the JSF page, there will be no value in the messageList context
variable. The @Factory annotation tells Seam to create an instance of MessageManagerBean
and invoke the findMessages() method to initialize the value. We call findMessages() a
factory method for messages.
The select() action listener method marks the selected Message as read, and updates it
in the database.
The delete() action listener method removes the selected Message from the database.
All stateful session bean Seam components must have a method with no parameters marked
@Remove that Seam uses to remove the stateful bean when the Seam context ends, and
clean up any server-side state.
Note that this is a session-scoped Seam component. It is associated with the user login session,
and all requests from a login session share the same instance of the component. (In Seam
applications, we usually use session-scoped components sparingly.)

1.3.1.3. The session bean local interface: MessageManager.java
All session beans have a business interface, of course.

Example 1.12. MessageManager.java

@Local
public interface MessageManager
{
public void findMessages();
public void select();
public void delete();
public void destroy();
}

From now on, we won't show local interfaces in our code examples.

19

Chapter 1. Seam Tutorial

Let's skip over components.xml, persistence.xml, web.xml, ejb-jar.xml, faces-config.xml
and application.xml since they are much the same as the previous example, and go straight
to the JSF.

1.3.1.4. The view: messages.xhtml
The JSF page is a straightforward use of the JSF  component. Again, nothing
specific to Seam.

Example 1.13. messages.xhtml





Messages



Message List



















20

How it works















1.3.2. How it works
The first time we navigate to the messages.xhtml page, the page will try to resolve the
messageList context variable. Since this context variable is not initialized, Seam will call the
factory method findMessages(), which performs a query against the database and results in
a DataModel being outjected. This DataModel provides the row data needed for rendering the
.
When the user clicks the , JSF calls the select() action listener. Seam
intercepts this call and injects the selected row data into the message attribute of the
messageManager component. The action listener fires, marking the selected Message as read. At
the end of the call, Seam outjects the selected Message to the context variable named message.
Next, the EJB container commits the transaction, and the change to the Message is flushed to
the database. Finally, the page is re-rendered, redisplaying the message list, and displaying the
selected message below it.
If the user clicks the , JSF calls the delete() action listener. Seam intercepts
this call and injects the selected row data into the message attribute of the messageManager
component. The action listener fires, removing the selected Message from the list, and also
calling remove() on the EntityManager. At the end of the call, Seam refreshes the messageList
context variable and clears the context variable named message. The EJB container commits
the transaction, and deletes the Message from the database. Finally, the page is re-rendered,
redisplaying the message list.

1.4. Seam and jBPM: the todo list example
jBPM provides sophisticated functionality for workflow and task management. To get a small taste
of how jBPM integrates with Seam, we'll show you a simple "todo list" application. Since managing
lists of tasks is such core functionality for jBPM, there is hardly any Java code at all in this example.

21

Chapter 1. Seam Tutorial

1.4.1. Understanding the code
The center of this example is the jBPM process definition. There are also two JSFs and two trivial
JavaBeans (There was no reason to use session beans, since they do not access the database,
or have any other transactional behavior). Let's start with the process definition:

Example 1.14. todo.jpdl.xml












22

Understanding the code




The  node represents the logical start of the process. When the process
starts, it immediately transitions to the todo node.
The  node represents a wait state, where business process execution pauses,
waiting for one or more tasks to be performed.
The  element defines a task to be performed by a user. Since there is only one task
defined on this node, when it is complete, execution resumes, and we transition to the end
state. The task gets its description from a Seam component named todoList (one of the
JavaBeans).
Tasks need to be assigned to a user or group of users when they are created. In this case,
the task is assigned to the current user, which we get from a built-in Seam component named
actor. Any Seam component may be used to perform task assignment.
The  node defines the logical end of the business process. When execution
reaches this node, the process instance is destroyed.
This document defines our business process as a graph of nodes. This is the most trivial possible
business process: there is one task to be performed, and when that task is complete, the business
process ends.
The first JavaBean handles the login screen login.xhtml. Its job is just to initialize the jBPM actor
id using the actor component. In a real application, it would also need to authenticate the user.

Example 1.15. Login.java

@Name("login")
public class Login
{
@In
private Actor actor;
private String user;
public String getUser()
{
return user;
}
public void setUser(String user)
{
this.user = user;
}

23

Chapter 1. Seam Tutorial

public String login()
{
actor.setId(user);
return "/todo.xhtml";
}
}

Here we see the use of @In to inject the built-in Actor component.
The JSF itself is trivial:

Example 1.16. login.xhtml





Login


Login











The second JavaBean is responsible for starting business process instances, and ending tasks.

Example 1.17. TodoList.java

@Name("todoList")

24

Understanding the code

public class TodoList
{
private String description;
public String getDescription()
{
return description;
}
public void setDescription(String description)
{
this.description = description;
}
@CreateProcess(definition="todo")
public void createTodo() {}
@StartTask @EndTask
public void done() {}
}

The description property accepts user input from the JSF page, and exposes it to the process
definition, allowing the task description to be set.
The Seam @CreateProcess annotation creates a new jBPM process instance for the named
process definition.
The Seam @StartTask annotation starts work on a task. The @EndTask ends the task, and
allows the business process execution to resume.
In a more realistic example, @StartTask and @EndTask would not appear on the same method,
because there is usually work to be done using the application in order to complete the task.
Finally, the core of the application is in todo.xhtml:

Example 1.18. todo.xhtml






25

Chapter 1. Seam Tutorial

Todo List


Todo List







































26

Understanding the code


















Let's take this one piece at a time.
The page renders a list of tasks, which it gets from a built-in Seam component named
taskInstanceList. The list is defined inside a JSF form.

Example 1.19. todo.xhtml





...




Each element of the list is an instance of the jBPM class TaskInstance. The following code simply
displays the interesting properties of each task in the list. For the description, priority and due
date, we use input controls, to allow the user to update these values.





27

Chapter 1. Seam Tutorial



























Note
Seam provides a default JSF date converter for converting a string to a date (no
time). Thus, the converter is not necessary for the field bound to #{task.dueDate}.

This button ends the task by calling the action method annotated @StartTask @EndTask. It passes
the task id to Seam as a request parameter:





Note that this is using a Seam  JSF control from the seam-ui.jar package. This
button is used to update the properties of the tasks. When the form is submitted, Seam and jBPM
will make any changes to the tasks persistent. There is no need for any action listener method:

28

How it works



A second form on the page is used to create new items, by calling the action method annotated
@CreateProcess.








1.4.2. How it works
After logging in, todo.xhtml uses the taskInstanceList component to display a table of
outstanding todo items for a the current user. Initially there are none. It also presents a form to
enter a new entry. When the user types the todo item and hits the "Create New Item" button,
#{todoList.createTodo} is called. This starts the todo process, as defined in todo.jpdl.xml.
The process instance is created, starting in the start state and immediately transition to the todo
state, where a new task is created. The task description is set based on the user's input, which
was saved to #{todoList.description}. Then, the task is assigned to the current user, which
was stored in the seam actor component. Note that in this example, the process has no extra
process state. All the state in this example is stored in the task definition. The process and task
information is stored in the database at the end of the request.
When todo.xhtml is redisplayed, taskInstanceList now finds the task that was just created.
The task is shown in an h:dataTable. The internal state of the task is displayed in each column:
#{task.description}, #{task.priority}, #{task.dueDate}, etc... These fields can all be
edited and saved back to the database.
Each todo item also has "Done" button, which calls #{todoList.done}. The todoList component
knows which task the button is for because each s:button specificies taskInstance="#{task}",
referring to the task for that particular line of the table. The @StartTast and @EndTask annotations
cause seam to make the task active and immediately complete the task. The original process then
transitions into the done state, according to the process definition, where it ends. The state of the
task and process are both updated in the database.
When todo.xhtml is displayed again, the now-completed task is no longer displayed in the
taskInstanceList, since that component only display active tasks for the user.

29

Chapter 1. Seam Tutorial

1.5. Seam pageflow: the numberguess example
For Seam applications with relatively freeform (ad hoc) navigation, JSF/Seam navigation rules are
a perfectly good way to define the page flow. For applications with a more constrained style of
navigation, especially for user interfaces which are more stateful, navigation rules make it difficult
to really understand the flow of the system. To understand the flow, you need to piece it together
from the view pages, the actions and the navigation rules.
Seam allows you to use a jPDL process definition to define pageflow. The simple number guessing
example shows how this is done.

1.5.1. Understanding the code
The example is implemented using one JavaBean, three JSF pages and a jPDL pageflow
definition. Let's begin with the pageflow:

Example 1.20. pageflow.jpdl.xml







30

Understanding the code
































The  element defines a wait state where the system displays a particular JSF view
and waits for user input. The view-id is the same JSF view id used in plain JSF navigation
rules. The redirect attribute tells Seam to use post-then-redirect when navigating to the
page. (This results in friendly browser URLs.)

31

Chapter 1. Seam Tutorial

The  element names a JSF outcome. The transition is triggered when a JSF
action results in that outcome. Execution will then proceed to the next node of the pageflow
graph, after invocation of any jBPM transition actions.
A transition  is just like a JSF action, except that it occurs when a jBPM transition
occurs. The transition action can invoke any Seam component.
A  node branches the pageflow, and determines the next node to execute by
evaluating a JSF EL expression.
Now that we have seen the pageflow, it is very, very easy to understand the rest of the application!
Here is the main page of the application, numberGuess.xhtml:

Example 1.21. numberGuess.xhtml




Guess a number...




Guess a number...







I'm thinking of a number between  and
. You have

guesses.

32

Understanding the code



Your guess:




















Notice how the command button names the guess transition instead of calling an action directly.
The win.xhtml page is predictable:

Example 1.22. win.xhtml



33

Chapter 1. Seam Tutorial



You won!



You won!
Yes,
the
answer
was
.
It took you  guesses.

Would you like to play again?



The lose.xhtml looks roughly the same, so we'll skip over it.
Finally, we'll look at the actual application code:

Example 1.23. NumberGuess.java

@Name("numberGuess")
@Scope(ScopeType.CONVERSATION)
public class NumberGuess implements Serializable {
private int randomNumber;
private Integer currentGuess;
private int biggest;
private int smallest;
private int guessCount;
private int maxGuesses;
private boolean cheated;
@Create
public void begin()
{
randomNumber = new Random().nextInt(100);
guessCount = 0;
biggest = 100;

34

Understanding the code

smallest = 1;
}
public void setCurrentGuess(Integer guess)
{
this.currentGuess = guess;
}
public Integer getCurrentGuess()
{
return currentGuess;
}
public void guess()
{
if (currentGuess>randomNumber)
{
biggest = currentGuess - 1;
}
if (currentGuess getPossibilities()
{
List result = new ArrayList();
for(int i=smallest; i<=biggest; i++) result.add(i);
return result;
}
}

The first time a JSF page asks for a numberGuess component, Seam will create a new one
for it, and the @Create method will be invoked, allowing the component to initialize itself.

36

How it works

The pages.xml file starts a Seam conversation (much more about that later), and specifies the
pageflow definition to use for the conversation's page flow.

Example 1.24. pages.xml








As you can see, this Seam component is pure business logic! It doesn't need to know anything at
all about the user interaction flow. This makes the component potentially more reuseable.

1.5.2. How it works
We'll step through basic flow of the application. The game starts with the numberGuess.xhtml
view. When the page is first displayed, the pages.xml configuration causes conversation to begin
and associates the numberGuess pageflow with that conversation. The pageflow starts with a
start-page tag, which is a wait state, so the numberGuess.xhtml is rendered.
The view references the numberGuess component, causing a new instance to be created and
stored in the conversation. The @Create method is called, initializing the state of the game. The
view displays an h:form that allows the user to edit #{numberGuess.currentGuess}.
The "Guess" button triggers the guess action. Seam defers to the pageflow to handle the
action, which says that the pageflow should transition to the evaluateGuess state, first invoking
#{numberGuess.guess}, which updates the guess count and highest/lowest suggestions in the
numberGuess component.

The evaluateGuess state checks the value of #{numberGuess.correctGuess} and transitions
either to the win or evaluatingRemainingGuesses state. We'll assume the number was incorrect,
in which case the pageflow transitions to evaluatingRemainingGuesses. That is also a decision
state, which tests the #{numberGuess.lastGuess} state to determine whether or not the user
has more guesses. If there are more guesses (lastGuess is false), we transition back to the
original displayGuess state. Finally we've reached a page state, so the associated page /
numberGuess.xhtml is displayed. Since the page has a redirect element, Seam sends a redirect
to the user's browser, starting the process over.

37

Chapter 1. Seam Tutorial

We won't follow the state any more except to note that if on a future request either the win or the
lose transition were taken, the user would be taken to either the /win.xhtml or /lose.xhtml.
Both states specify that Seam should end the conversation, tossing away all the game state and
pageflow state, before redirecting the user to the final page.
The numberguess example also contains Giveup and Cheat buttons. You should be able to trace
the pageflow state for both actions relatively easily. Pay particular attention to the cheat transition,
which loads a sub-process to handle that flow. Although it's overkill for this application, it does
demonstrate how complex pageflows can be broken down into smaller parts to make them easier
to understand.

1.6. A complete Seam application: the Hotel Booking
example
1.6.1. Introduction
The booking application is a complete hotel room reservation system incorporating the following
features:

• User registration
• Login
• Logout
• Set password
• Hotel search
• Hotel selection
• Room reservation
• Reservation confirmation
• Existing reservation list

38

Introduction

The booking application uses JSF 2, EJB 3.0 and Seam, together with Facelets for the view. There
is also a port of this application to JSF 2, Seam, JavaBeans and Hibernate4.
One of the things you'll notice if you play with this application for long enough is that it is extremely
robust. You can play with back buttons and browser refresh and opening multiple windows and
entering nonsensical data as much as you like and you will find it very difficult to make the

39

Chapter 1. Seam Tutorial

application crash. You might think that we spent weeks testing and fixing bugs to achieve this.
Actually, this is not the case. Seam was designed to make it very straightforward to build robust
web applications and a lot of robustness that you are probably used to having to code yourself
comes naturally and automatically with Seam.
As you browse the sourcecode of the example application, and learn how the application works,
observe how the declarative state management and integrated validation has been used to
achieve this robustness.

1.6.2. Overview of the booking example
The project structure is identical to the previous one, to install and deploy this application, please
refer to Section 1.1, “Using the Seam examples”. Once you've successfully started the application,
you can access it by pointing your browser to http://localhost:8080/seam-booking/ [http://
localhost:8080/seam-booking/]
The application uses six session beans for to implement the business logic for the listed features.
• AuthenticatorAction provides the login authentication logic.
• BookingListAction retrieves existing bookings for the currently logged in user.
• ChangePasswordAction updates the password of the currently logged in user.
• HotelBookingAction implements booking and confirmation functionality. This functionality is
implemented as a conversation, so this is one of the most interesting classes in the application.
• HotelSearchingAction implements the hotel search functionality.
• RegisterAction registers a new system user.
Three entity beans implement the application's persistent domain model.
• Hotel is an entity bean that represent a hotel
• Booking is an entity bean that represents an existing booking
• User is an entity bean to represents a user who can make hotel bookings

1.6.3. Understanding Seam conversations
We encourage you browse the sourcecode at your pleasure. In this tutorial we'll concentrate
upon one particular piece of functionality: hotel search, selection, booking and confirmation. From
the point of view of the user, everything from selecting a hotel to confirming a booking is one
continuous unit of work, a conversation. Searching, however, is not part of the conversation. The
user can select multiple hotels from the same search results page, in different browser tabs.
Most web application architectures have no first class construct to represent a conversation. This
causes enormous problems managing conversational state. Usually, Java web applications use a
combination of several techniques. Some state can be transfered in the URL. What can't is either

40

Understanding Seam conversations

thrown into the HttpSession or flushed to the database after every request, and reconstructed
from the database at the beginning of each new request.
Since the database is the least scalable tier, this often results in an utterly unacceptable lack of
scalability. Added latency is also a problem, due to the extra traffic to and from the database on
every request. To reduce this redundant traffic, Java applications often introduce a data (secondlevel) cache that keeps commonly accessed data between requests. This cache is necessarily
inefficient, because invalidation is based upon an LRU policy instead of being based upon when
the user has finished working with the data. Furthermore, because the cache is shared between
many concurrent transactions, we've introduced a whole raft of problem's associated with keeping
the cached state consistent with the database.
Now consider the state held in the HttpSession. The HttpSession is great place for true session
data, data that is common to all requests that the user has with the application. However, it's a bad
place to store data related to individual series of requests. Using the session of conversational
quickly breaks down when dealing with the back button and multiple windows. On top of that,
without careful programming, data in the HTTP Session can grow quite large, making the HTTP
session difficult to cluster. Developing mechanisms to isolate session state associated with
different concurrent conversations, and incorporating failsafes to ensure that conversation state
is destroyed when the user aborts one of the conversations by closing a browser window or tab
is not for the faint hearted. Fortunately, with Seam, you don't have to worry about that.
Seam introduces the conversation context as a first class construct. You can safely keep
conversational state in this context, and be assured that it will have a well-defined lifecycle. Even
better, you won't need to be continually pushing data back and forth between the application
server and the database, since the conversation context is a natural cache of data that the user
is currently working with.
In this application, we'll use the conversation context to store stateful session beans. There is
an ancient canard in the Java community that stateful session beans are a scalability killer. This
may have been true in the early days of enterprise Java, but it is no longer true today. Modern
application servers have extremely sophisticated mechanisms for stateful session bean state
replication. JBoss AS, for example, performs fine-grained replication, replicating only those bean
attribute values which actually changed. Note that all the traditional technical arguments for why
stateful beans are inefficient apply equally to the HttpSession, so the practice of shifting state from
business tier stateful session bean components to the web session to try and improve performance
is unbelievably misguided. It is certainly possible to write unscalable applications using stateful
session beans, by using stateful beans incorrectly, or by using them for the wrong thing. But that
doesn't mean you should never use them. If you remain unconvinced, Seam allows the use of
POJOs instead of stateful session beans. With Seam, the choice is yours.
The booking example application shows how stateful components with different scopes can
collaborate together to achieve complex behaviors. The main page of the booking application
allows the user to search for hotels. The search results are kept in the Seam session scope. When
the user navigates to one of these hotels, a conversation begins, and a conversation scoped
component calls back to the session scoped component to retrieve the selected hotel.

41

Chapter 1. Seam Tutorial

The booking example also demonstrates the use of RichFaces Ajax to implement rich client
behavior without the use of handwritten JavaScript.
The search functionality is implemented using a session-scope stateful session bean, similar to
the one we saw in the message list example.

Example 1.25. HotelSearchingAction.java

@Stateful
@Name("hotelSearch")
@Scope(ScopeType.SESSION)
@Restrict("#{identity.loggedIn}")
public class HotelSearchingAction implements HotelSearching
{
@PersistenceContext
private EntityManager em;
private String searchString;
private int pageSize = 10;
private int page;
@DataModel
private List hotels;
public void find()
{
page = 0;
queryHotels();
}
public void nextPage()
{
page++;
queryHotels();
}
private void queryHotels()
{
hotels =
em.createQuery("select h from Hotel h where lower(h.name) like #{pattern} " +
"or lower(h.city) like #{pattern} " +
"or lower(h.zip) like #{pattern} " +
"or lower(h.address) like #{pattern}")
.setMaxResults(pageSize)

42

Understanding Seam conversations

.setFirstResult( page * pageSize )
.getResultList();
}
public boolean isNextPageAvailable()
{
return hotels!=null && hotels.size()==pageSize;
}
public int getPageSize() {
return pageSize;
}
public void setPageSize(int pageSize) {
this.pageSize = pageSize;
}
@Factory(value="pattern", scope=ScopeType.EVENT)
public String getSearchPattern()
{
return searchString==null ?
"%" : '%' + searchString.toLowerCase().replace('*', '%') + '%';
}
public String getSearchString()
{
return searchString;
}
public void setSearchString(String searchString)
{
this.searchString = searchString;
}
@Remove
public void destroy() {}
}

The EJB standard @Stateful annotation identifies this class as a stateful session bean.
Stateful session beans are scoped to the conversation context by default.
The @Restrict annotation applies a security restriction to the component. It restricts access
to the component allowing only logged-in users. The security chapter explains more about
security in Seam.

43

Chapter 1. Seam Tutorial

The @DataModel annotation exposes a List as a JSF ListDataModel. This makes it easy
to implement clickable lists for search screens. In this case, the list of hotels is exposed to
the page as a ListDataModel in the conversation variable named hotels.
The EJB standard @Remove annotation specifies that a stateful session bean should be
removed and its state destroyed after invocation of the annotated method. In Seam, all
stateful session beans must define a method with no parameters marked @Remove. This
method will be called when Seam destroys the session context.
The main page of the application is a Facelets page. Let's look at the fragment which relates to
searching for hotels:

Example 1.26. main.xhtml





Search Hotels





 

 







Maximum results: 






44

Understanding Seam conversations









Name
#{hot.name}


Address
#{hot.address}


City, State
#{hot.city}, #{hot.state}, #{hot.country}


Zip
#{hot.zip}


Action







The RichFaces  tag allows a JSF action event listener to be called by asynchronous
XMLHttpRequest when a JavaScript event like onkeyup occurs. Even better, the render
attribute lets us render a fragment of the JSF page and perform a partial page update when
the asynchronous response is received.
The RichFaces  tag lets us display an animated image while we wait for
asynchronous requests to return.

45

Chapter 1. Seam Tutorial

The RichFaces  tag defines a region of the page which can be re-rendered
by an asynchronous request.
The Seam  tag lets us attach a JSF action listener to an ordinary (non-JavaScript)
HTML link. The advantage of this over the standard JSF  is that it preserves
the operation of "open in new window" and "open in new tab".
If you're wondering how navigation occurs, you can find all the rules in WEB-INF/pages.xml;
this is discussed in Section 7.7, “Navigation”.
This page displays the search results dynamically as we type, and lets us choose a hotel and pass
it to the selectHotel() method of the HotelBookingAction, which is where the really interesting
stuff is going to happen.
Now let's see how the booking example application uses a conversation-scoped stateful session
bean to achieve a natural cache of persistent data related to the conversation. The following code
example is pretty long. But if you think of it as a list of scripted actions that implement the various
steps of the conversation, it's understandable. Read the class from top to bottom, as if it were
a story.

Example 1.27. HotelBookingAction.java

@Stateful
@Name("hotelBooking")
@Restrict("#{identity.loggedIn}")
public class HotelBookingAction implements HotelBooking
{
@PersistenceContext(type=EXTENDED)
private EntityManager em;
@In
private User user;
@In(required=false) @Out
private Hotel hotel;
@In(required=false)
@Out(required=false)
private Booking booking;
@In
private FacesMessages facesMessages;
@In
private Events events;

46

Understanding Seam conversations

@Logger
private Log log;
private boolean bookingValid;
@Begin
public void selectHotel(Hotel selectedHotel)
{
hotel = em.merge(selectedHotel);
}
public void bookHotel()
{
booking = new Booking(hotel, user);
Calendar calendar = Calendar.getInstance();
booking.setCheckinDate( calendar.getTime() );
calendar.add(Calendar.DAY_OF_MONTH, 1);
booking.setCheckoutDate( calendar.getTime() );
}
public void setBookingDetails()
{
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.DAY_OF_MONTH, -1);
if ( booking.getCheckinDate().before( calendar.getTime() ) )
{
facesMessages.addToControl("checkinDate", "Check in date must be a future date");
bookingValid=false;
}
else if ( !booking.getCheckinDate().before( booking.getCheckoutDate() ) )
{
facesMessages.addToControl("checkoutDate",
"Check out date must be later than check in date");
bookingValid=false;
}
else
{
bookingValid=true;
}
}
public boolean isBookingValid()
{

47

Chapter 1. Seam Tutorial

return bookingValid;
}
@End
public void confirm()
{
em.persist(booking);
facesMessages.add("Thank you, #{user.name}, your confimation number " +
" for #{hotel.name} is #{booki g.id}");
log.info("New booking: #{booking.id} for #{user.username}");
events.raiseTransactionSuccessEvent("bookingConfirmed");
}
@End
public void cancel() {}
@Remove
public void destroy() {}

This bean uses an EJB3 extended persistence context, so that any entity instances remain
managed for the whole lifecycle of the stateful session bean.
The @Out annotation declares that an attribute value is outjected to a context variable after
method invocations. In this case, the context variable named hotel will be set to the value
of the hotel instance variable after every action listener invocation completes.
The @Begin annotation specifies that the annotated method begins a long-running
conversation, so the current conversation context will not be destroyed at the end of the
request. Instead, it will be reassociated with every request from the current window, and
destroyed either by timeout due to conversation inactivity or invocation of a matching @End
method.
The @End annotation specifies that the annotated method ends the current long-running
conversation, so the current conversation context will be destroyed at the end of the request.
This EJB remove method will be called when Seam destroys the conversation context. Don't
forget to define this method!
HotelBookingAction contains all the action listener methods that implement selection, booking

and booking confirmation, and holds state related to this work in its instance variables. We think
you'll agree that this code is much cleaner and simpler than getting and setting HttpSession
attributes.
Even better, a user can have multiple isolated conversations per login session. Try it! Log in, run
a search, and navigate to different hotel pages in multiple browser tabs. You'll be able to work
on creating two different hotel reservations at the same time. If you leave any one conversation
inactive for long enough, Seam will eventually time out that conversation and destroy its state. If,
after ending a conversation, you backbutton to a page of that conversation and try to perform an

48

The Seam Debug Page

action, Seam will detect that the conversation was already ended, and redirect you to the search
page.

1.6.4. The Seam Debug Page
The WAR also includes seam-debug.jar. The Seam debug page will be available if this jar is
deployed in WEB-INF/lib, along with the Facelets, and if you set the debug property of the init
component:



This page lets you browse and inspect the Seam components in any of the Seam contexts
associated with your current login session. Just point your browser at http://localhost:8080/
seam-booking/debug.seam [http://localhost:8080/seam-booking/debug.seam].

49

Chapter 1. Seam Tutorial

1.7. Nested conversations: extending the Hotel Booking
example
1.7.1. Introduction
Long-running conversations make it simple to maintain consistency of state in an application
even in the face of multi-window operation and back-buttoning. Unfortunately, simply beginning
and ending a long-running conversation is not always enough. Depending on the requirements
of the application, inconsistencies between what the user's expectations and the reality of the
application’s state can still result.

50

Introduction

The nested booking application extends the features of the hotel booking application to incorporate
the selection of rooms. Each hotel has available rooms with descriptions for a user to select from.
This requires the addition of a room selection page in the hotel reservation flow.

The user now has the option to select any available room to be included in the booking. As with
the hotel booking application we saw previously, this can lead to issues with state consistency.
As with storing state in the HTTPSession, if a conversation variable changes it affects all windows
operating within the same conversation context.

51

Chapter 1. Seam Tutorial

To demonstrate this, let’s suppose the user clones the room selection screen in a new window.
The user then selects the Wonderful Room and proceeds to the confirmation screen. To see just
how much it would cost to live the high-life, the user returns to the original window, selects the
Fantastic Suite for booking, and again proceeds to confirmation. After reviewing the total cost,
the user decides that practicality wins out and returns to the window showing Wonderful Room
to confirm.
In this scenario, if we simply store all state in the conversation, we are not protected from multiwindow operation within the same conversation. Nested conversations allow us to achieve correct
behavior even when context can vary within the same conversation.

1.7.2. Understanding Nested Conversations
Now let's see how the nested booking example extends the behavior of the hotel booking
application through use of nested conversations. Again, we can read the class from top to bottom,
as if it were a story.

Example 1.28. RoomPreferenceAction.java

@Stateful
@Name("roomPreference")
@Restrict("#{identity.loggedIn}")
public class RoomPreferenceAction implements RoomPreference
{
@Logger
private Log log;
@In private Hotel hotel;
@In private Booking booking;
@DataModel(value="availableRooms")
private List availableRooms;
@DataModelSelection(value="availableRooms")
private Room roomSelection;
@In(required=false, value="roomSelection")
@Out(required=false, value="roomSelection")
private Room room;
@Factory("availableRooms")
public void loadAvailableRooms()
{

52

Understanding Nested Conversations

availableRooms = hotel.getAvailableRooms(booking.getCheckinDate(), booking.getCheckoutDate());
log.info("Retrieved #0 available rooms", availableRooms.size());
}
public BigDecimal getExpectedPrice()
{
log.info("Retrieving price for room #0", roomSelection.getName());
return booking.getTotal(roomSelection);
}
@Begin(nested=true)
public String selectPreference()
{
log.info("Room selected");
this.room = this.roomSelection;
return "payment";
}
public String requestConfirmation()
{
// all validations are performed through the s:validateAll, so checks are already
// performed
log.info("Request confirmation from user");
return "confirm";
}
@End(beforeRedirect=true)
public String cancel()
{
log.info("ending conversation");
return "cancel";
}
@Destroy @Remove
public void destroy() {}
}

53

Chapter 1. Seam Tutorial

The hotel instance is injected from the conversation context. The hotel is loaded through
an extended persistence context so that the entity remains managed throughout the
conversation. This allows us to lazily load the availableRooms through an @Factory method
by simply walking the association.
When @Begin(nested=true) is encountered, a nested conversation is pushed onto the
conversation stack. When executing within a nested conversation, components still have
access to all outer conversation state, but setting any values in the nested conversation’s
state container does not affect the outer conversation. In addition, nested conversations can
exist concurrently stacked on the same outer conversation, allowing independent state for
each.
The roomSelection is outjected to the conversation based on the @DataModelSelection.
Note that because the nested conversation has an independent context, the roomSelection
is only set into the new nested conversation. Should the user select a different preference in
another window or tab a new nested conversation would be started.
The @End annotation pops the conversation stack and resumes the outer conversation. The
roomSelection is destroyed along with the conversation context.
When we begin a nested conversation it is pushed onto the conversation stack. In the
nestedbooking example, the conversation stack consists of the outer long-running conversation
(the booking) and each of the nested conversations (room selections).

Example 1.29. rooms.xhtml


Room Preference






 


Name
#{room.name}


Description

54

value="#{availableRooms}"

var="room"

Understanding Nested Conversations

#{room.description}


Per Night





Action
Select




 







When requested from EL, the #{availableRooms} are loaded by the @Factory method
defined in RoomPreferenceAction. The @Factory method will only be executed once to load
the values into the current context as a @DataModel instance.
Invoking the #{roomPreference.selectPreference} action results in the row being
selected and set into the @DataModelSelection. This value is then outjected to the nested
conversation context.
Revising the dates simply returns to the /book.xhtml. Note that we have not yet nested
a conversation (no room preference has been selected), so the current conversation can
simply be resumed. The  component simply propagates the current conversation
when displaying the /book.xhtml view.
Now that we have seen how to nest a conversation, let's see how we can confirm the booking
once a room has been selected. This can be achieved by simply extending the behavior of the
HotelBookingAction.

Example 1.30. HotelBookingAction.java

@Stateful
@Name("hotelBooking")

55

Chapter 1. Seam Tutorial

@Restrict("#{identity.loggedIn}")
public class HotelBookingAction implements HotelBooking
{
@PersistenceContext(type=EXTENDED)
private EntityManager em;
@In
private User user;
@In(required=false) @Out
private Hotel hotel;
@In(required=false)
@Out(required=false)
private Booking booking;
@In(required=false)
private Room roomSelection;
@In
private FacesMessages facesMessages;
@In
private Events events;
@Logger
private Log log;
@Begin
public void selectHotel(Hotel selectedHotel)
{
log.info("Selected hotel #0", selectedHotel.getName());
hotel = em.merge(selectedHotel);
}
public String setBookingDates()
{
// the result will indicate whether or not to begin the nested conversation
// as well as the navigation. if a null result is returned, the nested
// conversation will not begin, and the user will be returned to the current
// page to fix validation issues
String result = null;

56

Understanding Nested Conversations

Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.DAY_OF_MONTH, -1);
// validate what we have received from the user so far
if ( booking.getCheckinDate().before( calendar.getTime() ) )
{
facesMessages.addToControl("checkinDate", "Check in date must be a future date");
}
else if ( !booking.getCheckinDate().before( booking.getCheckoutDate() ) )
{
facesMessages.addToControl("checkoutDate", "Check out date must be later than check
in date");
}
else
{
result = "rooms";
}
return result;
}
public void bookHotel()
{
booking = new Booking(hotel, user);
Calendar calendar = Calendar.getInstance();
booking.setCheckinDate( calendar.getTime() );
calendar.add(Calendar.DAY_OF_MONTH, 1);
booking.setCheckoutDate( calendar.getTime() );
}
@End(root=true)
public void confirm()
{
// on confirmation we set the room preference in the booking. the room preference
// will be injected based on the nested conversation we are in.
booking.setRoomPreference(roomSelection);
em.persist(booking);
facesMessages.add("Thank you, #{user.name}, your confimation number for #{hotel.name}
is #{booking.id}");
log.info("New booking: #{booking.id} for #{user.username}");
events.raiseTransactionSuccessEvent("bookingConfirmed");
}

57

Chapter 1. Seam Tutorial

@End(root=true, beforeRedirect=true)
public void cancel() {}
@Destroy @Remove
public void destroy() {}
}

Annotating an action with @End(root=true) ends the root conversation which effectively
destroys the entire conversation stack. When any conversation is ended, its nested
conversations are ended as well. As the root is the conversation that started it all, this is a
simple way to destroy and release all state associated with a workspace once the booking
is confirmed.
The roomSelection is only associated with the booking on user confirmation. While
outjecting values to the nested conversation context will not impact the outer conversation,
any objects injected from the outer conversation are injected by reference. This means that
any changing to these objects will be reflected in the parent conversation as well as other
concurrent nested conversations.
By
simply
annotating
the
cancellation
action
with
@End(root=true,
beforeRedirect=true) we can easily destroy and release all state associated with the
workspace prior to redirecting the user back to the hotel selection view.
Feel free to deploy the application, open many windows or tabs and attempt combinations of
various hotels with various room preferences. Confirming a booking always results in the correct
hotel and room preference thanks to the nested conversation model.

1.8. A complete application featuring Seam and jBPM:
the DVD Store example
The DVD Store demo application shows the practical usage of jBPM for both task management
and pageflow.
The user screens take advantage of a jPDL pageflow to implement searching and shopping cart
functionality.

58

A complete application featuring Seam and jBPM: the DVD Store example

The administration screens take use jBPM to manage the approval and shipping cycle for
orders. The business process may even be changed dynamically, by selecting a different process
definition!

59

Chapter 1. Seam Tutorial

The Seam DVD Store demo can be run from dvdstore directory, just like the other demo
applications.

1.9. Bookmarkable URLs with the Blog example
Seam makes it very easy to implement applications which keep state on the server-side. However,
server-side state is not always appropriate, especially in for functionality that serves up content.
For this kind of problem we often want to keep application state in the URL so that any page can
be accessed at any time through a bookmark. The blog example shows how to a implement an
application that supports bookmarking throughout, even on the search results page. This example
demonstrates how Seam can manage application state in the URL as well as how Seam can
rewrite those URLs to be even

60

Using "pull"-style MVC

The Blog example demonstrates the use of "pull"-style MVC, where instead of using action listener
methods to retrieve data and prepare the data for the view, the view pulls data from components
as it is being rendered.

1.9.1. Using "pull"-style MVC
This snippet from the index.xhtml facelets page displays a list of recent blog entries:

Example 1.31.




#{blogEntry.title}


61

Chapter 1. Seam Tutorial









[Posted on 


]
 








If we navigate to this page from a bookmark, how does the #{blog.recentBlogEntries} data
used by the  actually get initialized? The Blog is retrieved lazily — "pulled" —
when needed, by a Seam component named blog. This is the opposite flow of control to what is
used in traditional action-based web frameworks like Struts.

Example 1.32.

@Name("blog")
@Scope(ScopeType.STATELESS)
@AutoCreate
public class BlogService
{
@In EntityManager entityManager;
@Unwrap
public Blog getBlog()
{
return (Blog) entityManager.createQuery("select distinct b from Blog b left join fetch
b.blogEntries")
.setHint("org.hibernate.cacheable", true)

62

Bookmarkable search results page

.getSingleResult();
}
}

This component uses a seam-managed persistence context. Unlike the other examples
we've seen, this persistence context is managed by Seam, instead of by the EJB3 container.
The persistence context spans the entire web request, allowing us to avoid any exceptions
that occur when accessing unfetched associations in the view.
The @Unwrap annotation tells Seam to provide the return value of the method — the Blog
— instead of the actual BlogService component to clients. This is the Seam manager
component pattern.
This is good so far, but what about bookmarking the result of form submissions, such as a search
results page?

1.9.2. Bookmarkable search results page
The blog example has a tiny form in the top right of each page that allows the user to search for blog
entries. This is defined in a file, menu.xhtml, included by the facelets template, template.xhtml:

Example 1.33.








To implement a bookmarkable search results page, we need to perform a browser redirect after
processing the search form submission. Because we used the JSF view id as the action outcome,
Seam automatically redirects to the view id when the form is submitted. Alternatively, we could
have defined a navigation rule like this:



searchResults
/search.xhtml




63

Chapter 1. Seam Tutorial

Then the form would have looked like this:








But when we redirect, we need to include the values submitted with the form in the URL to get
a bookmarkable URL like http://localhost:8080/seam-blog/search/. JSF does not provide
an easy way to do this, but Seam does. We use two Seam features to accomplish this: page
parameters and URL rewriting. Both are defined in WEB-INF/pages.xml:

Example 1.34.







...


The page parameter instructs Seam to link the request parameter named searchPattern to
the value of #{searchService.searchPattern}, both whenever a request for the Search page
comes in and whenever a link to the search page is generated. Seam takes responsibility for
maintaining the link between URL state and application state, and you, the developer, don't have
to worry about it.
Without URL rewriting, the URL for a search on the term book would be http://localhost:8080/
seam-blog/seam/search.xhtml?searchPattern=book. This is nice, but Seam can make the
URL even simpler using a rewrite rule. The first rewrite rule, for the pattern /search/
{searchPattern}, says that any time we have a URL for search.xhtml with a searchPattern
request parameter, we can fold that URL into the simpler URL. So,the URL we saw
earlier, http://localhost:8080/seam-blog/seam/search.xhtml?searchPattern=book can
be written instead as http://localhost:8080/seam-blog/search/book.
Just like with page parameters, URL rewriting is bi-directional. That means that Seam forwards
requests for the simpler URL to the right view, and it also automatically generates the simpler

64

Bookmarkable search results page

view for you. You never need to worry about constructing URLs. It's all handled transparently
behind the scenes. The only requirement is that to use URL rewriting, the rewrite filter needs to
be enabled in components.xml.



The redirect takes us to the search.xhtml page:







posted on







Which again uses "pull"-style MVC to retrieve the actual search results using Hibernate Search.

@Name("searchService")
public class SearchService
{
@In
private FullTextEntityManager entityManager;
private String searchPattern;
@Factory("searchResults")
public List getSearchResults()
{
if (searchPattern==null || "".equals(searchPattern) ) {
searchPattern = null;
return entityManager.createQuery("select be from BlogEntry be order by date
desc").getResultList();
}

65

Chapter 1. Seam Tutorial

else
{
Map boostPerField = new HashMap();
boostPerField.put( "title", 4f );
boostPerField.put( "body", 1f );
String[] productFields = {"title", "body"};
QueryParser parser = new MultiFieldQueryParser(productFields, new StandardAnalyzer(), boostPerField);
parser.setAllowLeadingWildcard(true);
org.apache.lucene.search.Query luceneQuery;
try
{
luceneQuery = parser.parse(searchPattern);
}
catch (ParseException e)
{
return null;
}
return entityManager.createFullTextQuery(luceneQuery, BlogEntry.class)
.setMaxResults(100)
.getResultList();
}
}
public String getSearchPattern()
{
return searchPattern;
}
public void setSearchPattern(String searchPattern)
{
this.searchPattern = searchPattern;
}
}

1.9.3. Using "push"-style MVC in a RESTful application
Very occasionally, it makes more sense to use push-style MVC for processing RESTful pages,
and so Seam provides the notion of a page action. The Blog example uses a page action for the
blog entry page, entry.xhtml. Note that this is a little bit contrived, it would have been easier to
use pull-style MVC here as well.

66

Using "push"-style MVC in a RESTful application

The entryAction component works much like an action class in a traditional push-MVC actionoriented framework like Struts:

@Name("entryAction")
@Scope(STATELESS)
public class EntryAction
{
@In Blog blog;
@Out BlogEntry blogEntry;
public void loadBlogEntry(String id) throws EntryNotFoundException
{
blogEntry = blog.getBlogEntry(id);
if (blogEntry==null) throw new EntryNotFoundException(id);
}
}

Page actions are also declared in pages.xml:


...











67

Chapter 1. Seam Tutorial










Notice that the example is using page actions for post validation and the pageview counter. Also
notice the use of a parameter in the page action method binding. This was not a standard feature
of JSF EL in Java EE 5, but now it is and works like Seam lets you use it before, not just for page
actions but also in JSF method bindings.
When the entry.xhtml page is requested, Seam first binds the page parameter blogEntryId
to the model. Keep in mind that because of the URL rewriting, the blogEntryId parameter name
won't show up in the URL. Seam then runs the page action, which retrieves the needed data —
the blogEntry — and places it in the Seam event context. Finally, the following is rendered:


#{blogEntry.title}




[Posted on 


]



If the blog entry is not found in the database, the EntryNotFoundException exception is thrown.
We want this exception to result in a 404 error, not a 505, so we annotate the exception class:

@ApplicationException(rollback=true)
@HttpError(errorCode=HttpServletResponse.SC_NOT_FOUND)
public class EntryNotFoundException extends Exception
{

68

Using "push"-style MVC in a RESTful application

EntryNotFoundException(String id)
{
super("entry not found: " + id);
}
}

An alternative implementation of the example does not use the parameter in the method binding:

@Name("entryAction")
@Scope(STATELESS)
public class EntryAction
{
@In(create=true)
private Blog blog;
@In @Out
private BlogEntry blogEntry;
public void loadBlogEntry() throws EntryNotFoundException
{
blogEntry = blog.getBlogEntry( blogEntry.getId() );
if (blogEntry==null) throw new EntryNotFoundException(id);
}
}


...



...


It is a matter of taste which implementation you prefer.
The blog demo also demonstrates very simple password authentication, posting to the blog, page
fragment caching and atom feed generation.

69

70

Chapter 2.

Getting started with Seam, using
seam-gen
The Seam distribution includes a command line utility that makes it really easy to set up an Eclipse
project, generate some simple Seam skeleton code, and reverse engineer an application from a
preexisting database.
This is the easy way to get your feet wet with Seam, and gives you some ammunition for next
time you find yourself trapped in an elevator with one of those tedious Ruby guys ranting about
how great and wonderful his new toy is for building totally trivial applications that put things in
databases.
In this release, seam-gen works best for people with JBoss AS. You can use the generated project
with other J2EE or Java EE 5 application servers by making a few manual changes to the project
configuration.
You can use seam-gen without Eclipse, but in this tutorial, we want to show you how to use it in
conjunction with Eclipse for debugging and integration testing. If you don't want to install Eclipse,
you can still follow along with this tutorial—all steps can be performed from the command line.
seam-gen is basically just an intricate Ant script wrapped around Hibernate Tools, together with
some templates. That makes it easy to customize if you need to.

2.1. Before you start
Make sure you have JDK 6 (see Section 39.1, “JDK Dependencies” for details), JBoss AS 7.1.1
and Maven 3.x, along with recent versions of Eclipse, the JBoss IDE plugin for Eclipse correctly
installed before starting. Add your JBoss installation to the JBoss Server View in Eclipse. Start
JBoss in debug mode. Finally, start a command prompt in the directory where you unzipped the
Seam distribution.
JBoss has sophisticated support for hot re-deployment of WARs and EARs. Unfortunately, due
to bugs in the JVM, repeated redeployment of an EAR—which is common during development—
eventually causes the JVM to run out of perm gen space. For this reason, we recommend running
JBoss in a JVM with a large perm gen space at development time. If you're running JBoss from
JBoss IDE, you can configure this in the server launch configuration, under "VM arguments". We
suggest the following values:

-Xms512m -Xmx1024m -XX:PermSize=256m -XX:MaxPermSize=512m

If you don't have so much memory available, the following is our minimum recommendation:

71

Chapter 2. Getting started wi...

-Xms256m -Xmx512m -XX:PermSize=128m -XX:MaxPermSize=256m

If you're running JBoss from the command line, you can configure the JVM options in bin/
standalone.conf.
If you don't want to bother with this stuff now, you don't have to—come back to it later, when you
get your first OutOfMemoryException.

2.2. Setting up a new project
The first thing we need to do is configure seam-gen for your environment: JBoss AS installation
directory, project workspace, and database connection. It's easy, just type:

cd jboss-seam-2.3.0
seam setup

And you will be prompted for the needed information:

~/workspace/jboss-seam$ ./seam setup
Buildfile: build.xml
init:
setup:
[echo] Welcome to seam-gen :-)
[input] Enter your project workspace (the directory that contains your Seam projects) [C:/
Projects] [C:/Projects]
/Users/pmuir/workspace
[input] Enter your JBoss AS home directory [C:/Program Files/jboss-as-7.1.1.Final] [C:/Program
Files/jboss-as-7.1.1.Final]
/Applications/jboss-as-7.1.1.Final
[input] Enter the project name [myproject] [myproject]
helloworld
[echo] Accepted project name as: helloworld
[input] Select a RichFaces skin [blueSky] ([blueSky], emeraldTown, ruby, classic, japanCherry,
wine, deepMarine, DEFAULT, plain)
[input] Is this project deployed as an EAR (with EJB components) or a WAR (with no EJB
support) [ear] ([ear], war, )
[input] Enter the Java package name for your session beans [com.mydomain.helloworld]
[com.mydomain.helloworld]

72

Setting up a new project

org.jboss.helloworld
[input] Enter the Java package name for your entity beans [org.jboss.helloworld]
[org.jboss.helloworld]
[input] Enter the Java package name for your test cases [org.jboss.helloworld.test]
[org.jboss.helloworld.test]
[input] What kind of database are you using? [h2] ([h2], hsql, mysql, oracle, postgres, mssql,
db2, sybase, enterprisedb)
mysql
[input] Enter the Hibernate dialect for your database [org.hibernate.dialect.MySQLDialect]
[org.hibernate.dialect.MySQLDialect]
[input] Enter the filesystem path to the JDBC driver jar [lib/hsqldb.jar] [lib/hsqldb.jar]
/Users/pmuir/java/mysql.jar
[input] Enter JDBC driver class for your database [com.mysql.jdbc.Driver]
[com.mysql.jdbc.Driver]
[input] Enter the JDBC URL for your database [jdbc:mysql:///test] [jdbc:mysql:///test]
jdbc:mysql:///helloworld
[input] Enter database username [sa] [sa]
pmuir
[input] Enter database password [] []
[input] skipping input as property hibernate.default_schema.new has already been set.
[input] Enter the database catalog name (it is OK to leave this blank) [] []
[input] Are you working with tables that already exist in the database? [n] (y, [n], )
y
[input] Do you want to drop and recreate the database tables and data in import.sql each time
you deploy? [n] (y, [n], )
n
[propertyfile] Creating new property file: /Users/pmuir/workspace/jboss-seam/seam-gen/
build.properties
[echo] Installing JDBC driver jar to JBoss server
[echo] Type 'seam create-project' to create the new project
BUILD SUCCESSFUL
Total time: 1 minute 32 seconds
~/workspace/jboss-seam $

The tool provides sensible defaults, which you can accept by just pressing enter at the prompt.

73

Chapter 2. Getting started wi...

The most important choice you need to make is between EAR deployment and WAR deployment
of your project. EAR projects support EJB 3.0 and require Java EE 5. WAR projects do not support
EJB 3.0, but may be deployed to a J2EE environment. The packaging of a WAR is also simpler to
understand. If you installed an EJB3-ready application server like JBoss, choose ear. Otherwise,
choose war. We'll assume that you've chosen an EAR deployment for the rest of the tutorial, but
you can follow exactly the same steps for a WAR deployment.
If you are working with an existing data model, make sure you tell seam-gen that the tables already
exist in the database.
The settings are stored in seam-gen/build.properties, but you can also modify them simply
by running seam setup a second time.
Now we can create a new project in our Eclipse workspace directory, by typing:

seam new-project

C:\Projects\jboss-seam>seam new-project
Buildfile: build.xml
...
new-project:
[echo] A new Seam project named 'helloworld' was created in the C:\Projects directory
[echo] Type 'seam explode' and go to http://localhost:8080/helloworld
[echo] Eclipse Users: Add the project into Eclipse using File > New > Project and select General
> Project (not Java Project)
[echo] NetBeans Users: Open the project in NetBeans
BUILD SUCCESSFUL
Total time: 7 seconds
C:\Projects\jboss-seam>

This copies the Seam jars, dependent jars and the JDBC driver jar to a new Eclipse project, and
generates all needed resources and configuration files, a facelets template file and stylesheet,
along with Eclipse metadata and an Ant build script. The Eclipse project will be automatically
deployed to an exploded directory structure in JBoss AS as soon as you add the project using
New -> Project... -> General -> Project -> Next, typing the Project name (helloworld
in this case), and then clicking Finish. Do not select Java Project from the New Project wizard.
If your default JDK in Eclipse is not a Java SE 6 JDK, you will need to select a Java SE 6 compliant
JDK using Project -> Properties -> Java Compiler.
Alternatively, you can deploy the project from outside Eclipse by typing seam explode.

74

Creating a new action

Go to http://localhost:8080/helloworld to see a welcome page. This is a facelets page,
view/home.xhtml, using the template view/layout/template.xhtml. You can edit this page,
or the template, in Eclipse, and see the results immediately, by clicking refresh in your browser.
Don't get scared by the XML configuration documents that were generated into the project
directory. They are mostly standard Java EE stuff, the stuff you need to create once and then
never look at again, and they are 90% the same between all Seam projects. (They are so easy
to write that even seam-gen can do it.)
The generated project includes three database and persistence configurations. The
persistence-test.xml and import-test.sql files are used when running the TestNG unit
tests against HSQLDB. The database schema and the test data in import-test.sql is always
exported to the database before running tests. The myproject-dev-ds.xml, persistencedev.xmland import-dev.sql files are for use when deploying the application to your
development database. The schema might be exported automatically at deployment, depending
upon whether you told seam-gen that you are working with an existing database. The myprojectprod-ds.xml, persistence-prod.xmland import-prod.sql files are for use when deploying the
application to your production database. The schema is not exported automatically at deployment.

2.3. Creating a new action
If you're used to traditional action-style web frameworks, you're probably wondering how you can
create a simple web page with a stateless action method in Java. If you type:

seam new-action

Seam will prompt for some information, and generate a new facelets page and Seam component
for your project.

C:\Projects\jboss-seam>seam new-action
Buildfile: build.xml
validate-workspace:
validate-project:
action-input:
[input] Enter the Seam component name
ping
[input] Enter the local interface name [Ping]
[input] Enter the bean class name [PingBean]
[input] Enter the action method name [ping]

75

Chapter 2. Getting started wi...

[input] Enter the page name [ping]

setup-filters:
new-action:
[echo] Creating a new stateless session bean component with an action method
[copy] Copying 1 file to C:\Projects\helloworld\src\hot\org\jboss\helloworld
[copy] Copying 1 file to C:\Projects\helloworld\src\hot\org\jboss\helloworld
[copy] Copying 1 file to C:\Projects\helloworld\src\hot\org\jboss\helloworld\test
[copy] Copying 1 file to C:\Projects\helloworld\src\hot\org\jboss\helloworld\test
[copy] Copying 1 file to C:\Projects\helloworld\view
[echo] Type 'seam restart' and go to http://localhost:8080/helloworld/ping.seam
BUILD SUCCESSFUL
Total time: 13 seconds
C:\Projects\jboss-seam>

Because we've added a new Seam component, we need to restart the exploded directory
deployment. You can do this by typing seam restart, or by running the restart target in the
generated project build.xml file from inside Eclipse. Another way to force a restart is to edit
the file resources/META-INF/application.xml in Eclipse. Note that you do not need to restart
JBoss each time you change the application.
Now go to http://localhost:8080/helloworld/ping.seam and click the button. You can see
the code behind this action by looking in the project src directory. Put a breakpoint in the ping()
method, and click the button again.
Finally, locate the PingTest.xml file in the test package and run the integration tests using the
TestNG plugin for Eclipse. Alternatively, run the tests using seam test or the test target of the
generated build.

2.4. Creating a form with an action
The next step is to create a form. Type:

seam new-form

C:\Projects\jboss-seam>seam new-form
Buildfile: C:\Projects\jboss-seam\seam-gen\build.xml
validate-workspace:

76

Generating an application from an existing database

validate-project:
action-input:
[input] Enter the Seam component name
hello
[input] Enter the local interface name [Hello]
[input] Enter the bean class name [HelloBean]
[input] Enter the action method name [hello]
[input] Enter the page name [hello]

setup-filters:
new-form:
[echo] Creating a new stateful session bean component with an action method
[copy] Copying 1 file to C:\Projects\hello\src\hot\com\hello
[copy] Copying 1 file to C:\Projects\hello\src\hot\com\hello
[copy] Copying 1 file to C:\Projects\hello\src\hot\com\hello\test
[copy] Copying 1 file to C:\Projects\hello\view
[copy] Copying 1 file to C:\Projects\hello\src\hot\com\hello\test
[echo] Type 'seam restart' and go to http://localhost:8080/hello/hello.seam
BUILD SUCCESSFUL
Total time: 5 seconds
C:\Projects\jboss-seam>

Restart the application again, and go to http://localhost:8080/helloworld/hello.seam.
Then take a look at the generated code. Run the test. Try adding some new fields to the form and
Seam component (remember to restart the deployment each time you change the Java code).

2.5. Generating an application from an existing
database
Manually create some tables in your database. (If you need to switch to a different database, just
run seam setup again.) Now type:

seam generate-entities

77

Chapter 2. Getting started wi...

Restart the deployment, and go to http://localhost:8080/helloworld. You can browse the
database, edit existing objects, and create new objects. If you look at the generated code, you'll
probably be amazed how simple it is! Seam was designed so that data access code is easy to
write by hand, even for people who don't want to cheat by using seam-gen.

2.6. Generating an application from existing JPA/EJB3
entities
Place your existing, valid entity classes inside the src/main. Now type

seam generate-ui

Restart the deployment, and go to http://localhost:8080/helloworld.

2.7. Deploying the application as an EAR
Finally, we want to be able to deploy the application using standard Java EE 5 packaging. First,
we need to remove the exploded directory by running seam unexplode. To deploy the EAR, we
can type seam deploy at the command prompt, or run the deploy target of the generated project
build script. You can undeploy using seam undeploy or the undeploy target.
By default, the application will be deployed with the dev profile. The EAR will include the
persistence-dev.xml and import-dev.sql files, and the myproject-dev-ds.xml file will be
deployed. You can change the profile, and use the prod profile, by typing

seam -Dprofile=prod deploy

You can even define new deployment profiles for your application. Just add appropriately
named files to your project—for example, persistence-staging.xml, import-staging.sql and
myproject-staging-ds.xml—and select the name of the profile using -Dprofile=staging.

2.8. Seam and incremental hot deployment
When you deploy your Seam application as an exploded directory, you'll get some support for
incremental hot deployment at development time. You need to enable debug mode in both Seam
and Facelets, by adding this line to components.xml:



Now, the following files may be redeployed without requiring a full restart of the web application:

78

Seam and incremental hot deployment

• any facelets page
• any pages.xml file
But if we want to change any Java code, we still need to do a full restart of the application.
(In JBoss this can be handled by configuring deployment scanner mode [https://docs.jboss.org/
author/display/AS7/Deployment+Scanner+configuration] - more details how to do that are in
$JBOSS_HOME/standalone/deployments/README.txt

But if you really want a fast edit/compile/test cycle, Seam supports incremental redeployment
of JavaBean components. To make use of this functionality, you must deploy the JavaBean
components into the WEB-INF/dev directory, so that they will be loaded by a special Seam
classloader, instead of by the WAR or EAR classloader.
You need to be aware of the following limitations:

• the components must be JavaBean components, they cannot be EJB3 beans (we are working
on fixing this limitation)
• entities can never be hot-deployed
• components deployed via components.xml may not be hot-deployed
• the hot-deployable components will not be visible to any classes deployed outside of WEB-INF/
dev

• Seam debug mode must be enabled and jboss-seam-debug.jar must be in WEB-INF/lib
• You must have the Seam filter installed in web.xml
• You may see errors if the system is placed under any load and debug is enabled.
If you create a WAR project using seam-gen, incremental hot deployment is available out of the
box for classes in the src/hot source directory. However, seam-gen does not support incremental
hot deployment for EAR projects.

79

80

Chapter 3.

Getting started with Seam, using
JBoss Tools
JBoss Tools is a collection of Eclipse plugins. JBoss Tools a project creation wizard for Seam,
Content Assist for the Unified Expression Language (EL) in both facelets and Java code, a
graphical editor for Seam configuration files, support for running Seam integration tests from within
Eclipse, and much more.
In short, if you are an Eclipse user, then you'll want JBoss Tools!
Please read the latest JBoss Tools documentation at http://docs.jboss.org/tools/latest/en/
seam_tools_ref_guide/html/index.html.
JBoss Tools, as with seam-gen, works best with JBoss AS, but it's possible with a few tweaks to
get your app running on other application servers. The changes are much like those described
for seam-gen later in this reference manual.

3.1. Before you start
Make sure you have JDK 6, JBoss AS 7.1.1.Final, Eclipse 3.7, the JBoss Tools plugins (at least
Seam Tools, the Visual Page Editor and JBoss AS Tools) and the JUnit plugin for Eclipse correctly
installed before starting.
Please see the official JBoss Tools Getting started [http://docs.jboss.org/tools/latest/en/
GettingStartedGuide/html_single/index.html] page for the quickest way to get JBoss Tools setup
in Eclipse.

81

82

Chapter 4.

Migration from 2.2 to 2.3
Before you get started with Seam 2.3, there are a few things you should be aware of. This process
should not be too painful - if you get stuck, just refer back to the updated Seam examples in Seam
distribution.
This migration guide assumes you are using Seam 2.2, if you are migrating from Seam 1.2 or
2.0, see the jboss-seam-x.y.z.Final/seam2migration.txt and jboss-seam-x.y.z.Final/
seam21migration.txt guide as well.

4.1. Migration of XML Schemas
4.1.1. Seam schema migration
XML schemas for validation Files that use the Seam 2.2 XSDs should be updated to refer to the
2.3 XSDs, notice the version change. Current namespace pattern is www.jboss.org/schema/
seam/* and schemaLocation URL was changed to www.jboss.org/schema/seam/*_-2.3.xsd,

where * is Seam module.
Following snippet is an example of component declaration for 2.2 version:

Example 4.1. Before migration of Seam components.xml




83

Chapter 4. Migration from 2.2...

And finally migrated declaration of components.xml for 2.3 version:

Example 4.2. Migrated components.xml




Next remainning migration step is pages.xml file(s) as well as other files only requires that the
schemas be upgraded.

Example 4.3. Before migration of Seam pages.xml



...


Example 4.4. After migration of Seam pages.xml



...


4.1.2. Java EE 6 schema changes
Seam 2.3 technology upgrade includes also Java EE 6 upgrade so you need to update the
following descriptors

• persistence.xml for using JPA 2
• web.xml for using Servlet 3.0 and Web application
• application.xml for using Enterprise Java 6 application
• faces-config.xml if you need to specify some advanced configuration for JSF 2 (this desciptor
file is not mandatory, you don't have to use/include it in your application)
Examples of changed headers with correct versions are the following:

Example 4.5. persistence.xml



Example 4.6. application.xml



Example 4.7. web.xml



Example 4.8. faces-config.xml




4.2. Java EE 6 upgrade
Seam 2.3 can integrate with the major upgrades in Java EE (from 5 to 6). You can use persistence
with JPA 2, EJB 3.1 and Bean Validation. Almost all EE 6 technology upgrade requires to change
XML schema declaration. See Section 4.1.2, “Java EE 6 schema changes”

4.2.1. Using Bean Validation standard instead of Hibernate
Validator
Bean Validation is a standard included in Java EE 6 as new technology. Seam already uses for
validation Hibernate Validator which is a reference implementation.
You need to migrate from using of org.hibernate.validator.* Hibernate validator annotations
to javax.validation.constraint.* equivalent for instance Seam examples used a lot of
the following annotations and you can use this list as a helper (Using Bean Validation [http://
docs.oracle.com/javaee/6/tutorial/doc/gircz.html]):
• org.hibernate.validator.Length to javax.validation.constraint.Size,
• org.hibernate.validator.NotNull to javax.validation.constraint.NotNull,
• org.hibernate.validator.Pattern to javax.validation.constraint.Pattern.

4.2.2. Migration of JSF 1 to JSF 2 Facelets templates
Configuration file faces-config.xml is not required to be in your application, so for simple using
of JSF 2 you need to migrate only web.xml. If you anyway would like to have it, change the XML
schema declaration as is described in Example 4.8, “faces-config.xml”.
All your application JSF templates should use only facelets technology as JSP is deprecated.

86

Migration to JPA 2.0

In facelet templates there are required to convert / tags to >/
respectively.
Depending on what JSF components that you use like Richfaces or Icefaces, there has to be some
differences when upgrading from JSF 1.x to JSF 2.x. You may need to upgrade libraries entirely.
Consult any component framework documentation on those changes. This migration doesn't cover
these migration steps.

4.2.3. Migration to JPA 2.0
Using JPA 2 requires to change version to 2.0 in persistence.xml, see Example 4.5,
“persistence.xml” file and version in application.xml should be 6 if you are using EAR - see
Example 4.6, “application.xml” or version in web.xml file change to 3.0 if you use only WAR - look
at Example 4.7, “web.xml”.
What is important for developers, most application can use just WAR with EJB 3.1 and doesn't
have to package application as EAR.
JPA 2.0 is backward compatible with JPA 1.0, so you don't have to migrate any JPA annotation
or classes. JPA 2.0 is more like enhancement to JPA 1.0.

4.2.4. Using compatible JNDI for resources
Java EE 6 brings new standardized global rules for creating portable JNDI syntax. So you
have to change all JNDI strings from _your_application_/#{ejbName}/local to java:app/
_application-module-name_/#{ejbName} like for instance in WEB-INF/components.xml
change of jndiPattern from:

seam-mail/#{ejbName}/local

to

java:app/seam-mail-ejb/#{ejbName}

4.3. JBoss AS 7.1 deployment
4.3.1. Deployment changes
Next level is migration of your target runtime. Seam 2.3 uses JBoss AS 7 as default target runtime.
If you are using for development or testing default datasource in JBoss AS 7.1, you need to
change datasource JNDI in your persistence.xml from java:/DefaultDS to java:jboss/
datasources/ExampleDS.

87

Chapter 4. Migration from 2.2...

JBoss AS 7 has got refactored classloading model. Classloading of bundled or provided libraries
can be managed in jboss-deployment-structure.xml or in META-INF/MANIFEST.MF file in
section Dependencies. This migration documentation prefers using of jboss-deploymentstructure.xml file, which should be placed in META-INF directory of your WAR or EAR application
according to your application type.
For full EAR projects, the jboss-deployment-structure.xml will be located in the _your_ear_/
META-INF directory.
For Web (non-ear) projects, the jboss-deployment-structure.xml will be located in the
_your_war_/WEB-INF directory.
Minimal content for Seam 2.3 based application is:






 




More details are described in JBoss AS 7 documentation [https://docs.jboss.org/author/display/
AS7/Class+Loading+in+AS7].

4.3.2. Datasource migration
You can also include now any database descriptor (*-ds.xml) files into your project in the METAINF directory, and the data source will be deployed automatically when deployed to a JBoss AS
7.1 Application Server. The structure of the file though has changed. Before the datasource file
was a simple xml based file, but now is an IronJacamar [https://www.jboss.org/ironjacamar] based
file. Iron-Jacamar is the JBoss' JCA (Java Connector Architecture) project. Below on Example 4.9,
“Sample Seam 2.2 Datasource Descriptor File” is the former datasource for JBoss AS 4/5, and
Example 4.10, “Ironjacamar Datasource Descriptor File” shows the conversion to IronJacamar
using the same driver, url, and credentials.

Example 4.9. Sample Seam 2.2 Datasource Descriptor File





seamdiscsDatasource
jdbc:hsqldb:.
org.hsqldb.jdbcDriver
sa




Example 4.10. Ironjacamar Datasource Descriptor File




jdbc:hsqldb:.
org.hsqldb.jdbcDriver

sa





4.4. Changes in testing framework
SeamTest and JBoss Embedded are legacy components and have many limitations and we
doesn't support it like we did in Seam 2.2.
We now bring Arquillian as the replacement of JBoss Embedded and you should
extend org.jboss.seam.mock.JUnitSeamTest instead of org.jboss.seam.mock.SeamTest,
DBUnit testing is provided by org.jboss.seam.mock.DBJUnitSeamTest instead of
org.jboss.seam.mock.DBUnitSeamTest. Due assertion issues with TestNG framework and
Arquillian, we use JUnit as preferred test framework. Migration to Junit and Arquillian goes in the
following steps:

1. Add

89

Chapter 4. Migration from 2.2...

@RunWith(Arquillian.class)

annotation to your test class.
2. Your

test

class

should

extend

org.jboss.seam.mock.JUnitSeamTest

instead

of

org.jboss.seam.mock.SeamTest.

3. Add a method like

@Deployment(name="_your_test_name_")
@OverProtocol("Servlet 3.0")
public static org.jboss.shrinkwrap.api.Archive createDeployment(){}

for creating test deployment archive. The following example is taken from Registration example
testsuite. It imports the .ear archive buit with "mvn package", adds the test class to the
deployment and replaces the WEB-INF/web.xml file with a SeamTest-specific version.

@Deployment(name="RegisterTest")
@OverProtocol("Servlet 3.0")
public static Archive createDeployment()
{
EnterpriseArchive
er
=
ShrinkWrap.create(ZipImporter.class,
"seamregistration.ear").importFrom(new File("../registration-ear/target/seam-registration.ear"))
.as(EnterpriseArchive.class);
WebArchive web = er.getAsType(WebArchive.class, "registration-web.war");
web.addClasses(RegisterTest.class);
// Install org.jboss.seam.mock.MockSeamListener
web.delete("/WEB-INF/web.xml");
web.addAsWebInfResource("web.xml");
return er;
}

4. Create a SeamTest-specific web.xml contaning the org.jboss.seam.mock.MockSeamListener,
instead of the usual org.jboss.seam.servlet.SeamListener.




org.jboss.seam.mock.MockSeamListener



5. Add arquillian.xml file into root of your classpath for running Arquillian test(s). The file
content should specify path to remote or managed container and some specific options for
JVM or Arquillian. The example of arquillian file is at jboss-seam-x.y.z.Final/examples/
booking/booking-tests/src/test/resources-integration/arquillian.xml:




target/



-Xmx1024m -XX:MaxPermSize=512m
target/jboss-as-7.1.1.Final




More details in Seam reference documentation guide in Section 38.2, “Integration testing Seam
components”.

4.5. Dependency changes with using Maven
The "provided" platform is now JBoss AS 7.1.x as is written above, therefore all Java EE
dependencies included in AS 7 are now marked as provided.

4.5.1. Seam Bill of Materials
A Bill of materials is a set of dependeny elements in  section that can
be used to import into your application maven build and be able to declare which dependencies

91

Chapter 4. Migration from 2.2...

and their versions that you wish to use in your application. The nice thing about the Seam BOM
is that the dependencies and their versions are there recommended dependencies that would
work well with Seam 2.3. The usage of Seam BOM is shown in Example 4.11, “Seam BOM
usage”. The Seam BOM is deployed in JBoss Maven repository [https://repository.jboss.org/
nexus/index.html#nexus-search;gav~org.jboss.seam~bom~~~].

Example 4.11. Seam BOM usage




org.jboss.seam
bom
2.3.1.Final
pom
import

...




org.jboss.seam
jboss-seam
ejb

...


92

Chapter 5.

The contextual component model
The two core concepts in Seam are the notion of a context and the notion of a component.
Components are stateful objects, usually EJBs, and an instance of a component is associated
with a context, and given a name in that context. Bijection provides a mechanism for aliasing
internal component names (instance variables) to contextual names, allowing component trees to
be dynamically assembled, and reassembled by Seam.
Let's start by describing the contexts built in to Seam.

5.1. Seam contexts
Seam contexts are created and destroyed by the framework. The application does not control
context demarcation via explicit Java API calls. Context are usually implicit. In some cases,
however, contexts are demarcated via annotations.
The basic Seam contexts are:
• Stateless context
• Event (i.e., request) context
• Page context
• Conversation context
• Session context
• Business process context
• Application context
You will recognize some of these contexts from servlet and related specifications. However, two of
them might be new to you: conversation context, and business process context. One reason state
management in web applications is so fragile and error-prone is that the three built-in contexts
(request, session and application) are not especially meaningful from the point of view of the
business logic. A user login session, for example, is a fairly arbitrary construct in terms of the
actual application work flow. Therefore, most Seam components are scoped to the conversation
or business process contexts, since they are the contexts which are most meaningful in terms
of the application.
Let's look at each context in turn.

5.1.1. Stateless context
Components which are truly stateless (stateless session beans, primarily) always live in the
stateless context (which is basically the absence of a context since the instance Seam resolves
is not stored). Stateless components are not very interesting, and are arguably not very object-

93

Chapter 5. The contextual com...

oriented. Nevertheless, they do get developed and used and are thus an important part of any
Seam application.

5.1.2. Event context
The event context is the "narrowest" stateful context, and is a generalization of the notion of the
web request context to cover other kinds of events. Nevertheless, the event context associated
with the lifecycle of a JSF request is the most important example of an event context, and the
one you will work with most often. Components associated with the event context are destroyed
at the end of the request, but their state is available and well-defined for at least the lifecycle of
the request.
When you invoke a Seam component via RMI, or Seam Remoting, the event context is created
and destroyed just for the invocation.

5.1.3. Page context
The page context allows you to associate state with a particular instance of a rendered page.
You can initialize state in your event listener, or while actually rendering the page, and then have
access to it from any event that originates from that page. This is especially useful for functionality
like clickable lists, where the list is backed by changing data on the server side. The state is
actually serialized to the client, so this construct is extremely robust with respect to multi-window
operation and the back button.

5.1.4. Conversation context
The conversation context is a truly central concept in Seam. A conversation is a unit of work from
the point of view of the user. It might span several interactions with the user, several requests,
and several database transactions. But to the user, a conversation solves a single problem. For
example, "book hotel", "approve contract", "create order" are all conversations. You might like to
think of a conversation implementing a single "use case" or "user story", but the relationship is
not necessarily quite exact.
A conversation holds state associated with "what the user is doing now, in this window". A single
user may have multiple conversations in progress at any point in time, usually in multiple windows.
The conversation context allows us to ensure that state from the different conversations does not
collide and cause bugs.
It might take you some time to get used to thinking of applications in terms of conversations. But
once you get used to it, we think you'll love the notion, and never be able to not think in terms
of conversations again!
Some conversations last for just a single request. Conversations that span multiple requests must
be demarcated using annotations provided by Seam.
Some conversations are also tasks. A task is a conversation that is significant in terms of a longrunning business process, and has the potential to trigger a business process state transition when
it is successfully completed. Seam provides a special set of annotations for task demarcation.

94

Session context

Conversations may be nested, with one conversation taking place "inside" a wider conversation.
This is an advanced feature.
Usually, conversation state is actually held by Seam in the servlet session between
requests. Seam implements configurable conversation timeout, automatically destroying inactive
conversations, and thus ensuring that the state held by a single user login session does not grow
without bound if the user abandons conversations.
Seam serializes processing of concurrent requests that take place in the same long-running
conversation context, in the same process.
Alternatively, Seam may be configured to keep conversational state in the client browser.

5.1.5. Session context
A session context holds state associated with the user login session. While there are some cases
where it is useful to share state between several conversations, we generally frown on the use of
session context for holding components other than global information about the logged in user.
In a JSR-168 portal environment, the session context represents the portlet session.

5.1.6. Business process context
The business process context holds state associated with the long running business process. This
state is managed and made persistent by the BPM engine (JBoss jBPM). The business process
spans multiple interactions with multiple users, so this state is shared between multiple users, but
in a well-defined manner. The current task determines the current business process instance, and
the lifecycle of the business process is defined externally using a process definition language, so
there are no special annotations for business process demarcation.

5.1.7. Application context
The application context is the familiar servlet context from the servlet spec. Application context
is mainly useful for holding static information such as configuration data, reference data or
metamodels. For example, Seam stores its own configuration and metamodel in the application
context.

5.1.8. Context variables
A context defines a namespace, a set of context variables. These work much the same as session
or request attributes in the servlet spec. You may bind any value you like to a context variable,
but usually we bind Seam component instances to context variables.
So, within a context, a component instance is identified by the context variable name (this is
usually, but not always, the same as the component name). You may programmatically access a
named component instance in a particular scope via the Contexts class, which provides access
to several thread-bound instances of the Context interface:

95

Chapter 5. The contextual com...

User user = (User) Contexts.getSessionContext().get("user");

You may also set or change the value associated with a name:

Contexts.getSessionContext().set("user", user);

Usually, however, we obtain components from a context via injection, and put component
instances into a context via outjection.

5.1.9. Context search priority
Sometimes, as above, component instances are obtained from a particular known scope. Other
times, all stateful scopes are searched, in priority order. The order is as follows:

• Event context
• Page context
• Conversation context
• Session context
• Business process context
• Application context
You can perform a priority search by calling Contexts.lookupInStatefulContexts().
Whenever you access a component by name from a JSF page, a priority search occurs.

5.1.10. Concurrency model
Neither the servlet nor EJB specifications define any facilities for managing concurrent requests
originating from the same client. The servlet container simply lets all threads run concurrently
and leaves enforcing thread safeness to application code. The EJB container allows stateless
components to be accessed concurrently, and throws an exception if multiple threads access a
stateful session bean.
This behavior might have been okay in old-style web applications which were based around finegrained, synchronous requests. But for modern applications which make heavy use of many finegrained, asynchronous (AJAX) requests, concurrency is a fact of life, and must be supported by
the programming model. Seam weaves a concurrency management layer into its context model.
The Seam session and application contexts are multithreaded. Seam will allow concurrent
requests in a context to be processed concurrently. The event and page contexts are by nature

96

Seam components

single threaded. The business process context is strictly speaking multi-threaded, but in practice
concurrency is sufficiently rare that this fact may be disregarded most of the time. Finally, Seam
enforces a single thread per conversation per process model for the conversation context by
serializing concurrent requests in the same long-running conversation context.
Since the session context is multithreaded, and often contains volatile state, session scope
components are always protected by Seam from concurrent access so long as the Seam
interceptors are not disabled for that component. If interceptors are disabled, then any threadsafety that is required must be implemented by the component itself. Seam serializes requests to
session scope JavaBeans by default (and detects and breaks any deadlocks that occur). This is
not the default behaviour for application scoped components however, since application scoped
components do not usually hold volatile state and because synchronization at the global level
is extremely expensive. However, you can force a serialized threading model on any JavaBean
component by adding the @Synchronized annotation.

Note
Seam 2.3 removed the serialization of Stateful session beans by Seam
synchronization interceptor because stateful session beans are serialized by EJB
3.1 container by default .

This concurrency model means that AJAX clients can safely use volatile session and
conversational state, without the need for any special work on the part of the developer.

Warning
Be warned that Statefull session Beans are not serialized by Seam anymore.
Serialization of Statefull session beans are controlled by EJB container, so there
is no need for Seam to duplicate that. So @Synchronized annotation is ignored
on Statefull session beans.

5.2. Seam components
Seam components are POJOs (Plain Old Java Objects). In particular, they are JavaBeans or
EJB 3.0 enterprise beans. While Seam does not require that components be EJBs and can even
be used without an EJB 3.0 compliant container, Seam was designed with EJB 3.0 in mind and
includes deep integration with EJB 3.0. Seam supports the following component types.

• EJB 3.0 stateless session beans
• EJB 3.0 stateful session beans
• EJB 3.0 entity beans (i.e., JPA entity classes)

97

Chapter 5. The contextual com...

• JavaBeans
• EJB 3.0 message-driven beans
• Spring beans (see Chapter 28, Spring Framework integration)

5.2.1. Stateless session beans
Stateless session bean components are not able to hold state across multiple invocations.
Therefore, they usually work by operating upon the state of other components in the various
Seam contexts. They may be used as JSF action listeners, but cannot provide properties to JSF
components for display.
Stateless session beans always live in the stateless context.
Stateless session beans can be accessed concurrently as a new instance is used for each
request. Assigning the instance to the request is the responsibility of the EJB3 container (normally
instances will be allocated from a reusable pool meaning that you may find any instance variables
contain data from previous uses of the bean).
Stateless session beans are the least interesting kind of Seam component.
Seam stateless session bean components may be instantiated using Component.getInstance()
or @In(create=true). They should not be directly instantiated via JNDI lookup or the new
operator.

5.2.2. Stateful session beans
Stateful session bean components are able to hold state not only across multiple invocations of
the bean, but also across multiple requests. Application state that does not belong in the database
should usually be held by stateful session beans. This is a major difference between Seam
and many other web application frameworks. Instead of sticking information about the current
conversation directly in the HttpSession, you should keep it in instance variables of a stateful
session bean that is bound to the conversation context. This allows Seam to manage the lifecycle
of this state for you, and ensure that there are no collisions between state relating to different
concurrent conversations.
Stateful session beans are often used as JSF action listener, and as backing beans that provide
properties to JSF components for display or form submission.
By default, stateful session beans are bound to the conversation context. They may never be
bound to the page or stateless contexts.
Concurrent requests to session-scoped stateful session beans are not serialized by Seam as long
as EJB 3.1 has changed that. This is a difference in comparison to previous Seam 2.2.x.
Seam stateful session bean components may be instantiated using Component.getInstance()
or @In(create=true). They should not be directly instantiated via JNDI lookup or the new
operator.

98

Entity beans

5.2.3. Entity beans
Entity beans may be bound to a context variable and function as a seam component. Because
entities have a persistent identity in addition to their contextual identity, entity instances are usually
bound explicitly in Java code, rather than being instantiated implicitly by Seam.
Entity bean components do not support bijection or context demarcation. Nor does invocation of
an entity bean trigger validation.
Entity beans are not usually used as JSF action listeners, but do often function as backing beans
that provide properties to JSF components for display or form submission. In particular, it is
common to use an entity as a backing bean, together with a stateless session bean action listener
to implement create/update/delete type functionality.
By default, entity beans are bound to the conversation context. They may never be bound to the
stateless context.
Note that it in a clustered environment is somewhat less efficient to bind an entity bean directly to
a conversation or session scoped Seam context variable than it would be to hold a reference to
the entity bean in a stateful session bean. For this reason, not all Seam applications define entity
beans to be Seam components.
Seam entity bean components may be instantiated using Component.getInstance(),
@In(create=true) or directly using the new operator.

5.2.4. JavaBeans
JavaBeans may be used just like a stateless or stateful session bean. However, they do not
provide the functionality of a session bean (declarative transaction demarcation, declarative
security, efficient clustered state replication, EJB 3.0 persistence, timeout methods, etc).
In a later chapter, we show you how to use Seam and Hibernate without an EJB container. In
this use case, components are JavaBeans instead of session beans. Note, however, that in many
application servers it is somewhat less efficient to cluster conversation or session scoped Seam
JavaBean components than it is to cluster stateful session bean components.
By default, JavaBeans are bound to the event context.
Concurrent requests to session-scoped JavaBeans are always serialized by Seam.
Seam JavaBean components may be instantiated using Component.getInstance() or
@In(create=true). They should not be directly instantiated using the new operator.

5.2.5. Message-driven beans
Message-driven beans may function as a seam component. However, message-driven beans
are called quite differently to other Seam components - instead of invoking them via the context
variable, they listen for messages sent to a JMS queue or topic.

99

Chapter 5. The contextual com...

Message-driven beans may not be bound to a Seam context. Nor do they have access to the
session or conversation state of their "caller". However, they do support bijection and some other
Seam functionality.
Message-driven beans are never instantiated by the application. They are instantiated by the EJB
container when a message is received.

5.2.6. Interception
In order to perform its magic (bijection, context demarcation, validation, etc), Seam must intercept
component invocations. For JavaBeans, Seam is in full control of instantiation of the component,
and no special configuration is needed. For entity beans, interception is not required since bijection
and context demarcation are not defined. For session beans, we must register an EJB interceptor
for the session bean component. We could use an annotation, as follows:

@Stateless
@Interceptors(SeamInterceptor.class)
public class LoginAction implements Login {
...
}

But a much better way is to define the interceptor in ejb-jar.xml.



org.jboss.seam.ejb.SeamInterceptor




*
org.jboss.seam.ejb.SeamInterceptor



5.2.7. Component names
All seam components need a name. We can assign a name to a component using the @Name
annotation:

@Name("loginAction")

100

Component names

@Stateless
public class LoginAction implements Login {
...
}

This name is the seam component name and is not related to any other name defined by the EJB
specification. However, seam component names work just like JSF managed bean names and
you can think of the two concepts as identical.
@Name is not the only way to define a component name, but we always need to specify the name

somewhere. If we don't, then none of the other Seam annotations will function.
Whenever Seam instantiates a component, it binds the new instance to a variable in the scope
configured for the component that matches the component name. This behavior is identical to
how JSF managed beans work, except that Seam allows you to configure this mapping using
annotations rather than XML. You can also programmatically bind a component to a context
variable. This is useful if a particular component serves more than one role in the system. For
example, the currently logged in User might be bound to the currentUser session context
variable, while a User that is the subject of some administration functionality might be bound
to the user conversation context variable. Be careful, though, because through a programmatic
assignment, it's possible to overwrite a context variable that has a reference to a Seam component,
potentially confusing matters.
For very large applications, and for built-in seam components, qualified component names are
often used to avoid naming conflicts.

@Name("com.jboss.myapp.loginAction")
@Stateless
public class LoginAction implements Login {
...
}

We may use the qualified component name both in Java code and in JSF's expression language:



Since this is noisy, Seam also provides a means of aliasing a qualified name to a simple name.
Add a line like this to the components.xml file:



101

Chapter 5. The contextual com...

All of the built-in Seam components have qualified names but can be accessed through their
unqualified names due to the namespace import feature of Seam. The components.xml file
included in the Seam JAR defines the following namespaces.


org.jboss.seam.core
org.jboss.seam.cache
org.jboss.seam.transaction
org.jboss.seam.framework
org.jboss.seam.web
org.jboss.seam.faces
org.jboss.seam.international
org.jboss.seam.theme
org.jboss.seam.pageflow
org.jboss.seam.bpm
org.jboss.seam.jms
org.jboss.seam.mail
org.jboss.seam.security
org.jboss.seam.security.management
org.jboss.seam.security.permission
org.jboss.seam.captcha
org.jboss.seam.excel.exporter



When attempting to resolve an unqualified name, Seam will check each of those namespaces,
in order. You can include additional namespaces in your application's components.xml file for
application-specific namespaces.

5.2.8. Defining the component scope
We can override the default scope (context) of a component using the @Scope annotation. This
lets us define what context a component instance is bound to, when it is instantiated by Seam.

@Name("user")
@Entity
@Scope(SESSION)
public class User {
...
}

102

Components with multiple roles

org.jboss.seam.ScopeType defines an enumeration of possible scopes.

5.2.9. Components with multiple roles
Some Seam component classes can fulfill more than one role in the system. For example, we
often have a User class which is usually used as a session-scoped component representing the
current user but is used in user administration screens as a conversation-scoped component. The
@Role annotation lets us define an additional named role for a component, with a different scope
— it lets us bind the same component class to different context variables. (Any Seam component
instance may be bound to multiple context variables, but this lets us do it at the class level, and
take advantage of auto-instantiation.)

@Name("user")
@Entity
@Scope(CONVERSATION)
@Role(name="currentUser", scope=SESSION)
public class User {
...
}

The @Roles annotation lets us specify as many additional roles as we like.

@Name("user")
@Entity
@Scope(CONVERSATION)
@Roles({@Role(name="currentUser", scope=SESSION),
@Role(name="tempUser", scope=EVENT)})
public class User {
...
}

5.2.10. Built-in components
Like many good frameworks, Seam eats its own dogfood and is implemented mostly as a set of
built-in Seam interceptors (see later) and Seam components. This makes it easy for applications
to interact with built-in components at runtime or even customize the basic functionality of Seam
by replacing the built-in components with custom implementations. The built-in components are
defined in the Seam namespace org.jboss.seam.core and the Java package of the same name.
The built-in components may be injected, just like any Seam components, but they also provide
convenient static instance() methods:

103

Chapter 5. The contextual com...

FacesMessages.instance().add("Welcome back, #{user.name}!");

5.3. Bijection
Dependency injection or inversion of control is by now a familiar concept to most Java developers.
Dependency injection allows a component to obtain a reference to another component by
having the container "inject" the other component to a setter method or instance variable. In all
dependency injection implementations that we have seen, injection occurs when the component
is constructed, and the reference does not subsequently change for the lifetime of the component
instance. For stateless components, this is reasonable. From the point of view of a client, all
instances of a particular stateless component are interchangeable. On the other hand, Seam
emphasizes the use of stateful components. So traditional dependency injection is no longer a
very useful construct. Seam introduces the notion of bijection as a generalization of injection. In
contrast to injection, bijection is:
• contextual - bijection is used to assemble stateful components from various different contexts (a
component from a "wider" context may even have a reference to a component from a "narrower"
context)
• bidirectional - values are injected from context variables into attributes of the component being
invoked, and also outjected from the component attributes back out to the context, allowing the
component being invoked to manipulate the values of contextual variables simply by setting its
own instance variables
• dynamic - since the value of contextual variables changes over time, and since Seam
components are stateful, bijection takes place every time a component is invoked
In essence, bijection lets you alias a context variable to a component instance variable, by
specifying that the value of the instance variable is injected, outjected, or both. Of course, we use
annotations to enable bijection.
The @In annotation specifies that a value should be injected, either into an instance variable:

@Name("loginAction")
@Stateless
public class LoginAction implements Login {
@In User user;
...
}

or into a setter method:

@Name("loginAction")

104

Bijection

@Stateless
public class LoginAction implements Login {
User user;
@In
public void setUser(User user) {
this.user=user;
}
...
}

By default, Seam will do a priority search of all contexts, using the name of the property or instance
variable that is being injected. You may wish to specify the context variable name explicitly, using,
for example, @In("currentUser").
If you want Seam to create an instance of the component when there is no existing component
instance bound to the named context variable, you should specify @In(create=true). If the value
is optional (it can be null), specify @In(required=false).
For some components, it can be repetitive to have to specify @In(create=true) everywhere they
are used. In such cases, you can annotate the component @AutoCreate, and then it will always
be created, whenever needed, even without the explicit use of create=true.
You can even inject the value of an expression:

@Name("loginAction")
@Stateless
public class LoginAction implements Login {
@In("#{user.username}") String username;
...
}

Injected values are disinjected (i.e., set to null) immediately after method completion and
outjection.
(There is much more information about component lifecycle and injection in the next chapter.)
The @Out annotation specifies that an attribute should be outjected, either from an instance
variable:

@Name("loginAction")
@Stateless
public class LoginAction implements Login {

105

Chapter 5. The contextual com...

@Out User user;
...
}

or from a getter method:

@Name("loginAction")
@Stateless
public class LoginAction implements Login {
User user;
@Out
public User getUser() {
return user;
}
...
}

An attribute may be both injected and outjected:

@Name("loginAction")
@Stateless
public class LoginAction implements Login {
@In @Out User user;
...
}

or:

@Name("loginAction")
@Stateless
public class LoginAction implements Login {
User user;
@In
public void setUser(User user) {
this.user=user;
}

106

Lifecycle methods

@Out
public User getUser() {
return user;
}
...
}

5.4. Lifecycle methods
Session bean and entity bean Seam components support all the usual EJB 3.0 lifecycle
callback (@PostConstruct, @PreDestroy, etc). But Seam also supports the use of any of these
callbacks with JavaBean components. However, since these annotations are not available in
a J2EE environment, Seam defines two additional component lifecycle callbacks, equivalent to
@PostConstruct and @PreDestroy.
The @Create method is called after Seam instantiates a component. Components may define only
one @Create method.
The @Destroy method is called when the context that the Seam component is bound to ends.
Components may define only one @Destroy method.
In addition, stateful session bean components must define a method with no parameters annotated
@Remove. This method is called by Seam when the context ends.
Finally, a related annotation is the @Startup annotation, which may be applied to any application
or session scoped component. The @Startup annotation tells Seam to instantiate the component
immediately, when the context begins, instead of waiting until it is first referenced by a
client. It is possible to control the order of instantiation of startup components by specifying
@Startup(depends={....}).

5.5. Conditional installation
The @Install annotation lets you control conditional installation of components that are required
in some deployment scenarios and not in others. This is useful if:
• You want to mock out some infrastructural component in tests.
• You want change the implementation of a component in certain deployment scenarios.
• You want to install some components only if their dependencies are available (useful for
framework authors).
@Install works by letting you specify precedence and dependencies.

The precedence of a component is a number that Seam uses to decide which component to
install when there are multiple classes with the same component name in the classpath. Seam

107

Chapter 5. The contextual com...

will choose the component with the higher precedence. There are some predefined precedence
values (in ascending order):

1. BUILT_IN — the lowest precedence components are the components built in to Seam.
2. FRAMEWORK — components defined by third-party frameworks may override built-in
components, but are overridden by application components.
3. APPLICATION — the default precedence. This is appropriate for most application components.
4. DEPLOYMENT — for application components which are deployment-specific.
5. MOCK — for mock objects used in testing.
Suppose we have a component named messageSender that talks to a JMS queue.

@Name("messageSender")
public class MessageSender {
public void sendMessage() {
//do something with JMS
}
}

In our unit tests, we don't have a JMS queue available, so we would like to stub out this method.
We'll create a mock component that exists in the classpath when unit tests are running, but is
never deployed with the application:

@Name("messageSender")
@Install(precedence=MOCK)
public class MockMessageSender extends MessageSender {
public void sendMessage() {
//do nothing!
}
}

The precedence helps Seam decide which version to use when it finds both components in the
classpath.
This is nice if we are able to control exactly which classes are in the classpath. But if I'm writing
a reusable framework with many dependencies, I don't want to have to break that framework
across many jars. I want to be able to decide which components to install depending upon
what other components are installed, and upon what classes are available in the classpath. The
@Install annotation also controls this functionality. Seam uses this mechanism internally to

108

Logging

enable conditional installation of many of the built-in components. However, you probably won't
need to use it in your application.

5.6. Logging
Who is not totally fed up with seeing noisy code like this?

private static final Log log = LogFactory.getLog(CreateOrderAction.class);
public Order createOrder(User user, Product product, int quantity) {
if ( log.isDebugEnabled() ) {
log.debug("Creating new order for user: " + user.username() +
" product: " + product.name()
+ " quantity: " + quantity);
}
return new Order(user, product, quantity);
}

It is difficult to imagine how the code for a simple log message could possibly be more verbose.
There is more lines of code tied up in logging than in the actual business logic! I remain totally
astonished that the Java community has not come up with anything better in 10 years.
Seam provides a logging API that simplifies this code significantly:

@Logger private Log log;
public Order createOrder(User user, Product product, int quantity) {
log.debug("Creating new order for user: #0
#2", user.username(), product.name(), quantity);
return new Order(user, product, quantity);
}

product:

#1

quantity:

It doesn't matter if you declare the log variable static or not — it will work either way, except for
entity bean components which require the log variable to be static.
Note that we don't need the noisy if ( log.isDebugEnabled() ) guard, since string
concatenation happens inside the debug() method. Note also that we don't usually need to specify
the log category explicitly, since Seam knows what component it is injecting the Log into.
If User and Product are Seam components available in the current contexts, it gets even better:

@Logger private Log log;

109

Chapter 5. The contextual com...

public Order createOrder(User user, Product product, int quantity) {
log.debug("Creating new order for user: #{user.username} product: #{product.name} quantity:
#0", quantity);
return new Order(user, product, quantity);
}

Seam logging automagically chooses whether to send output to log4j or JDK logging. If log4j is in
the classpath, Seam with use it. If it is not, Seam will use JDK logging.

5.7. The Mutable interface and @ReadOnly
Many application servers feature an amazingly broken implementation of HttpSession clustering,
where changes to the state of mutable objects bound to the session are only replicated when the
application calls setAttribute() explicitly. This is a source of bugs that can not effectively be
tested for at development time, since they will only manifest when failover occurs. Furthermore,
the actual replication message contains the entire serialized object graph bound to the session
attribute, which is inefficient.
Of course, EJB stateful session beans must perform automatic dirty checking and replication of
mutable state and a sophisticated EJB container can introduce optimizations such as attributelevel replication. Unfortunately, not all Seam users have the good fortune to be working in an
environment that supports EJB 3.0. So, for session and conversation scoped JavaBean and entity
bean components, Seam provides an extra layer of cluster-safe state management over the top
of the web container session clustering.
For session or conversation scoped JavaBean components, Seam automatically forces replication
to occur by calling setAttribute() once in every request that the component was invoked by
the application. Of course, this strategy is inefficient for read-mostly components. You can control
this behavior by implementing the org.jboss.seam.core.Mutable interface, or by extending
org.jboss.seam.core.AbstractMutable, and writing your own dirty-checking logic inside the
component. For example,

@Name("account")
public class Account extends AbstractMutable
{
private BigDecimal balance;
public void setBalance(BigDecimal balance)
{
setDirty(this.balance, balance);
this.balance = balance;
}
public BigDecimal getBalance()

110

The Mutable interface and @ReadOnly

{
return balance;
}
...
}

Or, you can use the @ReadOnly annotation to achieve a similar effect:

@Name("account")
public class Account
{
private BigDecimal balance;
public void setBalance(BigDecimal balance)
{
this.balance = balance;
}
@ReadOnly
public BigDecimal getBalance()
{
return balance;
}
...
}

For session or conversation scoped entity bean components, Seam automatically forces
replication to occur by calling setAttribute() once in every request, unless the (conversationscoped) entity is currently associated with a Seam-managed persistence context, in which case no
replication is needed. This strategy is not necessarily efficient, so session or conversation scope
entity beans should be used with care. You can always write a stateful session bean or JavaBean
component to "manage" the entity bean instance. For example,

@Stateful
@Name("account")
public class AccountManager extends AbstractMutable
{
private Account account; // an entity bean

111

Chapter 5. The contextual com...

@Unwrap
public Account getAccount()
{
return account;
}
...
}

Note that the EntityHome class in the Seam Application Framework provides a great example of
managing an entity bean instance using a Seam component.

5.8. Factory and manager components
We often need to work with objects that are not Seam components. But we still want to be able to
inject them into our components using @In and use them in value and method binding expressions,
etc. Sometimes, we even need to tie them into the Seam context lifecycle (@Destroy, for example).
So the Seam contexts can contain objects which are not Seam components, and Seam provides a
couple of nice features that make it easier to work with non-component objects bound to contexts.
The factory component pattern lets a Seam component act as the instantiator for a non-component
object. A factory method will be called when a context variable is referenced but has no value
bound to it. We define factory methods using the @Factory annotation. The factory method binds
a value to the context variable, and determines the scope of the bound value. There are two styles
of factory method. The first style returns a value, which is bound to the context by Seam:

@Factory(scope=CONVERSATION)
public List getCustomerList() {
return ... ;
}

The second style is a method of type void which binds the value to the context variable itself:

@DataModel List customerList;
@Factory("customerList")
public void initCustomerList() {
customerList = ... ;
}

112

Factory and manager components

In both cases, the factory method is called when we reference the customerList context variable
and its value is null, and then has no further part to play in the lifecycle of the value. An even more
powerful pattern is the manager component pattern. In this case, we have a Seam component
that is bound to a context variable, that manages the value of the context variable, while remaining
invisible to clients.
A manager component is any component with an @Unwrap method. This method returns the value
that will be visible to clients, and is called every time a context variable is referenced.

@Name("customerList")
@Scope(CONVERSATION)
public class CustomerListManager
{
...
@Unwrap
public List getCustomerList() {
return ... ;
}
}

The manager component pattern is especially useful if we have an object where you need more
control over the lifecycle of the component. For example, if you have a heavyweight object that
needs a cleanup operation when the context ends you could @Unwrap the object, and perform
cleanup in the @Destroy method of the manager component.

@Name("hens")
@Scope(APPLICATION)
public class HenHouse
{
Set hens;
@In(required=false) Hen hen;
@Unwrap
public List getHens()
{
if (hens == null)
{
// Setup our hens
}
return hens;
}

113

Chapter 5. The contextual com...

@Observer({"chickBorn", "chickenBoughtAtMarket"})
public addHen()
{
hens.add(hen);
}
@Observer("chickenSoldAtMarket")
public removeHen()
{
hens.remove(hen);
}
@Observer("foxGetsIn")
public removeAllHens()
{
hens.clear();
}
...
}

Here the managed component observes many events which change the underlying object. The
component manages these actions itself, and because the object is unwrapped on every access,
a consistent view is provided.

114

Chapter 6.

Configuring Seam components
The philosophy of minimizing XML-based configuration is extremely strong in Seam.
Nevertheless, there are various reasons why we might want to configure a Seam component
using XML: to isolate deployment-specific information from the Java code, to enable the creation
of re-usable frameworks, to configure Seam's built-in functionality, etc. Seam provides two basic
approaches to configuring components: configuration via property settings in a properties file or
in web.xml, and configuration via components.xml.

6.1. Configuring components via property settings
Seam components may be provided with configuration properties either via servlet context
parameters, via system properties, or via a properties file named seam.properties in the root
of the classpath.
The configurable Seam component must expose JavaBeans-style property setter methods
for the configurable attributes. If a Seam component named com.jboss.myapp.settings
has a setter method named setLocale(), we can provide a property named
com.jboss.myapp.settings.locale in the seam.properties file, a system property named
org.jboss.seam.properties.com.jboss.myapp.settings.locale via -D at startup, or as a
servlet context parameter, and Seam will set the value of the locale attribute whenever it
instantiates the component.
The same mechanism is used to configure Seam itself. For example, to set the conversation
timeout, we provide a value for org.jboss.seam.core.manager.conversationTimeout
in
web.xml,
seam.properties,
or
via
a
system
property
prefixed
with
org.jboss.seam.properties.
(There
is
a
built-in
Seam
component
named
org.jboss.seam.core.manager with a setter method named setConversationTimeout().)

6.2. Configuring components via components.xml
The components.xml file is a bit more powerful than property settings. It lets you:
• Configure components that have been installed automatically — including both built-in
components, and application components that have been annotated with the @Name annotation
and picked up by Seam's deployment scanner.
• Install classes with no @Name annotation as Seam components — this is most useful for certain
kinds of infrastructural components which can be installed multiple times with different names
(for example Seam-managed persistence contexts).
• Install components that do have a @Name annotation but are not installed by default because of
an @Install annotation that indicates the component should not be installed.
• Override the scope of a component.
A components.xml file may appear in one of three different places:

115

Chapter 6. Configuring Seam c...

• The WEB-INF directory of a war.
• The META-INF directory of a jar.
• Any directory of a jar that contains classes with an @Name annotation.
Usually, Seam components are installed when the deployment scanner discovers a class
with a @Name annotation sitting in an archive with a seam.properties file or a META-INF/
components.xml file. (Unless the component has an @Install annotation indicating it should not
be installed by default.) The components.xml file lets us handle special cases where we need
to override the annotations.
For example, the following components.xml file installs jBPM:





This example does the same thing:





This one installs and configures two different Seam-managed persistence contexts:






As does this one:



116

Configuring components via components.xml


java:/customerEntityManagerFactory


java:/accountingEntityManagerFactory



This example creates a session-scoped Seam-managed persistence context (this is not
recommended in practice):







java:/productEntityManagerFactory



It is common to use the auto-create option for infrastructural objects like persistence contexts,
which saves you from having to explicitly specify create=true when you use the @In annotation.



117

Chapter 6. Configuring Seam c...






java:/productEntityManagerFactory



The  declaration lets you specify a value or method binding expression that will be
evaluated to initialize the value of a context variable when it is first referenced.






You can create an "alias" (a second name) for a Seam component like so:





You can even create an "alias" for a commonly used expression:



118

Fine-grained configuration files




It is especially common to see the use of auto-create="true" with the  declaration:





Sometimes we want to reuse the same components.xml file with minor changes during
both deployment and testing. Seam lets you place wildcards of the form @wildcard@ in the
components.xml file which can be replaced either by your Ant build script (at deployment time) or
by providing a file named components.properties in the classpath (at development time). You'll
see this approach used in the Seam examples.

6.3. Fine-grained configuration files
If you have a large number of components that need to be configured in XML, it makes much
more sense to split up the information in components.xml into many small files. Seam lets you
put configuration for a class named, for example, com.helloworld.Hello in a resource named
com/helloworld/Hello.component.xml. (You might be familiar with this pattern, since it is the
same one we use in Hibernate.) The root element of the file may be either a  or
 element.
The first option lets you define multiple components in the file:



#{user.name}




The second option only lets you define or configure one component, but is less noisy:



119

Chapter 6. Configuring Seam c...

#{user.name}


In the second option, the class name is implied by the file in which the component definition
appears.
Alternatively, you may put configuration for all classes in the com.helloworld package in com/
helloworld/components.xml.

6.4. Configurable property types
Properties of string, primitive or primitive wrapper type may be configured just as you would expect:

org.jboss.seam.core.manager.conversationTimeout 60000




60000


Arrays, sets and lists of strings or primitives are also supported:

org.jboss.seam.bpm.jbpm.processDefinitions order.jpdl.xml, return.jpdl.xml, inventory.jpdl.xml



order.jpdl.xml
return.jpdl.xml
inventory.jpdl.xml





order.jpdl.xml

120

Configurable property types

return.jpdl.xml
inventory.jpdl.xml



Even maps with String-valued keys and string or primitive values are supported:



open open issue
resolved issue resolved by developer
closed resolution accepted by user



When configuring multi-valued properties, by default, Seam will preserve the order in which you
place the attributes in components.xml (unless you use a SortedSet/SortedMap then Seam will
use TreeMap/TreeSet). If the property has a concrete type (for example LinkedList) Seam will
use that type.
You can also override the type by specifying a fully qualified class name:



open open issue
resolved issue resolved by developer
closed resolution accepted by user



Finally, you may wire together components using a value-binding expression. Note that this is
quite different to injection using @In, since it happens at component instantiation time instead of
invocation time. It is therefore much more similar to the dependency injection facilities offered by
traditional IoC containers like JSF or Spring.




#{policyPricingRules}


Seam also resolves an EL expression string prior to assigning the initial value to the bean property
of the component. So you can inject some contextual data into your components.


Nice to see you, #{identity.username}!


However, there is one important exception. If the type of the property to which the initial value is
being assigned is either a Seam ValueExpression or MethodExpression, then the evaluation of
the EL is deferred. Instead, the appropriate expression wrapper is created and assigned to the
property. The message templates on the Home component from the Seam Application Framework
serve as an example.



Inside the component, you can access the expression string by calling getExpressionString()
on the ValueExpression or MethodExpression. If the property is a ValueExpression, you can
resolve the value using getValue() and if the property is a MethodExpression, you can invoke
the method using invoke(Object args...). Obviously, to assign a value to a MethodExpression
property, the entire initial value must be a single EL expression.

6.5. Using XML Namespaces
Throughout the examples, there have been two competing ways of declaring components: with
and without the use of XML namespaces. The following shows a typical components.xml file
without namespaces:




true
@jndiPattern@

122

Using XML Namespaces




As you can see, this is somewhat verbose. Even worse, the component and attribute names
cannot be validated at development time.
The version with using namespaces looks like this:






Even though the schema declarations are verbose, the actual XML content is lean and easy to
understand. The schemas provide detailed information about each component and the attributes
available, allowing XML editors to offer intelligent autocomplete. The use of namespaced elements
makes generating and maintaining correct components.xml files much simpler.
Now, this works great for the built-in Seam components, but what about user components? There
are two options. First, Seam supports mixing the two models, allowing the use of the generic
 declarations for user components, along with namespaced declarations for builtin components. But even better, Seam allows you to quickly declare namespaces for your own
components.
Any Java package can be associated with an XML namespace by annotating the package with
the @Namespace annotation. (Package-level annotations are declared in a file named packageinfo.java in the package directory.) Here is an example from the seampay demo:

@Namespace(value="http://jboss.org/schema/seam/examples/seampay")
package org.jboss.seam.example.seampay;
import org.jboss.seam.annotations.Namespace;

123

Chapter 6. Configuring Seam c...

That is all you need to do to use the namespaced style in components.xml! Now we can write:




...


Or:



"#{newPayment}"
Created a new payment to #{newPayment.payee}


Somebody"
#{selectedAccount}
#{currentDatetime}
#{currentDatetime}

...


These examples illustrate the two usage models of a namespaced element. In the first declaration,
the  references the paymentHome component:

124

Using XML Namespaces

package org.jboss.seam.example.seampay;
...
@Name("paymentHome")
public class PaymentController
extends EntityHome
{
...
}

The element name is the hyphenated form of the component name. The attributes of the element
are the hyphenated form of the property names.
In the second declaration, the  element refers to the Payment class in the
org.jboss.seam.example.seampay package. In this case Payment is an entity that is being
declared as a Seam component:

package org.jboss.seam.example.seampay;
...
@Entity
public class Payment
implements Serializable
{
...
}

If we want validation and autocompletion to work for user-defined components, we will need a
schema. Seam does not yet provide a mechanism to automatically generate a schema for a set of
components, so it is necessary to generate one manually. The schema definitions for the standard
Seam packages can be used for guidance.
The following are the namespaces used by Seam:
• components — http://jboss.org/schema/seam/components
• core — http://jboss.org/schema/seam/core
• drools — http://jboss.org/schema/seam/drools
• framework — http://jboss.org/schema/seam/framework
• jms — http://jboss.org/schema/seam/jms
• remoting — http://jboss.org/schema/seam/remoting
• theme — http://jboss.org/schema/seam/theme

125

Chapter 6. Configuring Seam c...

• security — http://jboss.org/schema/seam/security
• mail — http://jboss.org/schema/seam/mail
• web — http://jboss.org/schema/seam/web
• pdf — http://jboss.org/schema/seam/pdf
• spring — http://jboss.org/schema/seam/spring

126

Chapter 7.

Events, interceptors and exception
handling
Complementing the contextual component model, there are two further basic concepts that
facilitate the extreme loose-coupling that is the distinctive feature of Seam applications. The first
is a strong event model where events may be mapped to event listeners via JSF-like method
binding expressions. The second is the pervasive use of annotations and interceptors to apply
cross-cutting concerns to components which implement business logic.

7.1. Seam events
The Seam component model was developed for use with event-driven applications, specifically to
enable the development of fine-grained, loosely-coupled components in a fine-grained eventing
model. Events in Seam come in several types, most of which we have already seen:

• JSF events
• jBPM transition events
• Seam page actions
• Seam component-driven events
• Seam contextual events
All of these various kinds of events are mapped to Seam components via JSF EL method binding
expressions. For a JSF event, this is defined in the JSF template:



For a jBPM transition event, it is specified in the jBPM process definition or pageflow definition:







You can find out more information about JSF events and jBPM events elsewhere. Let's
concentrate for now upon the two additional kinds of events defined by Seam.

127

Chapter 7. Events, intercepto...

7.2. Page actions
A Seam page action is an event that occurs just before we render a page. We declare page actions
in WEB-INF/pages.xml. We can define a page action for either a particular JSF view id:





Or we can use a * wildcard as a suffix to the view-id to specify an action that applies to all view
ids that match the pattern:





Keep in mind that if the  element is defined in a fine-grained page descriptor, the viewid attribute can be left off since it is implied.
If multiple wildcarded page actions match the current view-id, Seam will call all the actions, in
order of least-specific to most-specific.
The page action method can return a JSF outcome. If the outcome is non-null, Seam will use the
defined navigation rules to navigate to a view.
Furthermore, the view id mentioned in the  element need not correspond to a real JSP or
Facelets page! So, we can reproduce the functionality of a traditional action-oriented framework
like Struts or WebWork using page actions. This is quite useful if you want to do complex things
in response to non-faces requests (for example, HTTP GET requests).
Multiple or conditional page actions my be specified using the  tag:








Page actions are executed on both an initial (non-faces) request and a postback (faces) request.
If you are using the page action to load data, this operation may conflict with the standard JSF

128

Page parameters

action(s) being executed on a postback. One way to disable the page action is to setup a condition
that resolves to true only on an initial request.







This condition consults the ResponseStateManager#isPostback(FacesContext) to determine
if the request is a postback. The ResponseStateManager is accessed using
FacesContext.getCurrentInstance().getRenderKit().getResponseStateManager().
To save you from the verbosity of JSF's API, Seam offers a built-in condition that allows you to
accomplish the same result with a heck of a lot less typing. You can disable a page action on
postback by simply setting the on-postback to false:







For backwards compatibility reasons, the default value of the on-postback attribute is true, though
likely you will end up using the opposite setting more often.

7.3. Page parameters
A JSF faces request (a form submission) encapsulates both an "action" (a method binding) and
"parameters" (input value bindings). A page action might also needs parameters!
Since GET requests are bookmarkable, page parameters are passed as human-readable request
parameters. (Unlike JSF form inputs, which are anything but!)
You can use page parameters with or without an action method.

7.3.1. Mapping request parameters to the model
Seam lets us provide a value binding that maps a named request parameter to an attribute of a
model object.



129

Chapter 7. Events, intercepto...







The  declaration is bidirectional, just like a value binding for a JSF input:
• When a non-faces (GET) request for the view id occurs, Seam sets the value of the named
request parameter onto the model object, after performing appropriate type conversions.
• Any  or  transparently includes the request parameter. The value of the
parameter is determined by evaluating the value binding during the render phase (when the
 is rendered).
• Any navigation rule with a  to the view id transparently includes the request
parameter. The value of the parameter is determined by evaluating the value binding at the end
of the invoke application phase.
• The value is transparently propagated with any JSF form submission for the page with the given
view id. This means that view parameters behave like PAGE-scoped context variables for faces
requests.
The essential idea behind all this is that however we get from any other page to /hello.xhtml
(or from /hello.xhtml back to /hello.xhtml), the value of the model attribute referred to in the
value binding is "remembered", without the need for a conversation (or other server-side state).

7.4. Propagating request parameters
If just the name attribute is specified then the request parameter is propagated using the PAGE
context (it isn't mapped to model property).








Propagation of page parameters is especially useful if you want to build multi-layer master-detail
CRUD pages. You can use it to "remember" which view you were previously on (e.g. when
pressing the Save button), and which entity you were editing.
• Any  or  transparently propagates the request parameter if that parameter
is listed as a page parameter for the view.

130

URL rewriting with page parameters

• The value is transparently propagated with any JSF form submission for the page with the given
view id. (This means that view parameters behave like PAGE-scoped context variables for faces
requests.
This all sounds pretty complex, and you're probably wondering if such an exotic construct is really
worth the effort. Actually, the idea is very natural once you "get it". It is definitely worth taking the
time to understand this stuff. Page parameters are the most elegant way to propagate state across
a non-faces request. They are especially cool for problems like search screens with bookmarkable
results pages, where we would like to be able to write our application code to handle both POST
and GET requests with the same code. Page parameters eliminate repetitive listing of request
parameters in the view definition and make redirects much easier to code.

7.5. URL rewriting with page parameters
Rewriting occurs based on rewrite patterns found for views in pages.xml. Seam URL rewriting
does both incoming and outgoing URL rewriting based on the same pattern. Here's a simple
pattern:





In this case, any incoming request for /home will be sent to /home.xhtml. More interestingly,
any link generated that would normally point to /home.seam will instead be rewritten as /home.
Rewrite patterns only match the portion of the URL before the query parameters. So, /home.seam?
conversationId=13 and /home.seam?color=red will both be matched by this rewrite rule.
Rewrite rules can take these query paramters into consideration, as shown with the following rules.






In this case, an incoming request for /home/red will be served as if it were a request for /
home.seam?color=red. Similarly, if color is a page parameter an outgoing URL that would
normally show as /home.seam?color=blue would instead be output as /home/blue. Rules are
processed in order, so it is important to list more specific rules before more general rules.

131

Chapter 7. Events, intercepto...

Default Seam query parameters can also be mapped using URL rewriting, allowing for
another option for hiding Seam's fingerprints. In the following example, /search.seam?
conversationId=13 would be written as /search-13.






Seam URL rewriting provides simple, bidirectional rewriting on a per-view basis. For more complex
rewriting rules that cover non-seam components, Seam applications can continue to use the
org.tuckey URLRewriteFilter or apply rewriting rules at the web server.
URL rewriting requires the Seam rewrite filter to be enable. Rewrite filter configuration is discussed
in Section 31.1.3.3, “URL rewriting”.

7.6. Conversion and Validation
You can specify a JSF converter for complex model properties:









Alternatively:









132

Navigation

JSF validators, and required="true" may also be used:







Alternatively:







Even better, model-based Hibernate validator annotations are automatically recognized and
validated. Seam also provides a default date converter to convert a string parameter value to a
date and back.
When type conversion or validation fails, a global FacesMessage is added to the FacesContext.

7.7. Navigation
You can use standard JSF navigation rules defined in faces-config.xml in a Seam application.
However, JSF navigation rules have a number of annoying limitations:
• It is not possible to specify request parameters to be used when redirecting.
• It is not possible to begin or end conversations from a rule.
• Rules work by evaluating the return value of the action method; it is not possible to evaluate
an arbitrary EL expression.
A further problem is that "orchestration" logic gets scattered between pages.xml and facesconfig.xml. It's better to unify this logic into pages.xml.
This JSF navigation rule:

133

Chapter 7. Events, intercepto...


/editDocument.xhtml

#{documentEditor.update}
success
/viewDocument.xhtml




Can be rewritten as follows:









But it would be even nicer if we didn't have to pollute our DocumentEditor component with stringvalued return values (the JSF outcomes). So Seam lets us write:









Or even:

134

Navigation









The first form evaluates a value binding to determine the outcome value to be used by the
subsequent rules. The second approach ignores the outcome and evaluates a value binding for
each possible rule.
Of course, when an update succeeds, we probably want to end the current conversation. We can
do that like this:










As we've ended conversation any subsequent requests won't know which document we are
interested in. We can pass the document id as a request parameter which also makes the view
bookmarkable:










135

Chapter 7. Events, intercepto...




Null outcomes are a special case in JSF. The null outcome is interpreted to mean "redisplay the
page". The following navigation rule matches any non-null outcome, but not the null outcome:









If you want to perform navigation when a null outcome occurs, use the following form instead:







The view-id may be given as a JSF EL expression:









136

Fine-grained files for definition of navigation, page actions and parameters

7.8. Fine-grained files for definition of navigation, page
actions and parameters
If you have a lot of different page actions and page parameters, or even just a lot of navigation
rules, you will almost certainly want to split the declarations up over multiple files. You can define
actions and parameters for a page with the view id /calc/calculator.xhtml in a resource
named calc/calculator.page.xml. The root element in this case is the  element, and
the view id is implied:







7.9. Component-driven events
Seam components can interact by simply calling each others methods. Stateful components may
even implement the observer/observable pattern. But to enable components to interact in a more
loosely-coupled fashion than is possible when the components call each others methods directly,
Seam provides component-driven events.
We specify event listeners (observers) in components.xml.








Where the event type is just an arbitrary string.
When an event occurs, the actions registered for that event will be called in the order they appear
in components.xml. How does a component raise an event? Seam provides a built-in component
for this.

@Name("helloWorld")
public class HelloWorld {
public void sayHello() {
FacesMessages.instance().add("Hello World!");

137

Chapter 7. Events, intercepto...

Events.instance().raiseEvent("hello");
}
}

Or you can use an annotation.

@Name("helloWorld")
public class HelloWorld {
@RaiseEvent("hello")
public void sayHello() {
FacesMessages.instance().add("Hello World!");
}
}

Notice that this event producer has no dependency upon event consumers. The event listener
may now be implemented with absolutely no dependency upon the producer:

@Name("helloListener")
public class HelloListener {
public void sayHelloBack() {
FacesMessages.instance().add("Hello to you too!");
}
}

The method binding defined in components.xml above takes care of mapping the event to the
consumer. If you don't like futzing about in the components.xml file, you can use an annotation
instead:

@Name("helloListener")
public class HelloListener {
@Observer("hello")
public void sayHelloBack() {
FacesMessages.instance().add("Hello to you too!");
}
}

You might wonder why I've not mentioned anything about event objects in this discussion. In
Seam, there is no need for an event object to propagate state between event producer and listener.
State is held in the Seam contexts, and is shared between components. However, if you really
want to pass an event object, you can:

138

Contextual events

@Name("helloWorld")
public class HelloWorld {
private String name;
public void sayHello() {
FacesMessages.instance().add("Hello World, my name is #0.", name);
Events.instance().raiseEvent("hello", name);
}
}

@Name("helloListener")
public class HelloListener {
@Observer("hello")
public void sayHelloBack(String name) {
FacesMessages.instance().add("Hello #0!", name);
}
}

7.10. Contextual events
Seam defines a number of built-in events that the application can use to perform special kinds of
framework integration. The events are:
• org.jboss.seam.validationFailed — called when JSF validation fails
• org.jboss.seam.noConversation — called when there is no long running conversation and
a long running conversation is required
• org.jboss.seam.preSetVariable. — called when the context variable  is set
• org.jboss.seam.postSetVariable. — called when the context variable  is set
• org.jboss.seam.preRemoveVariable. — called when the context variable  is
unset
• org.jboss.seam.postRemoveVariable. — called when the context variable 
is unset
• org.jboss.seam.preDestroyContext. — called before the  context is
destroyed
• org.jboss.seam.postDestroyContext. — called after the  context is
destroyed
• org.jboss.seam.beginConversation
begins

— called whenever a long-running conversation

139

Chapter 7. Events, intercepto...

• org.jboss.seam.endConversation — called whenever a long-running conversation ends
• org.jboss.seam.conversationTimeout — called when a conversation timeout occurs. The
conversation id is passed as a parameter.
• org.jboss.seam.beginPageflow — called when a pageflow begins
• org.jboss.seam.beginPageflow. — called when the pageflow  begins
• org.jboss.seam.endPageflow — called when a pageflow ends
• org.jboss.seam.endPageflow. — called when the pageflow  ends
• org.jboss.seam.createProcess. — called when the process  is created
• org.jboss.seam.endProcess. — called when the process  ends
• org.jboss.seam.initProcess.
with the conversation

— called when the process  is associated

• org.jboss.seam.initTask. — called when the task  is associated with the
conversation
• org.jboss.seam.startTask. — called when the task  is started
• org.jboss.seam.endTask. — called when the task  is ended
• org.jboss.seam.postCreate. — called when the component  is created
• org.jboss.seam.preDestroy. — called when the component  is destroyed
• org.jboss.seam.beforePhase — called before the start of a JSF phase
• org.jboss.seam.afterPhase — called after the end of a JSF phase
• org.jboss.seam.postInitialization — called when Seam has initialized and started up
all components
• org.jboss.seam.postReInitialization — called when Seam has re-initialized and started
up all components after a redeploy
• org.jboss.seam.exceptionHandled. — called when an uncaught exception is
handled by Seam
• org.jboss.seam.exceptionHandled — called when an uncaught exception is handled by
Seam
• org.jboss.seam.exceptionNotHandled — called when there was no handler for an uncaught
exception
• org.jboss.seam.afterTransactionSuccess — called when a transaction succeeds in the
Seam Application Framework
• org.jboss.seam.afterTransactionSuccess. — called when a transaction succeeds
in the Seam Application Framework which manages an entity called 

140

Seam interceptors

• org.jboss.seam.security.loggedOut — called when a user logs out
• org.jboss.seam.security.loginFailed — called when a user authentication attempt fails
• org.jboss.seam.security.loginSuccessful — called when a user is successfully
authenticated
• org.jboss.seam.security.notAuthorized — called when an authorization check fails
• org.jboss.seam.security.notLoggedIn — called there is no authenticated user and
authentication is required
• org.jboss.seam.security.postAuthenticate. — called after a user is authenticated
• org.jboss.seam.security.preAuthenticate — called before attempting to authenticate a
user
Seam components may observe any of these events in just the same way they observe any other
component-driven events.

7.11. Seam interceptors
EJB 3.0 introduced a standard interceptor model for session bean components. To add an
interceptor to a bean, you need to write a class with a method annotated @AroundInvoke and
annotate the bean with an @Interceptors annotation that specifies the name of the interceptor
class. For example, the following interceptor checks that the user is logged in before allowing
invoking an action listener method:

public class LoggedInInterceptor {
@AroundInvoke
public Object checkLoggedIn(InvocationContext invocation) throws Exception {
boolean isLoggedIn = Contexts.getSessionContext().get("loggedIn")!=null;
if (isLoggedIn) {
//the user is already logged in
return invocation.proceed();
}
else {
//the user is not logged in, fwd to login page
return "login";
}
}
}

141

Chapter 7. Events, intercepto...

To apply this interceptor to a session bean which acts as an action listener, we must
annotate the session bean @Interceptors(LoggedInInterceptor.class). This is a somewhat
ugly annotation. Seam builds upon the interceptor framework in EJB3 by allowing you
to use @Interceptors as a meta-annotation for class level interceptors (those annotated
@Target(TYPE)). In our example, we would create an @LoggedIn annotation, as follows:

@Target(TYPE)
@Retention(RUNTIME)
@Interceptors(LoggedInInterceptor.class)
public @interface LoggedIn {}

We can now simply annotate our action listener bean with @LoggedIn to apply the interceptor.

@Stateless
@Name("changePasswordAction")
@LoggedIn
@Interceptors(SeamInterceptor.class)
public class ChangePasswordAction implements ChangePassword {
...
public String changePassword() { ... }
}

If interceptor ordering is important (it usually is), you can add @Interceptor annotations to your
interceptor classes to specify a partial order of interceptors.

@Interceptor(around={BijectionInterceptor.class,
ValidationInterceptor.class,
ConversationInterceptor.class},
within=RemoveInterceptor.class)
public class LoggedInInterceptor
{
...
}

You can even have a "client-side" interceptor, that runs around any of the built-in functionality
of EJB3:

142

Managing exceptions

@Interceptor(type=CLIENT)
public class LoggedInInterceptor
{
...
}

EJB interceptors are stateful, with a lifecycle that is the same as the component they intercept. For
interceptors which do not need to maintain state, Seam lets you get a performance optimization
by specifying @Interceptor(stateless=true).
Much of the functionality of Seam is implemented as a set of built-in Seam interceptors, including
the interceptors named in the previous example. You don't have to explicitly specify these
interceptors by annotating your components; they exist for all interceptable Seam components.
You can even use Seam interceptors with JavaBean components, not just EJB3 beans!
EJB defines interception not only for business methods (using @AroundInvoke), but also for
the lifecycle methods @PostConstruct, @PreDestroy, @PrePassivate and @PostActive. Seam
supports all these lifecycle methods on both component and interceptor not only for EJB3 beans,
but also for JavaBean components (except @PreDestroy which is not meaningful for JavaBean
components).

7.12. Managing exceptions
JSF is surprisingly limited when it comes to exception handling. As a partial workaround for this
problem, Seam lets you define how a particular class of exception is to be treated by annotating
the exception class, or declaring the exception class in an XML file. This facility is meant to
be combined with the EJB 3.0-standard @ApplicationException annotation which specifies
whether the exception should cause a transaction rollback.

7.12.1. Exceptions and transactions
EJB specifies well-defined rules that let us control whether an exception immediately
marks the current transaction for rollback when it is thrown by a business method of the
bean: system exceptions always cause a transaction rollback, application exceptions do not
cause a rollback by default, but they do if @ApplicationException(rollback=true) is
specified. (An application exception is any checked exception, or any unchecked exception
annotated @ApplicationException. A system exception is any unchecked exception without an
@ApplicationException annotation.)
Note that there is a difference between marking a transaction for rollback, and actually rolling it
back. The exception rules say that the transaction should be marked rollback only, but it may still
be active after the exception is thrown.
Seam applies the EJB 3.0 exception rollback rules also to Seam JavaBean components.

143

Chapter 7. Events, intercepto...

But these rules only apply in the Seam component layer. What about an exception that is uncaught
and propagates out of the Seam component layer, and out of the JSF layer? Well, it is always
wrong to leave a dangling transaction open, so Seam rolls back any active transaction when an
exception occurs and is uncaught in the Seam component layer.

7.12.2. Enabling Seam exception handling
To enable Seam's exception handling, we need to make sure we have the master servlet filter
declared in web.xml:


Seam Filter
org.jboss.seam.servlet.SeamFilter


Seam Filter
*.seam


As the second requirement is to add web:exception-filter configuration component into WEBINF/components.xml. More details are in Section 31.1.3.1, “Exception handling”
You need to disable Facelets development mode in web.xml too and Seam debug mode in
components.xml if you want your exception handlers to fire.

7.12.3. Using annotations for exception handling
The following exception results in a HTTP 404 error whenever it propagates out of the Seam
component layer. It does not roll back the current transaction immediately when thrown, but the
transaction will be rolled back if it the exception is not caught by another Seam component.

@HttpError(errorCode=404)
public class ApplicationException extends Exception { ... }

This exception results in a browser redirect whenever it propagates out of the Seam component
layer. It also ends the current conversation. It causes an immediate rollback of the current
transaction.

@Redirect(viewId="/failure.xhtml", end=true)
@ApplicationException(rollback=true)
public class UnrecoverableApplicationException extends RuntimeException { ... }

144

Using XML for exception handling

Note
It is important to note that Seam cannot handle exceptions that occur during JSF's
RENDER_RESPONSE phase, as it is not possible to perform a redirect once the
response has started being written to.

You can also use EL to specify the viewId to redirect to.
This exception results in a redirect, along with a message to the user, when it propagates out of
the Seam component layer. It also immediately rolls back the current transaction.

@Redirect(viewId="/error.xhtml", message="Unexpected error")
public class SystemException extends RuntimeException { ... }

7.12.4. Using XML for exception handling
Since we can't add annotations to all the exception classes we are interested in, Seam also lets
us specify this functionality in pages.xml.








Database access failed





Unexpected failure




145

Chapter 7. Events, intercepto...

The last  declaration does not specify a class, and is a catch-all for any exception
for which handling is not otherwise specified via annotations or in pages.xml.
You can also use EL to specify the view-id to redirect to.
You can also access the handled exception instance through EL, Seam places it in the
conversation context, e.g. to access the message of the exception:

...
throw new AuthorizationException("You are not allowed to do this!");




#{org.jboss.seam.handledException.message}




org.jboss.seam.handledException holds the nested exception that was actually handled

by an exception handler. The outermost (wrapper) exception is also available, as
org.jboss.seam.caughtException.

7.12.4.1. Suppressing exception logging
For the exception handlers defined in pages.xml, it is possible to declare the logging level at
which the exception will be logged, or to even suppress the exception being logged altogether. The
attributes log and log-level can be used to control exception logging. By setting log="false"
as per the following example, then no log message will be generated when the specified exception
occurs:



You must be a member to use this feature



If the log attribute is not specified, then it defaults to true (i.e. the exception will be logged).
Alternatively, you can specify the log-level to control at which log level the exception will be
logged:

146

Some common exceptions



You must be a member to use this feature



The acceptable values for log-level are: fatal, error, warn, info, debug or trace. If the
log-level is not specified, or if an invalid value is configured, then it will default to error.

7.12.5. Some common exceptions
If you are using JPA:



Not found





Another user changed the same data, please try again



If you are using the Seam Application Framework:



Not found



If you are using Seam Security:



You don't have permission to do this


147

Chapter 7. Events, intercepto...




Please log in first



And, for JSF:



Your session has timed out, please try again



A ViewExpiredException occurs if the user posts back to a page once their session has
expired. The conversation-required and no-conversation-view-id settings in the Seam
page descriptor, discussed in Section 8.4, “Requiring a long-running conversation”, give you finergrained control over session expiration if you are accessing a page used within a conversation.

148

Chapter 8.

Conversations and workspace
management
It's time to understand Seam's conversation model in more detail.
Historically, the notion of a Seam "conversation" came about as a merger of three different ideas:
• The idea of a workspace, which I encountered in a project for the Victorian government in 2002.
In this project I was forced to implement workspace management on top of Struts, an experience
I pray never to repeat.
• The idea of an application transaction with optimistic semantics, and the realization that existing
frameworks based around a stateless architecture could not provide effective management of
extended persistence contexts. (The Hibernate team is truly fed up with copping the blame for
LazyInitializationExceptions, which are not really Hibernate's fault, but rather the fault of
the extremely limiting persistence context model supported by stateless architectures such as
the Spring framework or the traditional stateless session facade (anti)pattern in J2EE.)
• The idea of a workflow task.
By unifying these ideas and providing deep support in the framework, we have a powerful construct
that lets us build richer and more efficient applications with less code than before.

8.1. Seam's conversation model
The examples we have seen so far make use of a very simple conversation model that follows
these rules:
• There is always a conversation context active during the apply request values, process
validations, update model values, invoke application and render response phases of the JSF
request lifecycle.
• At the end of the restore view phase of the JSF request lifecycle, Seam attempts to restore
any previous long-running conversation context. If none exists, Seam creates a new temporary
conversation context.
• When an @Begin method is encountered, the temporary conversation context is promoted to
a long running conversation.
• When an @End method is encountered, any long-running conversation context is demoted to
a temporary conversation.
• At the end of the render response phase of the JSF request lifecycle, Seam stores the contents
of a long running conversation context or destroys the contents of a temporary conversation
context.

149

Chapter 8. Conversations and ...

• Any faces request (a JSF postback) will propagate the conversation context. By default, nonfaces requests (GET requests, for example) do not propagate the conversation context, but see
below for more information on this.
• If the JSF request lifecycle is foreshortened by a redirect, Seam transparently stores and
restores the current conversation context — unless the conversation was already ended via
@End(beforeRedirect=true).
Seam transparently propagates the conversation context (including the temporary conversation
context) across JSF postbacks and redirects. If you don't do anything special, a non-faces request
(a GET request for example) will not propagate the conversation context and will be processed in
a new temporary conversation. This is usually - but not always - the desired behavior.
If you want to propagate a Seam conversation across a non-faces request, you need to explicitly
code the Seam conversation id as a request parameter:

Continue

Or, the more JSF-ish:






If you use the Seam tag library, this is equivalent:






If you wish to disable propagation of the conversation context for a postback, a similar trick is used:





If you use the Seam tag library, this is equivalent:

150

Seam's conversation model





Note that disabling conversation context propagation is absolutely not the same thing as ending
the conversation.
The conversationPropagation request parameter, or the  tag
may even be used to begin a conversation, end the current conversation, destroy the entire
conversation stack, or begin a nested conversation.





















This conversation model makes it easy to build applications which behave correctly with respect
to multi-window operation. For many applications, this is all that is needed. Some complex
applications have either or both of the following additional requirements:

151

Chapter 8. Conversations and ...

• A conversation spans many smaller units of user interaction, which execute serially or even
concurrently. The smaller nested conversations have their own isolated set of conversation
state, and also have access to the state of the outer conversation.
• The user is able to switch between many conversations within the same browser window. This
feature is called workspace management.

8.2. Nested conversations
A nested conversation is created by invoking a method marked @Begin(nested=true) inside the
scope of an existing conversation. A nested conversation has its own conversation context, but
can read values from the outer conversation's context. The outer conversation's context is readonly within a nested conversation, but because objects are obtained by reference, changes to the
objects themselves will be reflected in the outer context.

• Nesting a conversation through initializes a context that is stacked on the context of the original,
or outer, conversation. The outer conversation is considered the parent.
• Any values outjected or directly set into the nested conversation’s context do not affect the
objects accessible in the parent conversation’s context.
• Injection or a context lookup from the conversation context will first lookup the value in the
current conversation context and, if no value is found, will proceed down the conversation stack
if the conversation is nested. As you will see in moment, this behavior can be overriden.
When an @End is subsequently encountered, the nested conversation will be destroyed, and
the outer conversation will resume, by "popping" the conversation stack. Conversations may be
nested to any arbitrary depth.
Certain user activity (workspace management, or the back button) can cause the outer
conversation to be resumed before the inner conversation is ended. In this case it is possible
to have multiple concurrent nested conversations belonging to the same outer conversation.
If the outer conversation ends before a nested conversation ends, Seam destroys all nested
conversation contexts along with the outer context.
The conversation at the bottom of the conversation stack is the root conversation. Destroying
this conversation always destroy all of its descendents. You can achieve this declaratively by
specifying @End(root=true).
A conversation may be thought of as a continuable state. Nested conversations allow the
application to capture a consistent continuable state at various points in a user interaction, thus
ensuring truly correct behavior in the face of backbuttoning and workspace management.
As mentioned previously, if a component exists in a parent conversation of the current nested
conversation, the nested conversation will use the same instance. Occasionally, it is useful to
have a different instance in each nested conversation, so that the component instance that exists

152

Starting conversations with GET requests

in the parent conversation is invisible to its child conversations. You can achieve this behavior by
annotating the component @PerNestedConversation.

8.3. Starting conversations with GET requests
JSF does not define any kind of action listener that is triggered when a page is accessed via a
non-faces request (for example, a HTTP GET request). This can occur if the user bookmarks the
page, or if we navigate to the page via an .
Sometimes we want to begin a conversation immediately the page is accessed. Since there is no
JSF action method, we can't solve the problem in the usual way, by annotating the action with
@Begin.
A further problem arises if the page needs some state to be fetched into a context variable. We've
already seen two ways to solve this problem. If that state is held in a Seam component, we can
fetch the state in a @Create method. If not, we can define a @Factory method for the context
variable.
If none of these options works for you, Seam lets you define a page action in the pages.xml file.



...


This action method is called at the beginning of the render response phase, any time the page
is about to be rendered. If a page action returns a non-null outcome, Seam will process any
appropriate JSF and Seam navigation rules, possibly resulting in a completely different page being
rendered.
If all you want to do before rendering the page is begin a conversation, you could use a built-in
action method that does just that:



...


Note that you can also call this built-in action from a JSF control, and, similarly, you can use
#{conversation.end} to end conversations.
If you want more control, to join existing conversations or begin a nested conversion, to begin a
pageflow or an atomic conversation, you should use the  element.

153

Chapter 8. Conversations and ...





...


There is also an  element.





...


To solve the first problem, we now have five options:

• Annotate the @Create method with @Begin
• Annotate the @Factory method with @Begin
• Annotate the Seam page action method with @Begin
• Use  in pages.xml.
• Use #{conversation.begin} as the Seam page action method

8.4. Requiring a long-running conversation
Certain pages are only relevant in the context of a long-running conversation. One way to "protect"
such a page is to require a long-running conversation as a prerequisite to rendering the page.
Fortunately, Seam has a built-in mechanism for enforcing this requirement.
In the Seam page descriptor, you can indicate that the current conversation must be long-running
(or nested) in order for a page to be rendered using the conversation-required attribute as
follows:



154

Using  and 

Note
The only downside is there's no built-in way to indicate which long-running
conversation is required. You can build on this basic authorization by dually
checking if a specific value is present in the conversation within a page action.

When Seam determines that this page is requested outside of a long-running conversation, the
following actions are taken:

• A contextual event named org.jboss.seam.noConversation is raised
• A

warning

status

message

is

registered

using

the

bundle

key

org.jboss.seam.NoConversation

• The user is redirected to an alternate page, if defined
The alternate page is defined in the no-conversation-view-id attribute on a  element
in the Seam page descriptor as follows:



At the moment, you can only define one such page for the entire application.

8.5. Using  and 
JSF command links always perform a form submission via JavaScript, which breaks the web
browser's "open in new window" or "open in new tab" feature. In plain JSF, you need to
use an  if you need this functionality. But there are two major limitations to
.

• JSF provides no way to attach an action listener to an .
• JSF does not propagate the selected row of a DataModel since there is no actual form
submission.
Seam provides the notion of a page action to help solve the first problem, but this does nothing to
help us with the second problem. We could work around this by using the RESTful approach of
passing a request parameter and requerying for the selected object on the server side. In some
cases — such as the Seam blog example application — this is indeed the best approach. The
RESTful style supports bookmarking, since it does not require server-side state. In other cases,
where we don't care about bookmarks, the use of @DataModel and @DataModelSelection is just
so convenient and transparent!

155

Chapter 8. Conversations and ...

To fill in this missing functionality, and to make conversation propagation even simpler to manage,
Seam provides the  JSF tag.
The link may specify just the JSF view id:



Or, it may specify an action method (in which case the action outcome determines the page that
results):



If you specify both a JSF view id and an action method, the 'view' will be used unless the action
method returns a non-null outcome:



The link automatically propagates the selected row of a DataModel using inside :



You can leave the scope of an existing conversation:



You can begin, end, or nest conversations:



If the link begins a conversation, you can even specify a pageflow to be used:



The taskInstance attribute is for use in jBPM task lists:

156

Success messages



(See the DVD Store demo application for examples of this.)
Finally, if you need the "link" to be rendered as a button, use :



8.6. Success messages
It is quite common to display a message to the user indicating success or failure of an action. It is
convenient to use a JSF FacesMessage for this. Unfortunately, a successful action often requires
a browser redirect, and JSF does not propagate faces messages across redirects. This makes it
quite difficult to display success messages in plain JSF.
The built in conversation-scoped Seam component named facesMessages solves this problem.
(You must have the Seam redirect filter installed.)

@Name("editDocumentAction")
@Stateless
public class EditDocumentBean implements EditDocument {
@In EntityManager em;
@In Document document;
@In FacesMessages facesMessages;
public String update() {
em.merge(document);
facesMessages.add("Document updated");
}
}

Any message added to facesMessages is used in the very next render response phase for the
current conversation. This even works when there is no long-running conversation since Seam
preserves even temporary conversation contexts across redirects.
You can even include JSF EL expressions in a faces message summary:

facesMessages.add("Document #{document.title} was updated");

You may display the messages in the usual way, for example:

157

Chapter 8. Conversations and ...



8.7. Natural conversation ids
When working with conversations that deal with persistent objects, it may be desirable to use the
natural business key of the object instead of the standard, "surrogate" conversation id:
Easy redirect to existing conversation
It can be useful to redirect to an existing conversation if the user requests the same operation
twice. Take this example: “ You are on ebay, half way through paying for an item you just won as
a Christmas present for your parents. Lets say you're sending it straight to them - you enter your
payment details but you can't remember their address. You accidentally reuse the same browser
window finding out their address. Now you need to return to the payment for the item. ”
With a natural conversation it's really easy to have the user rejoin the existing conversation, and
pick up where they left off - just have them to rejoin the payForItem conversation with the itemId
as the conversation id.
User friendly URLs
For me this consists of a navigable hierarchy (I can navigate by editing the url) and a meaningful
URL (like this Wiki uses - so don't identify things by random ids). For some applications user
friendly URLs are less important, of course.
With a natural conversation, when you are building your hotel booking system (or, of
course, whatever your app is) you can generate a URL like http://seam-hotels/book.seam?
hotel=BestWesternAntwerpen (of course, whatever parameter hotel maps to on your domain
model must be unique) and with URLRewrite easily transform this to http://seam-hotels/book/
BestWesternAntwerpen.
Much better!

8.8. Creating a natural conversation
Natural conversations are defined in pages.xml:



The first thing to note from the above definition is that the conversation has a name, in this case
PlaceBid. This name uniquely identifies this particular named conversation, and is used by the
page definition to identify a named conversation to participate in.

158

Redirecting to a natural conversation

The next attribute, parameter-name defines the request parameter that will contain the natural
conversation id, in place of the default conversation id parameter. In this example, the parametername is auctionId. This means that instead of a conversation parameter like cid=123 appearing

in the URL for your page, it will contain auctionId=765432 instead.
The last attribute in the above configuration, parameter-value, defines an EL expression used
to evaluate the value of the natural business key to use as the conversation id. In this example,
the conversation id will be the primary key value of the auction instance currently in scope.
Next, we define which pages will participate in the named conversation. This is done by specifying
the conversation attribute for a page definition:











8.9. Redirecting to a natural conversation
When starting, or redirecting to, a natural conversation there are a number of options for specifying
the natural conversation name. Let's start by looking at the following page definition:








From here, we can see that invoking the action #{bidAction.placeBid} from our auction view
(by the way, all these examples are taken from the seamBay example in Seam), that we will be
redirected to /bid.xhtml, which, as we saw previously, is configured with the natural conversation
PlaceBid. The declaration for our action method looks like this:

@Begin(join = true)

159

Chapter 8. Conversations and ...

public void placeBid()

When named conversations are specified in the  element, redirection to the named
conversation occurs as part of navigation rules, after the action method has already been invoked.
This is a problem when redirecting to an existing conversation, as redirection needs to be occur
before the action method is invoked. Therefore it is necessary to specify the conversation name
when the action is invoked. One way of doing this is by using the s:conversationName tag:





styleClass="placeBid"

Another alternative is to specify the conversationName attribute when using either s:link or
s:button:



8.10. Workspace management
Workspace management is the ability to "switch" conversations in a single window. Seam
makes workspace management completely transparent at the level of the Java code. To enable
workspace management, all you need to do is:
• Provide description text for each view id (when using JSF or Seam navigation rules) or page
node (when using jPDL pageflows). This description text is displayed to the user by the
workspace switchers.
• Include one or more of the standard workspace switcher JSF or Facelets fragments in your
pages. The standard fragments support workspace management via a drop down menu, a list
of conversations, or breadcrumbs.

8.10.1. Workspace management and JSF navigation
When you use JSF or Seam navigation rules, Seam switches to a conversation by restoring
the current view-id for that conversation. The descriptive text for the workspace is defined in
a file called pages.xml that Seam expects to find in the WEB-INF directory, right next to facesconfig.xml:



Search hotels: #{hotelBooking.searchString}

160

Workspace management and jPDL pageflow



View hotel: #{hotel.name}


Book hotel: #{hotel.name}


Confirm: #{booking.description}



Note that if this file is missing, the Seam application will continue to work perfectly! The only
missing functionality will be the ability to switch workspaces.

8.10.2. Workspace management and jPDL pageflow
When you use a jPDL pageflow definition, Seam switches to a conversation by restoring the
current jBPM process state. This is a more flexible model since it allows the same view-id to have
different descriptions depending upon the current  node. The description text is defined
by the  node:






DVD Search: #{search.searchPattern}




Purchase: $#{cart.total}







161

Chapter 8. Conversations and ...



8.10.3. The conversation switcher
Include the following fragment in your JSF page to get a drop-down menu that lets you switch to
any current conversation, or to any other page of the application:








In this example, we have a menu that includes an item for each conversation, together with two
additional items that let the user begin a new conversation.
Only conversations with a description (specified in pages.xml) will be included in the drop-down
menu.

8.10.4. The conversation list
The conversation list is very similar to the conversation switcher, except that it is displayed as
a table:



Workspace



162

Breadcrumbs



Activity









Action





We imagine that you will want to customize this for your own application.

Only conversations with a description will be included in the list.
Notice that the conversation list lets the user destroy workspaces.

8.10.5. Breadcrumbs
Breadcrumbs are useful in applications which use a nested conversation model. The breadcrumbs
are a list of links to conversations in the current conversation stack:






164

Concurrent calls to conversational components


Row: #{uiComponent['lineItemTable'].rowIndex}

...


JSF UI components are available with their client identifier in this map.

8.12. Concurrent calls to conversational components
A general discussion of concurrent calls to Seam components can be found in Section 5.1.10,
“Concurrency model”. Here we will discuss the most common situation in which you will encounter
concurrency — accessing conversational components from AJAX requests. We're going to
discuss the options that a Ajax client library should provide to control events originating at the
client — and we'll look at the options RichFaces gives you.
Conversational components don't allow real concurrent access therefore Seam queues each
request to process them serially. This allows each request to be executed in a deterministic
fashion. However, a simple queue isn't that great — firstly, if a method is, for some reason, taking a
very long time to complete, running it over and over again whenever the client generates a request
is bad idea (potential for Denial of Service attacks), and, secondly, AJAX is often to used to provide
a quick status update to the user, so continuing to run the action after a long time isn't useful.
Therefore, when you are working inside a long running conversation, Seam queues the action
event for a period of time (the concurrent request timeout); if it can't process the event in time, it
creates a temporary conversation and prints out a message to the user to let them know what's
going on. It's therefore very important not to flood the server with AJAX events!
We can set a sensible default for the concurrent request timeout (in ms) in components.xml:



We can also fine tune the concurrent request timeout on a page-by-page basis:



So far we've discussed AJAX requests which appear serial to the user - the client tells the server
that an event has occur, and then rerenders part of the page based on the result. This approach
is great when the AJAX request is lightweight (the methods called are simple e.g. calculating the

165

Chapter 8. Conversations and ...

sum of a column of numbers). But what if we need to do a complex computation that is going
to take a minute?
For heavy computation we should use a poll based approach — the client sends an AJAX request
to the server, which causes action to be executed asynchronously on the server (the response
to the client is immediate) and the client then polls the server for updates. This is good approach
when you have a long-running action for which it is important that every action executes (you don't
want some to timeout).

8.12.1. How should we design our conversational AJAX
application?
Well first, you need to decide whether you want to use the simpler "serial" request or whether you
want to use a polling approach.
If you go for a "serial" requests, then you need to estimate how long your request will take to
complete - is it much shorter than the concurrent request timeout? If not, you probably want to alter
the concurrent request timeout for this page (as discussed above). You probably want a queue
on the client side to prevent flooding the server with requests. If the event occurs often (e.g. a
keypress, onblur of input fields) and immediate update of the client is not a priority you should set
a request delay on the client side. When working out your request delay, factor in that the event
may also be queued on the server side.
Finally, the client library may provide an option to abort unfinished duplicate requests in favor of
the most recent.
Using a poll-style design requires less fine-tuning. You just mark your action method
@Asynchronous and decide on a polling interval:

int total;
// This method is called when an event occurs on the client
// It takes a really long time to execute
@Asynchronous
public void calculateTotal() {
total = someReallyComplicatedCalculation();
}
// This method is called as the result of the poll
// It's very quick to execute
public int getTotal() {
return total;
}

166

Dealing with errors

8.12.2. Dealing with errors
However carefully you design your application to queue concurrent requests to your
conversational component, there is a risk that the server will become overloaded and be unable to
process all the requests before the request will have to wait longer than the concurrent-requesttimeout. In this case Seam will throw a ConcurrentRequestTimeoutException which can be
handled in pages.xml. We recommend sending an HTTP 503 error:





503 Service Unavailable (HTTP/1.1 RFC)
The server is currently unable to handle the request due to a temporary overloading
or maintenance of the server. The implication is that this is a temporary condition
which will be alleviated after some delay.

Alternatively you could redirect to an error page:




The server is too busy to process your request, please try again later



Seam Remoting and JSF 2 can both handle HTTP error codes. Seam Remoting will pop up a
dialog box showing the HTTP error. JSF 2 provides support for handling HTTP errors by providing
a user definable callback. For example, to show the error message to the user:



167

Chapter 8. Conversations and ...

JSF 2 javascript documentation
More details about JSF 2 javascript API can be seen
javaserverfaces.java.net/nonav/docs/2.0/jsdocs/symbols/jsf.ajax.html

at

http://

If instead of an error code, the server reports that the view has expired, perhaps
because the session timed out, you can use a standard javax.faces.context.ExceptionHandler
[http://docs.oracle.com/javaee/6/api/javax/faces/context/ExceptionHandler.html] to handle this
scenario.

168

Chapter 9.

Pageflows and business processes
JBoss jBPM is a business process management engine for any Java SE or EE environment. jBPM
lets you represent a business process or user interaction as a graph of nodes representing wait
states, decisions, tasks, web pages, etc. The graph is defined using a simple, very readable, XML
dialect called jPDL, and may be edited and visualised graphically using an eclipse plugin. jPDL
is an extensible language, and is suitable for a range of problems, from defining web application
page flow, to traditional workflow management, all the way up to orchestration of services in a
SOA environment.
Seam applications use jBPM for two different problems:
• Defining the pageflow involved in complex user interactions. A jPDL process definition defines
the page flow for a single conversation. A Seam conversation is considered to be a relatively
short-running interaction with a single user.
• Defining the overarching business process. The business process may span multiple
conversations with multiple users. Its state is persistent in the jBPM database, so it is considered
long-running. Coordination of the activities of multiple users is a much more complex problem
than scripting an interaction with a single user, so jBPM offers sophisticated facilities for task
management and dealing with multiple concurrent paths of execution.
Don't get these two things confused! They operate at very different levels or granularity. Pageflow,
conversation and task all refer to a single interaction with a single user. A business process spans
many tasks. Futhermore, the two applications of jBPM are totally orthogonal. You can use them
together or independently or not at all.
You don't have to know jPDL to use Seam. If you're perfectly happy defining pageflow using JSF
or Seam navigation rules, and if your application is more data-driven that process-driven, you
probably don't need jBPM. But we're finding that thinking of user interaction in terms of a welldefined graphical representation is helping us build more robust applications.

9.1. Pageflow in Seam
There are two ways to define pageflow in Seam:
• Using JSF or Seam navigation rules - the stateless navigation model
• Using jPDL - the stateful navigation model
Very simple applications will only need the stateless navigation model. Very complex applications
will use both models in different places. Each model has its strengths and weaknesses!

9.1.1. The two navigation models
The stateless model defines a mapping from a set of named, logical outcomes of an event directly
to the resulting page of the view. The navigation rules are entirely oblivious to any state held by the

169

Chapter 9. Pageflows and busi...

application other than what page was the source of the event. This means that your action listener
methods must sometimes make decisions about the page flow, since only they have access to
the current state of the application.
Here is an example page flow definition using JSF navigation rules:


/numberGuess.xhtml

guess
/numberGuess.xhtml



win
/win.xhtml



lose
/lose.xhtml




Here is the same example page flow definition using Seam navigation rules:













170

The two navigation models




If you find navigation rules overly verbose, you can return view ids directly from your action listener
methods:

public String guess() {
if (guess==randomNumber) return "/win.xhtml";
if (++guessCount==maxGuesses) return "/lose.xhtml";
return null;
}

Note that this results in a redirect. You can even specify parameters to be used in the redirect:

public String search() {
return "/searchResults.xhtml?searchPattern=#{searchAction.searchPattern}";
}

The stateful model defines a set of transitions between a set of named, logical application states.
In this model, it is possible to express the flow of any user interaction entirely in the jPDL
pageflow definition, and write action listener methods that are completely unaware of the flow of
the interaction.
Here is an example page flow definition using jPDL:














171

Chapter 9. Pageflows and busi...














There are two things we notice immediately here:
• The JSF/Seam navigation rules are much simpler. (However, this obscures the fact that the
underlying Java code is more complex.)
• The jPDL makes the user interaction immediately understandable, without us needing to even
look at the facelets template or Java code.

172

Seam and the back button

In addition, the stateful model is more constrained. For each logical state (each step in the page
flow), there are a constrained set of possible transitions to other states. The stateless model is
an ad hoc model which is suitable to relatively unconstrained, freeform navigation where the user
decides where he/she wants to go next, not the application.
The stateful/stateless navigation distinction is quite similar to the traditional view of modal/
modeless interaction. Now, Seam applications are not usually modal in the simple sense of
the word - indeed, avoiding application modal behavior is one of the main reasons for having
conversations! However, Seam applications can be, and often are, modal at the level of a particular
conversation. It is well-known that modal behavior is something to avoid as much as possible; it
is very difficult to predict the order in which your users are going to want to do things! However,
there is no doubt that the stateful model has its place.
The biggest contrast between the two models is the back-button behavior.

9.1.2. Seam and the back button
When JSF or Seam navigation rules are used, Seam lets the user freely navigate via the back,
forward and refresh buttons. It is the responsibility of the application to ensure that conversational
state remains internally consistent when this occurs. Experience with the combination of web
application frameworks like Struts or WebWork - that do not support a conversational model and stateless component models like EJB stateless session beans or the Spring framework has
taught many developers that this is close to impossible to do! However, our experience is that
in the context of Seam, where there is a well-defined conversational model, backed by stateful
session beans, it is actually quite straightforward. Usually it is as simple as combining the use
of no-conversation-view-id with null checks at the beginning of action listener methods. We
consider support for freeform navigation to be almost always desirable.
In this case, the no-conversation-view-id declaration goes in pages.xml. It tells Seam to
redirect to a different page if a request originates from a page rendered during a conversation,
and that conversation no longer exists:



On the other hand, in the stateful model, using the back button is interpreted as an undefined
transition back to a previous state. Since the stateful model enforces a defined set of transitions
from the current state, the back button is not permitted by default in the stateful model! Seam
transparently detects the use of the back button, and blocks any attempt to perform an action from
a previous, "stale" page, and simply redirects the user to the "current" page (and displays a faces
message). Whether you consider this a feature or a limitation of the stateful model depends upon
your point of view: as an application developer, it is a feature; as a user, it might be frustrating!
You can enable backbutton navigation from a particular page node by setting back="enabled".

173

Chapter 9. Pageflows and busi...







This allows navigation via the back button from the checkout state to any previous state!

Note
If a page is set to redirect after a transition, it is not possible to use the back button
to return to that page even when back is enabled on a page later in the flow. The
reason is because Seam stores information about the pageflow in the page scope
and the back button must result in a POST for that information to be restored (i.e.,
a Faces request). A redirect severs this linkage.

Of course, we still need to define what happens if a request originates from a page rendered
during a pageflow, and the conversation with the pageflow no longer exists. In this case, the noconversation-view-id declaration goes into the pageflow definition:







In practice, both navigation models have their place, and you'll quickly learn to recognize when
to prefer one model over the other.

9.2. Using jPDL pageflows
9.2.1. Installing pageflows
We need to install the Seam jBPM-related components, and place the pageflow definitions
(using the standard .jpdl.xml extension) inside a Seam archive (an archive which contains a
seam.properties file):

174

Starting pageflows



We can also explicitly tell Seam where to find our pageflow definition. We specify this in
components.xml:



pageflow.jpdl.xml



9.2.2. Starting pageflows
We "start" a jPDL-based pageflow by specifying the name of the process definition using a @Begin,
@BeginTask or @StartTask annotation:

@Begin(pageflow="numberguess")
public void begin() { ... }

Alternatively we can start a pageflow using pages.xml:





If we are beginning the pageflow during the RENDER_RESPONSE phase — during a @Factory or
@Create method, for example — we consider ourselves to be already at the page being rendered,
and use a  node as the first node in the pageflow, as in the example above.
But if the pageflow is begun as the result of an action listener invocation, the outcome of the action
listener determines which is the first page to be rendered. In this case, we use a 
as the first node in the pageflow, and declare a transition for each possible outcome:







175

Chapter 9. Pageflows and busi...





...





9.2.3. Page nodes and transitions
Each  node represents a state where the system is waiting for user input:








The view-id is the JSF view id. The  element has the same effect as  in a JSF navigation rule: namely, a post-then-redirect behavior, to overcome problems with the
browser's refresh button. (Note that Seam propagates conversation contexts over these browser
redirects. So there is no need for a Ruby on Rails style "flash" construct in Seam!)
The transition name is the name of a JSF outcome triggered by clicking a command button or
command link in numberGuess.jsp.



When the transition is triggered by clicking this button, jBPM will activate the transition action
by calling the guess() method of the numberGuess component. Notice that the syntax used for
specifying actions in the jPDL is just a familiar JSF EL expression, and that the transition action
handler is just a method of a Seam component in the current Seam contexts. So we have exactly
the same event model for jBPM events that we already have for JSF events! (The One Kind of
Stuff principle.)

176

Controlling the flow

In the case of a null outcome (for example, a command button with no action defined), Seam will
signal the transition with no name if one exists, or else simply redisplay the page if all transitions
have names. So we could slightly simplify our example pageflow and this button:



Would fire the following un-named transition:








It is even possible to have the button call an action method, in which case the action outcome will
determine the transition to be taken:








However, this is considered an inferior style, since it moves responsibility for controlling the flow
out of the pageflow definition and back into the other components. It is much better to centralize
this concern in the pageflow itself.

9.2.4. Controlling the flow
Usually, we don't need the more powerful features of jPDL when defining pageflows. We do need
the  node, however:






177

Chapter 9. Pageflows and busi...

A decision is made by evaluating a JSF EL expression in the Seam contexts.

9.2.5. Ending the flow
We end the conversation using  or @End. (In fact, for readability, use of both
is encouraged.)






Optionally, we can end a task, specify a jBPM transition name. In this case, Seam will signal
the end of the current task in the overarching business process.






9.2.6. Pageflow composition
It is possible to compose pageflows and have one pageflow pause pause while another pageflow
executes. The  node pauses the outer pageflow, and begins execution of a
named pageflow:






The inner flow begins executing at a  node. When it reaches an 
node, execution of the inner flow ends, and execution of the outer flow resumes with the transition
defined by the  element.

9.3. Business process management in Seam
A business process is a well-defined set of tasks that must be performed by users or software
systems according to well-defined rules about who can perform a task, and when it should
be performed. Seam's jBPM integration makes it easy to display lists of tasks to users and
let them manage their tasks. Seam also lets the application store state associated with the

178

Business process management in Seam

business process in the BUSINESS_PROCESS context, and have that state made persistent via jBPM
variables.
A simple business process definition looks much the same as a page flow definition (One Kind
of Stuff), except that instead of  nodes, we have  nodes. In a long-running
business process, the wait states are where the system is waiting for some user to log in and
perform a task.














179

Chapter 9. Pageflows and busi...

It is perfectly possible that we might have both jPDL business process definitions and jPDL
pageflow definitions in the same project. If so, the relationship between the two is that a single
 in a business process corresponds to a whole pageflow 

9.4. Using jPDL business process definitions
9.4.1. Installing process definitions
We need to install jBPM, and tell it where to find the business process definitions:



todo.jpdl.xml



As jBPM processes are persistent across application restarts, when using Seam in a production
environment you won't want to install the process definition every time the application starts.
Therefore, in a production environment, you'll need to deploy the process to jBPM outside of
Seam. In other words, only install process definitions from components.xml when developing your
application.

9.4.2. Initializing actor ids
We always need to know what user is currently logged in. jBPM "knows" users by their actor id and
group actor ids. We specify the current actor ids using the built in Seam component named actor:

@In Actor actor;
public String login() {
...
actor.setId( user.getUserName() );
actor.getGroupActorIds().addAll( user.getGroupNames() );
...
}

9.4.3. Initiating a business process
To initiate a business process instance, we use the @CreateProcess annotation:

@CreateProcess(definition="todo")

180

Task assignment

public void createTodo() { ... }

Alternatively we can initiate a business process using pages.xml:





9.4.4. Task assignment
When a process reaches a task node, task instances are created. These must be assigned to
users or user groups. We can either hardcode our actor ids, or delegate to a Seam component:





In this case, we have simply assigned the task to the current user. We can also assign tasks to
a pool:





9.4.5. Task lists
Several

built-in

Seam

components

make

it

easy

to

display

task

lists.

The

pooledTaskInstanceList is a list of pooled tasks that users may assign to themselves:



Description






181

Chapter 9. Pageflows and busi...



Note that instead of  we could have used a plain JSF :





The pooledTask component is a built-in component that simply assigns the task to the current
user.
The taskInstanceListForType component includes tasks of a particular type that are assigned
to the current user:



Description







9.4.6. Performing a task
To begin work on a task, we use either @StartTask or @BeginTask on the listener method:

@StartTask
public String start() { ... }

Alternatively we can begin work on a task using pages.xml:





182

Performing a task

These annotations begin a special kind of conversation that has significance in terms of the
overarching business process. Work done by this conversation has access to state held in the
business process context.
If we end the conversation using @EndTask, Seam will signal the completion of the task:

@EndTask(transition="completed")
public String completed() { ... }

Alternatively we can use pages.xml:





You can also use EL to specify the transition in pages.xml.
At this point, jBPM takes over and continues executing the business process definition. (In more
complex processes, several tasks might need to be completed before process execution can
resume.)
Please refer to the jBPM documentation for a more thorough overview of the sophisticated features
that jBPM provides for managing complex business processes.

183

184

Chapter 10.

Seam and Object/Relational Mapping
Seam provides extensive support for the two most popular persistence architectures for Java:
Hibernate, and the Java Persistence API 2.0 introduced with EJB 3.1. Seam's unique statemanagement architecture allows the most sophisticated ORM integration of any web application
framework.

10.1. Introduction
Seam grew out of the frustration of the Hibernate team with the statelessness typical of
the previous generation of Java application architectures. The state management architecture
of Seam was originally designed to solve problems relating to persistence — in particular
problems associated with optimistic transaction processing. Scalable online applications always
use optimistic transactions. An atomic (database/JTA) level transaction should not span a user
interaction unless the application is designed to support only a very small number of concurrent
clients. But almost all interesting work involves first displaying data to a user, and then, slightly
later, updating the same data. So Hibernate was designed to support the idea of a persistence
context which spanned an optimistic transaction.
Unfortunately, the so-called "stateless" architectures that preceded Seam and EJB 3.0 had no
construct for representing an optimistic transaction. So, instead, these architectures provided
persistence contexts scoped to the atomic transaction. Of course, this resulted in many problems
for users, and is the cause of the number one user complaint about Hibernate: the dreaded
LazyInitializationException. What we need is a construct for representing an optimistic
transaction in the application tier.
EJB 3.0 recognizes this problem, and introduces the idea of a stateful component (a stateful
session bean) with an extended persistence context scoped to the lifetime of the component. This
is a partial solution to the problem (and is a useful construct in and of itself) however there are
two problems:

• The lifecycle of the stateful session bean must be managed manually via code in the web tier
(it turns out that this is a subtle problem and much more difficult in practice than it sounds).
• Propagation of the persistence context between stateful components in the same optimistic
transaction is possible, but tricky.
Seam solves the first problem by providing conversations, and stateful session bean components
scoped to the conversation. (Most conversations actually represent optimistic transactions in the
data layer.) This is sufficient for many simple applications (such as the Seam booking demo) where
persistence context propagation is not needed. For more complex applications, with many looselyinteracting components in each conversation, propagation of the persistence context across
components becomes an important issue. So Seam extends the persistence context management
model of EJB 3.0, to provide conversation-scoped extended persistence contexts.

185

Chapter 10. Seam and Object/R...

10.2. Seam managed transactions
EJB session beans feature declarative transaction management. The EJB container is able to start
a transaction transparently when the bean is invoked, and end it when the invocation ends. If we
write a session bean method that acts as a JSF action listener, we can do all the work associated
with that action in one transaction, and be sure that it is committed or rolled back when we finish
processing the action. This is a great feature, and all that is needed by some Seam applications.
However, there is a problem with this approach. A Seam application may not perform all data
access for a request from a single method call to a session bean.
• The request might require processing by several loosely-coupled components, each of which
is called independently from the web layer. It is common to see several or even many calls per
request from the web layer to EJB components in Seam.
• Rendering of the view might require lazy fetching of associations.
The more transactions per request, the more likely we are to encounter atomicity and isolation
problems when our application is processing many concurrent requests. Certainly, all write
operations should occur in the same transaction!
Hibernate users developed the "open session in view" pattern to work around this problem. In
the Hibernate community, "open session in view" was historically even more important because
frameworks like Spring use transaction-scoped persistence contexts. So rendering the view would
cause LazyInitializationExceptions when unfetched associations were accessed.
This pattern is usually implemented as a single transaction which spans the entire request. There
are several problems with this implementation, the most serious being that we can never be sure
that a transaction is successful until we commit it — but by the time the "open session in view"
transaction is committed, the view is fully rendered, and the rendered response may already have
been flushed to the client. How can we notify the user that their transaction was unsuccessful?
Seam solves both the transaction isolation problem and the association fetching problem, while
working around the problems with "open session in view". The solution comes in two parts:
• use an extended persistence context that is scoped to the conversation, instead of to the
transaction
• use two transactions per request; the first spans the beginning of the restore view phase (some
transaction managers begin the transaction later at the beginning of the apply request values
phase) until the end of the invoke application phase; the second spans the render response
phase
In the next section, we'll tell you how to set up a conversation-scope persistence context. But
first we need to tell you how to enable Seam transaction management. Note that you can use
conversation-scoped persistence contexts without Seam transaction management, and there are
good reasons to use Seam transaction management even when you're not using Seam-managed

186

Disabling Seam-managed transactions

persistence contexts. However, the two facilities were designed to work together, and work best
when used together.
Seam transaction management is useful even if you're using EJB 3.0 container-managed
persistence contexts. But it is especially useful if you use Seam outside a Java EE environment,
or in any other case where you would use a Seam-managed persistence context.

10.2.1. Disabling Seam-managed transactions
Seam transaction management is enabled by default for all JSF requests. If you want to disable
this feature, you can do it in components.xml:




10.2.2. Configuring a Seam transaction manager
Seam provides a transaction management abstraction for beginning, committing, rolling back,
and synchronizing with a transaction. By default Seam uses a JTA transaction component that
integrates with Container Managed and programmatic EJB transactions. If you are working in a
Java EE environment, you should install the EJB synchronization component in components.xml:



However, if you are working in a non EE 5 container, Seam will try auto detect the transaction
synchronization mechanism to use. However, if Seam is unable to detect the correct transaction
synchronization to use, you may find you need configure one of the following:

• JPA RESOURCE_LOCAL transactions with the javax.persistence.EntityTransaction
interface. EntityTransaction begins the transaction at the beginning of the apply request
values phase.
• Hibernate

transactions with the org.hibernate.Transaction interface.
HibernateTransaction begins the transaction at the beginning of the apply request values
phase.

• Spring

managed

managed

transactions

with
the
org.springframework.transaction.PlatformTransactionManager interface. The Spring
PlatformTransactionManagement manager may begin the transaction at the beginning of the
apply request values phase if the userConversationContext attribute is set.

• Explicitly disable Seam managed transactions

187

Chapter 10. Seam and Object/R...

Configure JPA RESOURCE_LOCAL transaction management by adding the following to your
components.xml where #{em} is the name of the persistence:managed-persistence-context
component. If your managed persistence context is named entityManager, you can opt to leave
out the entity-manager attribute. (see Seam-managed persistence contexts )



To configure Hibernate managed transactions declare the following in your components.xml where
#{hibernateSession} is the name of the project's persistence:managed-hibernate-session
component. If your managed hibernate session is named session, you can opt to leave out the
session attribute. (see Seam-managed persistence contexts )



To explicitly disable Seam managed transactions declare the following in your components.xml:



For configuring Spring managed transactions see using Spring PlatformTransactionManagement .

10.2.3. Transaction synchronization
Transaction synchronization provides callbacks for transaction related events such as
beforeCompletion() and afterCompletion(). By default, Seam uses it's own transaction
synchronization component which requires explicit use of the Seam transaction component when
committing a transaction to ensure synchronization callbacks are correctly executed. If in a
Java EE environment the  component should be declared
in components.xml to ensure that Seam synchronization callbacks are correctly called if the
container commits a transaction outside of Seam's knowledge.

10.3. Seam-managed persistence contexts
If you're using Seam outside of a Java EE environment, you can't rely upon the container to
manage the persistence context lifecycle for you. Even if you are in an EE 5 environment, you
might have a complex application with many loosly coupled components that collaborate together
in the scope of a single conversation, and in this case you might find that propagation of the
persistence context between component is tricky and error-prone.
In either case, you'll need to use a managed persistence context (for JPA) or a managed session
(for Hibernate) in your components. A Seam-managed persistence context is just a built-in Seam
component that manages an instance of EntityManager or Session in the conversation context.
You can inject it with @In.

188

Using a Seam-managed persistence context with JPA

Seam-managed persistence contexts are extremely efficient in a clustered environment. Seam
is able to perform an optimization that EJB 3.0 specification does not allow containers to use
for container-managed extended persistence contexts. Seam supports transparent failover of
extended persistence contexts, without the need to replicate any persistence context state
between nodes. (We hope to fix this oversight in the next revision of the EJB spec.)

10.3.1. Using a Seam-managed persistence context with JPA
Configuring a managed persistence context is easy. In components.xml, we can write:



This configuration creates a conversation-scoped Seam component named bookingDatabase
that manages the lifecycle of EntityManager instances for the persistence unit
(EntityManagerFactory instance) with JNDI name java:/EntityManagerFactories/
bookingData.
Of course, you need to make sure that you have bound the EntityManagerFactory into JNDI. In
JBoss, you can do this by adding the following property setting to persistence.xml.



Now we can have our EntityManager injected using:

@In EntityManager bookingDatabase;

If you are using EJB3 and mark your class or method @TransactionAttribute(REQUIRES_NEW)
then the transaction and persistence context shouldn't be propagated to method calls on this
object. However as the Seam-managed persistence context is propagated to any component
within the conversation, it will be propagated to methods marked REQUIRES_NEW. Therefore,
if you mark a method REQUIRES_NEW then you should access the entity manager using
@PersistenceContext.

10.3.2. Using a Seam-managed Hibernate session
Seam-managed Hibernate sessions are similar. In components.xml:



189

Chapter 10. Seam and Object/R...



Where java:/bookingSessionFactory is the name of the session factory specified in
hibernate.cfg.xml.


true
after_statement

property
me="transaction.manager_lookup_class">org.hibernate.transaction.JBossTransactionManagerLookup
org.hibernate.transaction.JTATransactionFactory
java:/bookingDatasource
...


Note

that

Seam

does

not

flush

the

session, so you should always enable
hibernate.transaction.flush_before_completion to ensure that the session is automatically
flushed before the JTA transaction commits.
We can now have a managed Hibernate Session injected into our JavaBean components using
the following code:

@In Session bookingDatabase;

10.3.3. Seam-managed persistence contexts and atomic
conversations
Persistence contexts scoped to the conversation allows you to program optimistic transactions
that span multiple requests to the server without the need to use the merge() operation , without
the need to re-load data at the beginning of each request, and without the need to wrestle with
the LazyInitializationException or NonUniqueObjectException.
As with any optimistic transaction management, transaction isolation and consistency can be
achieved via use of optimistic locking. Fortunately, both Hibernate and EJB 3.0 make it very easy
to use optimistic locking, by providing the @Version annotation.

190

Seam-managed persistence contexts and atomic conversations

By default, the persistence context is flushed (synchronized with the database) at the end of
each transaction. This is sometimes the desired behavior. But very often, we would prefer
that all changes are held in memory and only written to the database when the conversation
ends successfully. This allows for truly atomic conversations. As the result of a truly stupid
and shortsighted decision by certain non-JBoss, non-Sun and non-Sybase members of the EJB
3.0 expert group, there is currently no simple, usable and portable way to implement atomic
conversations using EJB 3.0 persistence. However, Hibernate provides this feature as a vendor
extension to the FlushModeTypes defined by the specification, and it is our expectation that other
vendors will soon provide a similar extension.
Seam lets you specify FlushModeType.MANUAL when beginning a conversation. Currently, this
works only when Hibernate is the underlying persistence provider, but we plan to support other
equivalent vendor extensions.

@In EntityManager em; //a Seam-managed persistence context
@Begin(flushMode=MANUAL)
public void beginClaimWizard() {
claim = em.find(Claim.class, claimId);
}

Now, the claim object remains managed by the persistence context for the rest ot the
conversation. We can make changes to the claim:

public void addPartyToClaim() {
Party party = ....;
claim.addParty(party);
}

But these changes will not be flushed to the database until we explicitly force the flush to occur:

@End
public void commitClaim() {
em.flush();
}

Of course, you could set the flushMode to MANUAL from pages.xml, for example in a navigation
rule:

191

Chapter 10. Seam and Object/R...



You can set any Seam Managed Persistence Context to use manual flush mode:





Warning
if you use SMPC in your Stateful bean, manual flush mode is ignored as this mode
is specific Hibernate extension to JPA specification. Seam can’t control the flush
mode of the persistence context on an SFSB - that means no manual flushing on
SFSB!

10.4. Using the JPA "delegate"
The EntityManager interface lets you access a vendor-specific API via the getDelegate()
method. Naturally, the most interesting vendor is Hibernate, and the most powerful delegate
interface is org.hibernate.Session. You'd be nuts to use anything else. Trust me, I'm not biased
at all. If you must use a different JPA provider see Using Alternate JPA Providers.
But regardless of whether you're using Hibernate (genius!) or something else (masochist, or just
not very bright), you'll almost certainly want to use the delegate in your Seam components from
time to time. One approach would be the following:

@In EntityManager entityManager;
@Create
public void init() {
( (Session) entityManager.getDelegate() ).enableFilter("currentVersions");
}

But typecasts are unquestionably the ugliest syntax in the Java language, so most people avoid
them whenever possible. Here's a different way to get at the delegate. First, add the following
line to components.xml:



Now we can inject the session directly:

@In Session session;
@Create
public void init() {
session.enableFilter("currentVersions");
}

10.5. Using EL in EJB-QL/HQL
Seam proxies the EntityManager or Session object whenever you use a Seammanaged persistence context or inject a container managed persistence context using
@PersistenceContext. This lets you use EL expressions in your query strings, safely and
efficiently. For example, this:

User user = em.createQuery("from User where username=#{user.username}")
.getSingleResult();

is equivalent to:

User user = em.createQuery("from User where username=:username")
.setParameter("username", user.getUsername())
.getSingleResult();

Of course, you should never, ever write it like this:

User user = em.createQuery("from User where username=" + user.getUsername()) //BAD!
.getSingleResult();

(It is inefficient and vulnerable to SQL injection attacks.)

193

Chapter 10. Seam and Object/R...

10.6. Using Hibernate filters
The coolest, and most unique, feature of Hibernate is filters. Filters let you provide a restricted view
of the data in the database. You can find out more about filters in the Hibernate documentation.
But we thought we'd mention an easy way to incorporate filters into a Seam application, one that
works especially well with the Seam Application Framework.
Seam-managed persistence contexts may have a list of filters defined, which will be enabled
whenever an EntityManager or Hibernate Session is first created. (Of course, they may only be
used when Hibernate is the underlying persistence provider.)


region

regionCode
#{region.code}



current

date
#{currentDate}




#{regionFilter}
#{currentFilter}



194

Chapter 11.

JSF form validation in Seam
In plain JSF, validation is defined in the view:




Country:





Zip code:







In practice, this approach usually violates DRY, since most "validation" actually enforces
constraints that are part of the data model, and exist all the way down to the database schema
definition. Seam provides support for model-based constraints defined using Bean Validation.
Let's start by defining our constraints, on our Location class:

public class Location {
private String country;
private String zip;
@NotNull
@Size(max=30)
public String getCountry() { return country; }
public void setCountry(String c) { country = c; }
@NotNull
@Size(max=6)
@Pattern("^\d*$")

195

Chapter 11. JSF form validati...

public String getZip() { return zip; }
public void setZip(String z) { zip = z; }
}

Well, that's a decent first cut, but in practice it might be more elegant to use custom constraints
instead of the ones built into Bean Validation:

public class Location {
private String country;
private String zip;
@NotNull
@Country
public String getCountry() { return country; }
public void setCountry(String c) { country = c; }
@NotNull
@ZipCode
public String getZip() { return zip; }
public void setZip(String z) { zip = z; }
}

Whichever route we take, we no longer need to specify the type of validation to be used in the
JSF page. Instead, we can use  to validate against the constraint defined on the
model object.




Country:





Zip code:





196




Note: specifying @NotNull on the model does not eliminate the requirement for required="true"
to appear on the control! This is due to a limitation of the JSF validation architecture.
This approach defines constraints on the model, and presents constraint violations in the view —
a significantly better design.
However, it is not much less verbose than what we started with, so let's try :





Country:



Zip code:






This tag simply adds an  to every input in the form. For a large form, it can save
a lot of typing!
Now we need to do something about displaying feedback to the user when validation fails.
Currently we are displaying all messages at the top of the form. In order for the user to correlate
the message with an input, you need to define a label using the standard label attribute on the
input component.

197

Chapter 11. JSF form validati...





You can then inject this value into the message string using the placeholder {0} (the first and only
parameter passed to a JSF message for a Bean Validation restriction). See the internationalization
section for more information regarding where to define these messages.

validator.length={0} length must be between {min} and {max}

What we would really like to do, though, is display the message next to the field with the error (this
is possible in plain JSF), highlight the field and label (this is not possible) and, for good measure,
display some image next to the field (also not possible). We also want to display a little colored
asterisk next to the label for each required form field. Using this approach, the identifying label
is not necessary.
That's quite a lot of functionality we need for each field of our form. We wouldn't want to have to
specify highlighting and the layout of the image, message and input field for every field on the
form. So, instead, we'll specify the common layout in a facelets template:





*









198




We can include this template for each of our form fields using .




Country:



Zip code:





Finally, we can use RichFaces Ajax to display validation messages as the user is navigating
around the form:




Country:





Zip code:


199

Chapter 11. JSF form validati...







It's better style to define explicit ids for important controls on the page, especially if you want to
do automated testing for the UI, using some toolkit like Selenium. If you don't provide explicit ids,
JSF will generate them, but the generated values will change if you change anything on the page.




Country:





Zip code:







And what if you want to specify a different message to be displayed when validation fails? You
can use the Seam message bundle (and all it's goodies like el expressions inside the message,
and per-view message bundles) with the Bean Validation:

public class Location {
private String name;
private String zip;

200

// Getters and setters for name
@NotNull
@Size(max=6)
@ZipCode(message="#{messages['location.zipCode.invalid']}")
public String getZip() { return zip; }
public void setZip(String z) { zip = z; }
}

location.zipCode.invalid = The zip code is not valid for #{location.name}

201

202

Chapter 12.

Groovy integration
One aspect of JBoss Seam is its RAD (Rapid Application Development) capability. While not
synonymous with RAD, one interesting tool in this space is dynamic languages. Until recently,
choosing a dynamic language was required choosing a completely different development platform
(a development platform with a set of APIs and a runtime so great that you would no longer want to
use you old legacy Java [sic] APIs anymore, which would be lucky because you would be forced to
use those proprietary APIs anyway). Dynamic languages built on top of the Java Virtual Machine,
and Groovy [http://groovy.codehaus.org] in particular broke this approach in silos.
JBoss Seam now unites the dynamic language world with the Java EE world by seamlessly
integrating both static and dynamic languages. JBoss Seam lets the application developer use
the best tool for the task, without context switching. Writing dynamic Seam components is exactly
like writing regular Seam components. You use the same annotations, the same APIs, the same
everything.

12.1. Groovy introduction
Groovy is an agile dynamic language based on the Java language but with additional features
inspired by Python, Ruby and Smalltalk. The strengths of Groovy are twofold:

• Java syntax is supported in Groovy: Java code is Groovy code, making the learning curve very
smooth
• Groovy objects are Java objects, and Groovy classes are Java classes: Groovy integrates
smoothly with existing Java libraries and frameworks.

12.2. Writing Seam applications in Groovy
There is not much to say about it. Since a Groovy object is a Java object, you can virtually write
any Seam component, or any class for what it worth, in Groovy and deploy it. You can also mix
Groovy classes and Java classes in the same application.

12.2.1. Writing Groovy components
As you should have noticed by now, Seam uses annotations heavily. Be sure to use Groovy 1.1 or
above for annotation support. Here are some example of groovy code used in a Seam application.

12.2.1.1. Entity
@Entity
@Name("hotel")
class Hotel implements Serializable

203

Chapter 12. Groovy integration

{
@Id @GeneratedValue
Long id
@Size(max=50) @NotNull
String name
@Size(max=100) @NotNull
String address
@Size(max=40) @NotNull
String city
@Size(min=2, max=10) @NotNull
String state
@Size(min=4, max=6) @NotNull
String zip
@Size(min=2, max=40) @NotNull
String country
@Column(precision=6, scale=2)
BigDecimal price
@Override
String toString()
{
return "Hotel(Seam Reference Guide,${address},${city},${zip})"
}
}

Groovy natively support the notion of properties (getter/setter), so there is no need to explicitly
write verbose getters and setters: in the previous example, the hotel class can be accessed from
Java as hotel.getCity(), the getters and setters being generated by the Groovy compiler. This
type of syntactic sugar makes the entity code very concise.

12.2.1.2. Seam component
Writing Seam components in Groovy is in no way different than in Java: annotations are used to
mark the class as a Seam component.

@Scope(ScopeType.SESSION)
@Name("bookingList")

204

seam-gen

class BookingListAction implements Serializable
{
@In EntityManager em
@In User user
@DataModel List bookings
@DataModelSelection Booking booking
@Logger Log log
@Factory public void getBookings()
{
bookings = em.createQuery('''
select b from Booking b
where b.user.username = :username
order by b.checkinDate''')
.setParameter("username", user.username)
.getResultList()
}
public void cancel()
{
log.info("Cancel booking: #{bookingList.booking.id} for #{user.username}")
Booking cancelled = em.find(Booking.class, booking.id)
if (cancelled != null) em.remove( cancelled )
getBookings()
FacesMessages.instance().add("Booking cancelled for confirmation number
#{bookingList.booking.id}", new Object[0])
}
}

12.2.2. seam-gen
Seam gen has a transparent integration with Groovy. You can write Groovy code in seam-gen
backed projects without any additional infrastructure requirement. When writing a Groovy entity,
simply place your .groovy files in src/main. Unsurprisingly, when writing an action, simply place
your .groovy files in src/hot.

12.3. Deployment
Deploying Groovy classes is very much like deploying Java classes (surprisingly, no need to
write nor comply with a 3-letter composite specification to support a multi-language component
framework).
Beyond standard deployments, JBoss Seam has the ability, at development time, to redeploy
JavaBeans Seam component classes without having to restart the application, saving a lot of time

205

Chapter 12. Groovy integration

in the development / test cycle. The same support is provided for GroovyBeans Seam components
when the .groovy files are deployed.

12.3.1. Deploying Groovy code
A Groovy class is a Java class, with a bytecode representation just like a Java class. To deploy,
a Groovy entity, a Groovy Session bean or a Groovy Seam component, a compilation step is
necessary. A common approach is to use the gmaven-plugin [http://docs.codehaus.org/display/
GMAVEN/Home] maven plugin. Once compiles, a Groovy class is in no way different than a Java
class and the application server will treat them equally. Note that this allow a seamless mix of
Groovy and Java code.

12.3.2. Native .groovy file deployment at development time
JBoss Seam natively supports the deployment of .groovy files (ie without compilation) in
incremental hotdeployment mode (development only). This enables a very fast edit/test cycle. To
set up .groovy deployments, follow the configuration at Section 2.8, “Seam and incremental hot
deployment” and deploy your Groovy code (.groovy files) into the WEB-INF/dev directory. The
GroovyBean components will be picked up incrementally with no need to restart the application
(and obviously not the application server either).
Be aware that the native .groovy file deployment suffers the same limitations as the regular Seam
hotdeployment:

• The components must be JavaBeans or GroovyBeans. They cannot be EJB3 bean
• Entities cannot be hotdeployed
• The hot-deployable components will not be visible to any classes deployed outside of WEB-INF/
dev

• Seam debug mode must be enabled

12.3.3. seam-gen
Seam-gen transparently supports Groovy files deployment and compilation. This includes the
native .groovy file deployment in development mode (compilation-less). If you create a seamgen project of type WAR, Java and Groovy classes in src/hot will automatically be candidate
for the incremental hot deployment. If you are in production mode, the Groovy files will simply be
compiled before deployment.
You will find a live example of the Booking demo written completely in Groovy and supporting
incremental hot deployment in examples/groovybooking.

206

Chapter 13.

Writing your presentation layer
using Apache Wicket
Seam supports Wicket as an alternative presentation layer to JSF. Take a look at the wicket
example in Seam which shows the Booking Example ported to Wicket.

Note
Wicket support is new to Seam, so some features which are available in JSF are
not yet available when you use Wicket (e.g. pageflow). You'll also notice that the
documentation is very JSF-centric and needs reorganization to reflect the first class
support for Wicket.

13.1. Adding Seam to your wicket application
The features added to your Wicket application can be split into two categories: bijection and
orchestration; these are discussed in detail below.
Extensive use of inner classes is common when building Wicket applications, with the component
tree being built in the constructor. Seam fully supports the use of annotation based control in inner
classes and constructors (unlike regular Seam components).
Annotations are processed after any call to a superclass. This mean's that any injected attributes
cannot be passed as an argument in a call to this() or super() .
When a method is called in an inner class, bijection occurs for any class which encloses it. This
allows you to place your bijected variables in the outer class, and refer to them in any inner class.

13.1.1. Bijection
A Seam enabled Wicket application has full access to the all the standard Seam contexts ( EVENT
, CONVERSATION , SESSION , APPLICATION and BUSINESS_PROCESS ).
To access Seam component's from Wicket, you just need to inject it using @In :

@In(create=true)
private HotelBooking hotelBooking;

207

Chapter 13. Writing your pres...

Tip
As your Wicket class isn't a full Seam component, there is no need to annotate
it @Name .

You can also outject an object into the Seam contexts from a Wicket component:

@Out(scope=ScopeType.EVENT, required=false)
private String verify;

TODO Make this more use case driven

13.1.2. Orchestration
You can secure a Wicket component by using the @Restrict annotation. This can be placed
on the outer component or any inner components. If @Restrict is specified, the component will
automatically be restricted to logged in users. You can optionally use an EL expression in the
value attribute to specify a restriction to be applied. For more refer to the Chapter 16, Security .
For example:

@Restrict
public class Main extends WebPage
{
...

Tip
Seam will automatically apply the restriction to any nested classes.

You can demarcate conversations from within a Wicket component through the use of @Begin and
@End . The semantics for these annotations are the same as when used in a Seam component.
You can place @Begin and @End on any method.

Note
The deprecated ifOutcome attribute is not supported.

For example:

208

Setting up your project

item.add(new Link("viewHotel") {
@Override
@Begin
public void onClick() {
hotelBooking.selectHotel(hotel);
setResponsePage(org.jboss.seam.example.wicket.Hotel.class);
}
};

You may have pages in your application which can only be accessed when the user has a longrunning conversation active. To enforce this you can use the @NoConversationPage annotation:

@Restrict
@NoConversationPage(Main.class)
public class Hotel extends WebPage
{

If you want to further decouple your application classes, you can use Seam events. Of course,
you can raise an event using Events.instance().raiseEvent("foo") . Alternatively, you can
annotate a method @RaiseEvent("foo") ; if the method returns a non-null outcome without
exception, the event will be raised.
You can also control tasks and processes in Wicket classes through the use of @CreateProcess
, @ResumeTask , @BeginTask , @EndTask , @StartTask and @Transition .

13.2. Setting up your project
Seam needs to instrument the bytecode of your Wicket classes to be able to intercept the
annotations you use. The first decision to make is: do you want your code instrumented at
runtime as your app is running, or at compile time? The former requires no integration with your
build environment, but has a performance penalty when loading each instrumented class for the
first time. The latter is faster, but requires you to integrate this instrumentation into your build
environment.

13.2.1. Runtime instrumentation
There are two ways to achieve runtime instrumentation. One relies on placing wicket components
to be instrumented in a special folder in your WAR deployment. If this is not acceptable or possible,
you can also use an instrumentation "agent," which you specify in the command line for launching
your container.

209

Chapter 13. Writing your pres...

13.2.1.1. Location-specific instrumentation
Any classes placed in the WEB-INF/wicket folder within your WAR deployment will be
automatically instrumented by the seam-wicket runtime. You can arrange to place your wicket
pages and components here by specifying a separate output folder for those classes in your IDE,
or through the use of ant scripts.

13.2.1.2. Runtime instrumentation agent
The jar file jboss-seam-wicket.jar can be used as an instrumentation agent through the Java
Instrumentation api. This is accomplished through the following steps:
• Arrange for the jboss-seam-wicket.jar file to live in a location for which you have an absolute
path, as the Java Instrumentation API does not allow relative paths when specifying the location
of an agent lib.
• Add javaagent:/path/to/jboss-seam-wicket.jar
launching your webapp container:

to the command line options when

• In addition, you will need to add an environment variable that specifies packages that the agent
should instrument. This is accomplished by a comma separated list of package names:

-Dorg.jboss.seam.wicket.instrumented-packages=my.package.one,my.other.package

Note that if a package A is specified, classes in subpackages of A are also examined. The
classes chosen for instrumentation can be further limited by specifying:

-Dorg.jboss.seam.wicket.scanAnnotations=true

and then marking instrumentable classes with the @SeamWicketComponent annotation, see
Section 13.2.3, “ The @SeamWicketComponent annotation ” .

13.2.2. Compile-time instrumentation
Seam supports instrumentation at compile time through either Apache Ant or Apache Maven.

13.2.2.1. Instrumenting with ant
Seam provides an ant task in the jboss-seam-wicket-ant.jar . This is used in the following
manner:




210

Compile-time instrumentation












This results in the instrumented classes being placed in the directory specified by
${build.instrumented} . You will then need to instruct ant to copy these classes into WEBINF/classes . If you want to hot deploy the Wicket components, you can copy the instrumented
classes to WEB-INF/dev ; if you use hot deploy, make sure that your WicketApplication class is
also hot-deployed. Upon a reload of hot-deployed classes, the entire WicketApplication instance
has to be re-initialized, in order to pick up new references to the classes of mounted pages.
The useAnnotations attribute is used to make the ant task only include classes that
have been marked with the @SeamWicketComponent annotation, see Section 13.2.3, “ The
@SeamWicketComponent annotation ” .

13.2.2.2. Instrumenting with maven
The jboss maven repository repository.jboss.org provides a plugin named seaminstrument-wicket with a process-classes mojo. An example configuration in your pom.xml
might look like:




org.jboss.seam
seam-instrument-wicket
2.2.0

true

your.package.name




instrument

211

Chapter 13. Writing your pres...

process-classes

instrument







The above example illustrates that the instrumentation is limited to classes specified by the
includes element. In this example, the scanAnnotations is specified, see Section 13.2.3, “ The
@SeamWicketComponent annotation ” .

13.2.3. The @SeamWicketComponent annotation
Classes placed in WEB-INF/wicket will unconditionally be instrumented. The other instrumentation
mechanisms all allow you to specify that instrumentation should only be applied to classes
annotated with the @SeamWicketComponent annotation. This annotation is inherited, which means
all subclasses of an annotated class will also be instrumented. An example usage is:

import org.jboss.seam.wicket.ioc.SeamWicketComponent;
@SeamWicketComponent
public class MyPage extends WebPage
{
...
}

13.2.4. Defining the Application
A Wicket web application which uses Seam should use SeamWebApplication as the base
class; this creates hooks into the Wicket lifecycle allowing Seam to automagically propagate the
conversation as needed. It also adds status messages to the page.
For example:
The SeamAuthorizationStrategy delegates authorization to Seam Security, allowing the use of
@Restrict on Wicket components. SeamWebApplication installs the authorization strategy for
you. You can specify the login page by implementing the getLoginPage() method.
You'll also need to set the home page of the application by implementing the getHomePage()
method.

212

Defining the Application

public class WicketBookingApplication extends SeamWebApplication
{
@Override
public Class getHomePage()
{
return Home.class;
}
@Override
protected Class getLoginPage()
{
return Home.class;
}
}

Seam automatically installs the Wicket filter for you (ensuring that it is inserted in the correct place
for you). But you still need to tell Wicket which WebApplication class to use.







213

Chapter 13. Writing your pres...


#{param.personId}


If that looks a bit too much like "programming in XML" for your taste, you can use extension instead:

@Name("personHome")
public class PersonHome extends EntityHome {
@In EntityManager personDatabase;
public EntityManager getEntityManager() {
return personDatabase;
}
}

215

Chapter 14. The Seam Applicat...

The second approach has one huge advantage: you can easily add extra functionality, and
override the built-in functionality (the framework classes were carefully designed for extension
and customization).
A second advantage is that your classes may be EJB stateful session beans, if you like. (They
do not have to be, they can be plain JavaBean components if you prefer.) If you are using JBoss
AS, you'll need 4.2.2.GA or later:

@Stateful
@Name("personHome")
public class PersonHome extends EntityHome implements LocalPersonHome {
}

You can also make your classes stateless session beans. In this case you must use injection to
provide the persistence context, even if it is called entityManager:

@Stateless
@Name("personHome")
public class PersonHome extends EntityHome implements LocalPersonHome {
@In EntityManager entityManager;
public EntityManager getPersistenceContext() {
entityManager;
}
}

At this time, the Seam Application Framework provides four main built-in components:
EntityHome and HibernateEntityHome for CRUD, along with EntityQuery and
HibernateEntityQuery for queries.
The Home and Query components are written so that they can function with a scope of session,
event or conversation. Which scope you use depends upon the state model you wish to use in
your application.
The Seam Application Framework only works with Seam-managed persistence contexts. By
default, the components will look for a persistence context named entityManager.

216

Home objects

14.2. Home objects
A Home object provides persistence operations for a particular entity class. Suppose we have our
trusty Person class:

@Entity
public class Person {
@Id private Long id;
private String firstName;
private String lastName;
private Country nationality;
//getters and setters...
}

We can define a personHome component either via configuration:



Or via extension:

@Name("personHome")
public class PersonHome extends EntityHome {}

A Home object provides the following operations: persist(), remove(), update() and
getInstance(). Before you can call the remove(), or update() operations, you must first set the
identifier of the object you are interested in, using the setId() method.
We can use a Home directly from a JSF page, for example:

Create Person

First name: 
Last name: 





217

Chapter 14. The Seam Applicat...

Usually, it is much nicer to be able to refer to the Person merely as person, so let's make that
possible by adding a line to components.xml:




(If we are using configuration.) Or by adding a @Factory method to PersonHome:

@Name("personHome")
public class PersonHome extends EntityHome {
@Factory("person")
public Person initPerson() { return getInstance(); }
}

(If we are using extension.) This change simplifies our JSF page to the following:

Create Person

First name: 
Last name: 





Well, that lets us create new Person entries. Yes, that is all the code that is required! Now, if we
want to be able to display, update and delete pre-existing Person entries in the database, we
need to be able to pass the entry identifier to the PersonHome. Page parameters are a great way
to do that:






218

Home objects



Now we can add the extra operations to our JSF page:






First name: 
Last name: 







When we link to the page with no request parameters, the page will be displayed as a "Create
Person" page. When we provide a value for the personId request parameter, it will be an "Edit
Person" page.
Suppose we need to create Person entries with their nationality initialized. We can do that easily,
via configuration:




#{country}


Or by extension:

219

Chapter 14. The Seam Applicat...

@Name("personHome")
public class PersonHome extends EntityHome {
@In Country country;
@Factory("person")
public Person initPerson() { return getInstance(); }
protected Person createInstance() {
return new Person(country);
}
}

Of course, the Country could be an object managed by another Home object, for example,
CountryHome.
To add more sophisticated operations (association management, etc), we can just add methods
to PersonHome.

@Name("personHome")
public class PersonHome extends EntityHome {
@In Country country;
@Factory("person")
public Person initPerson() { return getInstance(); }
protected Person createInstance() {
return new Person(country);
}
public void migrate()
{
getInstance().setCountry(country);
update();
}
}

The Home object raises an org.jboss.seam.afterTransactionSuccess event when a
transaction succeeds (a call to persist(), update() or remove() succeeds). By observing this

220

Home objects

event we can refresh our queries when the underlying entities are changed. If we only want to
refresh certain queries when a particular entity is persisted, updated or removed we can observe
the org.jboss.seam.afterTransactionSuccess. event (where  is the simple
name of the entity, e.g. an entity called "org.foo.myEntity" has "myEntity" as simple name).
The Home object automatically displays faces messages when an operation is successful. To
customize these messages we can, again, use configuration:



New person #{person.firstName} #{person.lastName} created
Person #{person.firstName} #{person.lastName} deleted
Person #{person.firstName} #{person.lastName} updated


#{country}


Or extension:

@Name("personHome")
public class PersonHome extends EntityHome {
@In Country country;
@Factory("person")
public Person initPerson() { return getInstance(); }
protected Person createInstance() {
return new Person(country);
}
protected String getCreatedMessage() { return createValueExpression("New person
#{person.firstName} #{person.lastName} created"); }

221

Chapter 14. The Seam Applicat...

protected String getUpdatedMessage() { return createValueExpression("Person
#{person.firstName} #{person.lastName} updated"); }
protected String getDeletedMessage() { return createValueExpression("Person
#{person.firstName} #{person.lastName} deleted"); }
}

But the best way to specify the messages is to put them in a resource bundle known to Seam (the
bundle named messages, by default).

Person_created=New person #{person.firstName} #{person.lastName} created
Person_deleted=Person #{person.firstName} #{person.lastName} deleted
Person_updated=Person #{person.firstName} #{person.lastName} updated

This enables internationalization, and keeps your code and configuration clean of presentation
concerns.
The final step is to add validation functionality to the page, using  and
, but I'll leave that for you to figure out.

14.3. Query objects
If we need a list of all Person instance in the database, we can use a Query object. For example:



We can use it from a JSF page:

List of people








We probably need to support pagination:

222

Query objects



We'll use a page parameter to determine the page to display:







The JSF code for a pagination control is a bit verbose, but manageable:

Search for people




















223

Chapter 14. The Seam Applicat...

Real search screens let the user enter a bunch of optional search criteria to narrow the list of
results returned. The Query object lets you specify optional "restrictions" to support this important
usecase:




lower(firstName) like lower( concat(#{examplePerson.firstName},'%') )
lower(lastName) like lower( concat(#{examplePerson.lastName},'%') )



Notice the use of an "example" object.

Search for people

First name: 
Last name: 










To

refresh

the

query

when

the

underlying
org.jboss.seam.afterTransactionSuccess event:

entities





224

change

we

observe

the

Controller objects

Or, to just refresh the query when the person entity is persisted, updated or removed through
PersonHome:





Unfortunately Query objects don't work well with join fetch queries - the use of pagination with
these queries is not recommended, and you'll have to implement your own method of calculating
the total number of results (by overriding getCountEjbql().
The examples in this section have all shown reuse by configuration. However, reuse by extension
is equally possible for Query objects.

14.4. Controller objects
A

totally

optional part of the Seam Application Framework is the class
Controller and its subclasses EntityController HibernateEntityController and
BusinessProcessController. These classes provide nothing more than some convenience
methods for access to commonly used built-in components and methods of built-in components.
They help save a few keystrokes (characters can add up!) and provide a great launchpad for new
users to explore the rich functionality built in to Seam.
For example, here is what RegisterAction from the Seam registration example would look like:

@Stateless
@Name("register")
public class RegisterAction extends EntityController implements Register
{
@In private User user;
public String register()
{
List existing = createQuery("select u.username from User u where u.username=:username")
.setParameter("username", user.getUsername())
.getResultList();
if ( existing.size()==0 )
{
persist(user);
info("Registered new user #{user.username}");
return "/registered.xhtmlx";
}

225

Chapter 14. The Seam Applicat...

else
{
addFacesMessage("User #{user.username} already exists");
return null;
}
}
}

As you can see, its not an earthshattering improvement...

226

Chapter 15.

Seam and JBoss Rules
Seam makes it easy to call JBoss Rules (Drools) rulebases from Seam components or jBPM
process definitions.

15.1. Installing rules
The first step is to make an instance of org.drools.RuleBase available in a Seam context
variable. For testing purposes, Seam provides a built-in component that compiles a static set of
rules from the classpath. You can install this component via components.xml:



policyPricingRules.drl



This component compiles rules from a set of DRL (.drl) or decision table (.xls) files and caches
an instance of org.drools.RuleBase in the Seam APPLICATION context. Note that it is quite likely
that you will need to install multiple rule bases in a rule-driven application.
If you want to use a Drools DSL, you also need to specify the DSL definition:



policyPricingRules.drl



Support for Drools RuleFlow is also available and you can simply add a .rf or a .rfm as part
of your rule files as:



Note that when using the Drools 4.x RuleFlow (.rfm) format, you need to specify the Ddrools.ruleflow.port=true system property on server startup. This is however still an experimental
feature and we advise to use the Drools5 (.rf) format if possible.

227

Chapter 15. Seam and JBoss Rules

If you want to register a custom consequence exception
RuleBaseConfiguration, you need to write the handler, for example:

handler

through

the

@Scope(ScopeType.APPLICATION)
@Startup
@Name("myConsequenceExceptionHandler")
public class MyConsequenceExceptionHandler implements ConsequenceExceptionHandler, Externalizable {
public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException {
}
public void writeExternal(ObjectOutput out) throws IOException {
}
public void handleException(Activation activation,
WorkingMemory workingMemory,
Exception exception) {
throw new ConsequenceException( exception,
activation.getRule() );
}
}

and register it:



policyPricingRules.drl



consequence-

In most rules-driven applications, rules need to be dynamically deployable, so a production
application will want to use a Drools RuleAgent to manage the RuleBase. The RuleAgent can
connect to a Drools rule server (BRMS) or hot deploy rules packages from a local file repository.
The RulesAgent-managed RuleBase is also configurable in components.xml:



228

Installing rules

The properties file contains properties specific to the RulesAgent. Here is an example
configuration file from the Drools example distribution.

newInstance=true
url=http://localhost:8080/drools-jbrms/org.drools.brms.JBRMS/package/org.acme.insurance/
fmeyer
localCacheDir=/Users/fernandomeyer/projects/jbossrules/drools-examples/drools-examplesbrms/cache
poll=30
name=insuranceconfig

It is also possible to configure the options on the component directly, bypassing the configuration
file.



Next, we need to make an instance of org.drools.WorkingMemory available to each
conversation. (Each WorkingMemory accumulates facts relating to the current conversation.)



auto-

Notice that we gave the policyPricingWorkingMemory a reference back to our rule base via the
ruleBase configuration property.
We can also add means to be notified of rule engine events, including rules firing, objects being
asserted, etc. by adding event listeners to WorkingMemory.



org.drools.event.DebugWorkingMemoryEventListener
org.drools.event.DebugAgendaEventListener


auto-

229

Chapter 15. Seam and JBoss Rules



15.2. Using rules from a Seam component
We can now inject our WorkingMemory into any Seam component, assert facts, and fire rules:

@In WorkingMemory policyPricingWorkingMemory;
@In Policy policy;
@In Customer customer;
public void pricePolicy() throws FactException
{
policyPricingWorkingMemory.insert(policy);
policyPricingWorkingMemory.insert(customer);
// if we have a ruleflow, start the process
policyPricingWorkingMemory.startProcess(startProcessId)
policyPricingWorkingMemory.fireAllRules();
}

15.3. Using rules from a jBPM process definition
You can even allow a rule base to act as a jBPM action handler, decision handler, or assignment
handler — in either a pageflow or business process definition.



orderApprovalRulesWorkingMemory

approvalruleflowid

#{customer}
#{order}
#{order.lineItems}




shippingRulesWorkingMemory

230

Using rules from a jBPM process definition


#{customer}
#{order}
#{order.lineItems}






The  element specifies EL expressions that return an object or collection of
objects to be asserted as facts into the WorkingMemory.
The  element on the other hand specifies EL expressions that return an object
or collection of objects to be retracted from the WorkingMemory.
There is also support for using Drools for jBPM task assignments:




orderApprovalRulesWorkingMemory

#{actor}
#{customer}
#{order}
#{order.lineItems}







Certain objects are available to the rules as Drools globals, namely the jBPM Assignable, as
assignable and a Seam Decision object, as decision. Rules which handle decisions should call
decision.setOutcome("result") to determine the result of the decision. Rules which perform
assignments should set the actor id using the Assignable.

package org.jboss.seam.examples.shop

231

Chapter 15. Seam and JBoss Rules

import org.jboss.seam.drools.Decision
global Decision decision
rule "Approve Order For Loyal Customer"
when
Customer( loyaltyStatus == "GOLD" )
Order( totalAmount <= 10000 )
then
decision.setOutcome("approved");
end

package org.jboss.seam.examples.shop
import org.jbpm.taskmgmt.exe.Assignable
global Assignable assignable
rule "Assign Review For Small Order"
when
Order( totalAmount <= 100 )
then
assignable.setPooledActors( new String[] {"reviewers"} );
end

Note
You can find out more about Drools at http://www.drools.org

Caution
Seam comes with enough of Drools' dependencies to implement some simple
rules. If you want to add extra capabilities to Drools you should download the full
distribution and add in extra dependencies as needed.

232

Chapter 16.

Security
16.1. Overview
The Seam Security API provides a multitude of security-related features for your Seam-based
application, covering such areas as:
• Authentication - an extensible, JAAS-based authentication layer that allows users to
authenticate against any security provider.
• Identity Management - an API for managing a Seam application's users and roles at runtime.
• Authorization - an extremely comprehensive authorization framework, supporting user roles,
persistent and rule-based permissions, and a pluggable permission resolver for easily
implementing customised security logic.
• Permission Management - a set of built-in Seam components to allow easy management of an
application's security policy.
• CAPTCHA support - to assist in the prevention of automated software/scripts abusing your
Seam-based site.
• And much more
This chapter will cover each of these features in detail.

16.2. Disabling Security
In some situations it may be necessary to disable Seam Security, for instances during unit tests
or because you are using a different approach to security, such as native JAAS. Simply call the
static method Identity.setSecurityEnabled(false) to disable the security infrastructure. Of
course, it's not very convenient to have to call a static method when you want to configure the
application, so as an alternative you can control this setting in components.xml:
• Entity Security
• Hibernate Security Interceptor
• Seam Security Interceptor
• Page restrictions
• Servlet API security integration
Assuming you are planning to take advantage of what Seam Security has to offer, the rest of this
chapter documents the plethora of options you have for giving your user an identity in the eyes of
the security model (authentication) and locking down the application by establishing constraints
(authorization). Let's begin with the task of authentication since that's the foundation of any security
model.

233

Chapter 16. Security

16.3. Authentication
The authentication features provided by Seam Security are built upon JAAS (Java Authentication
and Authorization Service), and as such provide a robust and highly configurable API for handling
user authentication. However, for less complex authentication requirements Seam offers a much
more simplified method of authentication that hides the complexity of JAAS.

16.3.1. Configuring an Authenticator component
Note
If you use Seam's Identity Management features (discussed later in this chapter)
then it is not necessary to create an authenticator component (and you can skip
this section).

The simplified authentication method provided by Seam uses a built-in JAAS login module,
SeamLoginModule, which delegates authentication to one of your own Seam components. This
login module is already configured inside Seam as part of a default application policy and as such
does not require any additional configuration files. It allows you to write an authentication method
using the entity classes that are provided by your own application, or alternatively to authenticate
with some other third party provider. Configuring this simplified form of authentication requires the
identity component to be configured in components.xml:





The EL expression #{authenticator.authenticate} is a method binding that indicates the
authenticate method of the authenticator component will be used to authenticate the user.

16.3.2. Writing an authentication method
The authenticate-method property specified for identity in components.xml specifies
which method will be used by SeamLoginModule to authenticate users. This method

234

Writing an authentication method

takes no parameters, and is expected to return a boolean, which indicates whether
authentication is successful or not. The user's username and password can be obtained from
Credentials.getUsername() and Credentials.getPassword(), respectively (you can get a

reference to the credentials component via Identity.instance().getCredentials()). Any
roles that the user is a member of should be assigned using Identity.addRole(). Here's a
complete example of an authentication method inside a POJO component:

@Name("authenticator")
public class Authenticator {
@In EntityManager entityManager;
@In Credentials credentials;
@In Identity identity;
public boolean authenticate() {
try {
User user = (User) entityManager.createQuery(
"from User where username = :username and password = :password")
.setParameter("username", credentials.getUsername())
.setParameter("password", credentials.getPassword())
.getSingleResult();
if (user.getRoles() != null) {
for (UserRole mr : user.getRoles())
identity.addRole(mr.getName());
}
return true;
}
catch (NoResultException ex) {
return false;
}
}
}

In the above example, both User and UserRole are application-specific entity beans. The roles
parameter is populated with the roles that the user is a member of, which should be added
to the Set as literal string values, e.g. "admin", "user". In this case, if the user record is not
found and a NoResultException thrown, the authentication method returns false to indicate the
authentication failed.

235

Chapter 16. Security

Tip
When writing an authenticator method, it is important that it is kept minimal and free
from any side-effects. This is because there is no guarantee as to how many times
the authenticator method will be called by the security API, and as such it may be
invoked multiple times during a single request. Because of this, any special code
that should execute upon a successful or failed authentication should be written
by implementing an event observer. See the section on Security Events further
down in this chapter for more information about which events are raised by Seam
Security.

16.3.2.1. Identity.addRole()
The Identity.addRole() method behaves differently depending on whether the current session
is authenticated or not. If the session is not authenticated, then addRole() should only be called
during the authentication process. When called here, the role name is placed into a temporary
list of pre-authenticated roles. Once authentication is successful, the pre-authenticated roles then
become "real" roles, and calling Identity.hasRole() for those roles will then return true. The
following sequence diagram represents the list of pre-authenticated roles as a first class object to
show more clearly how it fits in to the authentication process.

236

Writing a login form

If the current session is already authenticated, then calling Identity.addRole() will have the
expected effect of immediately granting the specified role to the current user.

16.3.2.2. Writing an event observer for security-related events
Say for example, that upon a successful login that some user statistics must
be updated. This would be done by writing an event observer for the
org.jboss.seam.security.loginSuccessful event, like this:

@In UserStats userStats;
@Observer("org.jboss.seam.security.loginSuccessful")
public void updateUserStats()
{
userStats.setLastLoginDate(new Date());
userStats.incrementLoginCount();
}

This observer method can be placed anywhere, even in the Authenticator component itself. You
can find more information about security-related events later in this chapter.

16.3.3. Writing a login form
The credentials component provides both username and password properties, catering for the
most common authentication scenario. These properties can be bound directly to the username
and password fields on a login form. Once these properties are set, calling identity.login()
will authenticate the user using the provided credentials. Here's an example of a simple login form:













237

Chapter 16. Security

Similarly, logging out the user is done by calling #{identity.logout}. Calling this action will
clear the security state of the currently authenticated user, and invalidate the user's session.

16.3.4. Configuration Summary
So to sum up, there are the three easy steps to configure authentication:

• Configure an authentication method in components.xml.
• Write an authentication method.
• Write a login form so that the user can authenticate.

16.3.5. Remember Me
Seam Security supports the same kind of "Remember Me" functionality that is commonly
encountered in many online web-based applications. It is actually supported in two different
"flavours", or modes - the first mode allows the username to be stored in the user's browser as a
cookie, and leaves the entering of the password up to the browser (many modern browsers are
capable of remembering passwords).
The second mode supports the storing of a unique token in a cookie, and allows a user to
authenticate automatically upon returning to the site, without having to provide a password.

Warning
Automatic client authentication with a persistent cookie stored on the client
machine is dangerous. While convenient for users, any cross-site scripting security
hole in your website would have dramatically more serious effects than usual.
Without the authentication cookie, the only cookie to steal for an attacker with XSS
is the cookie of the current session of a user. This means the attack only works
when the user has an open session - which should be a short timespan. However,
it is much more attractive and dangerous if an attacker has the possibility to steal a
persistent Remember Me cookie that allows him to login without authentication, at
any time. Note that this all depends on how well you protect your website against
XSS attacks - it's up to you to make sure that your website is 100% XSS safe - a
non-trivial achievement for any website that allows user input to be rendered on
a page.
Browser vendors recognized this issue and introduced a "Remember Passwords"
feature - today almost all browsers support this. Here, the browser remembers the
login username and password for a particular website and domain, and fills out the
login form automatically when you don't have an active session with the website.
If you as a website designer then offer a convenient login keyboard shortcut,
this approach is almost as convenient as a "Remember Me" cookie and much

238

Remember Me

safer. Some browsers (e.g. Safari on OS X) even store the login form data in
the encrypted global operation system keychain. Or, in a networked environment,
the keychain can be transported with the user (between laptop and desktop for
example), while browser cookies are usually not synchronized.
To summarize: While everyone is doing it, persistent "Remember Me" cookies with
automatic authentication are a bad practice and should not be used. Cookies that
"remember" only the users login name, and fill out the login form with that username
as a convenience, are not an issue.

To enable the remember me feature for the default (safe, username only) mode, no special
configuration is required. In your login form, simply bind the remember me checkbox to
rememberMe.enabled, like in the following example:














16.3.5.1. Token-based Remember-me Authentication
To use the automatic, token-based mode of the remember me feature, you must first configure a
token store. The most common scenario is to store these authentication tokens within a database
(which Seam supports), however it is possible to implement your own token store by implementing
the org.jboss.seam.security.TokenStore interface. This section will assume you will be using
the provided JpaTokenStore implementation to store authentication tokens inside a database
table.
The first step is to create a new Entity which will contain the tokens. The following example shows
a possible structure that you may use:

@Entity
public class AuthenticationToken implements Serializable {

239

Chapter 16. Security

private Integer tokenId;
private String username;
private String value;
@Id @GeneratedValue
public Integer getTokenId() {
return tokenId;
}
public void setTokenId(Integer tokenId) {
this.tokenId = tokenId;
}
@TokenUsername
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
@TokenValue
public String getValue() {
return value;
}
public void setValue(String value) {
this.value = value;
}
}

As you can see from this listing, a couple of special annotations, @TokenUsername and
@TokenValue are used to configure the username and token properties of the entity. These

annotations are required for the entity that will contain the authentication tokens.
The next step is to configure JpaTokenStore to use this entity bean to store and retrieve
authentication tokens. This is done in components.xml by specifying the token-class attribute:



240

token-

Handling Security Exceptions

Once this is done, the last thing to do is to configure the RememberMe component in
components.xml also. Its mode should be set to autoLogin:



That is all that is required - automatic authentication will now occur for users revisiting your site
(as long as they check the "remember me" checkbox).
To ensure that users are automatically authenticated when returning to the site, the following
section should be placed in components.xml:









16.3.6. Handling Security Exceptions
To prevent users from receiving the default error page in response to a security error, it's
recommended that pages.xml is configured to redirect security errors to a more "pretty" page.
The two main types of exceptions thrown by the security API are:

• NotLoggedInException - This exception is thrown if the user attempts to access a restricted
action or page when they are not logged in.
• AuthorizationException - This exception is only thrown if the user is already logged in, and
they have attempted to access a restricted action or page for which they do not have the
necessary privileges.
In the case of a NotLoggedInException, it is recommended that the user is redirected to either
a login or registration page so that they can log in. For an AuthorizationException, it may be
useful to redirect the user to an error page. Here's an example of a pages.xml file that redirects
both of these security exceptions:



241

Chapter 16. Security

...


You must be logged in to perform this action





You do not have the necessary security privileges to perform this action.




Most web applications require even more sophisticated handling of login redirection, so Seam
includes some special functionality for handling this problem.

16.3.7. Login Redirection
You can ask Seam to redirect the user to a login screen when an unauthenticated user tries to
access a particular view (or wildcarded view id) as follows:



...


Tip
This is less of a blunt instrument than the exception handler shown above, but
should probably be used in conjunction with it.

After the user logs in, we want to automatically send them back where they came from, so they can
retry the action that required logging in. If you add the following event listeners to components.xml,

242

HTTP Authentication

attempts to access a restricted view while not logged in will be remembered, so that upon the
user successfully logging in they will be redirected to the originally requested view, with any page
parameters that existed in the original request.








Note that login redirection is implemented as a conversation-scoped mechanism, so don't end the
conversation in your authenticate() method.

16.3.8. HTTP Authentication
Although not recommended for use unless absolutely necessary, Seam provides means for
authenticating using either HTTP Basic or HTTP Digest (RFC 2617) methods. To use either form
of authentication, the authentication-filter component must be enabled in components.xml:



To enable the filter for basic authentication, set auth-type to basic, or for digest authentication,
set it to digest. If using digest authentication, the key and realm must also be set:



auth-

The key can be any String value. The realm is the name of the authentication realm that is
presented to the user when they authenticate.

16.3.8.1. Writing a Digest Authenticator
If using digest authentication, your authenticator class should extend the abstract class
org.jboss.seam.security.digest.DigestAuthenticator, and use the validatePassword()
method to validate the user's plain text password against the digest request. Here is an example:

243

Chapter 16. Security

public boolean authenticate()
{
try
{
User user = (User) entityManager.createQuery(
"from User where username = :username")
.setParameter("username", identity.getUsername())
.getSingleResult();
return validatePassword(user.getPassword());
}
catch (NoResultException ex)
{
return false;
}
}

16.3.9. Advanced Authentication Features
This section explores some of the advanced features provided by the security API for addressing
more complex security requirements.

16.3.9.1. Using your container's JAAS configuration
If you would rather not use the simplified JAAS configuration provided by the Seam Security API,
you may instead delegate to the default system JAAS configuration by providing a jaas-configname property in components.xml. For example, if you are using JBoss AS and wish to use the
other policy (which uses the UsersRolesLoginModule login module provided by JBoss AS), then
the entry in components.xml would look like this:



Please keep in mind that doing this does not mean that your user will be authenticated in whichever
container your Seam application is deployed in. It merely instructs Seam Security to authenticate
itself using the configured JAAS security policy.

16.4. Identity Management
Identity Management provides a standard API for the management of a Seam application's users
and roles, regardless of which identity store (database, LDAP, etc) is used on the backend. At

244

Configuring IdentityManager

the center of the Identity Management API is the identityManager component, which provides
all the methods for creating, modifying and deleting users, granting and revoking roles, changing
passwords, enabling and disabling user accounts, authenticating users and listing users and roles.
Before it may be used, the identityManager must first be configured with one or more
IdentityStores. These components do the actual work of interacting with the backend security
provider, whether it be a database, LDAP server, or something else.

16.4.1. Configuring IdentityManager
The identityManager component allows for separate identity stores to be configured for
authentication and authorization operations. This means that it is possible for users to be
authenticated against one identity store, for example an LDAP directory, yet have their roles
loaded from another identity store, such as a relational database.
Seam provides two IdentityStore implementations out of the box; JpaIdentityStore uses a
relational database to store user and role information, and is the default identity store that is used
if nothing is explicitly configured in the identityManager component. The other implementation
that is provided is LdapIdentityStore, which uses an LDAP directory to store users and roles.
There are two configurable properties for the identityManager component - identityStore
and roleIdentityStore. The value for these properties must be an EL expression referring
to a Seam component implementing the IdentityStore interface. As already mentioned, if left
unconfigured then JpaIdentityStore will be assumed by default. If only the identityStore
property is configured, then the same value will be used for roleIdentityStore also. For
example, the following entry in components.xml will configure identityManager to use an
LdapIdentityStore for both user-related and role-related operations:



The following example configures identityManager to use an LdapIdentityStore for userrelated operations, and JpaIdentityStore for role-related operations:

245

Chapter 16. Security



The following sections explain both of these identity store implementations in greater detail.

16.4.2. JpaIdentityStore
This identity store allows for users and roles to be stored inside a relational database. It is designed
to be as unrestrictive as possible in regards to database schema design, allowing a great deal
of flexibility in the underlying table structure. This is achieved through the use of a set of special
annotations, allowing entity beans to be configured to store user and role records.

16.4.2.1. Configuring JpaIdentityStore
JpaIdentityStore requires that both the user-class and role-class properties are configured.

These properties should refer to the entity classes that are to be used to store both user and role
records, respectively. The following example shows the configuration from components.xml in
the SeamSpace example:



16.4.2.2. Configuring the Entities
As already mentioned, a set of special annotations are used to configure entity beans for storing
users and roles. The following table lists each of the annotations, and their descriptions.

Table 16.1. User Entity Annotations
Annotation
@UserPrincipal

Status
Required

Description
This annotation marks the field or method containing the
user's username.

@UserPassword

Required

This annotation marks the field or method containing
the user's password. It allows a hash algorithm to be
specified for password hashing. Possible values for hash
are md5, sha and none. E.g:

246

JpaIdentityStore

Annotation

Status

Description
@UserPassword (hash="md5")
public String getPasswordHash() {
return passwordHash;
}

If an application requires a hash algorithm that isn't
supported natively by Seam, it is possible to extend the
PasswordHash component to implement other hashing
algorithms.
@UserFirstName

Optional

This annotation marks the field or method containing the
user's first name.

@UserLastName

Optional

This annotation marks the field or method containing the
user's last name.

@UserEnabled

Optional

This annotation marks the field or method containing the
enabled status of the user. This should be a boolean
property, and if not present then all user accounts are
assumed to be enabled.

@UserRoles

Required

This annotation marks the field or method containing the
roles of the user. This property will be described in more
detail further down.

Table 16.2. Role Entity Annotations
Annotation
@RoleName

Status
Required

Description
This annotation marks the field or method
containing the name of the role.

@RoleGroups

Optional

This annotation marks the field or method
containing the group memberships of the role.

@RoleConditional

Optional

This annotation marks the field or method
indicating whether the role is conditional or
not. Conditional roles are explained later in this
chapter.

16.4.2.3. Entity Bean Examples
As mentioned previously, JpaIdentityStore is designed to be as flexible as possible when it
comes to the database schema design of your user and role tables. This section looks at a number
of possible database schemas that can be used to store user and role records.

247

Chapter 16. Security

16.4.2.3.1. Minimal schema example
In this bare minimal example, a simple user and role table are linked via a many-to-many
relationship using a cross-reference table named UserRoles.

@Entity
public class User {
private Integer userId;
private String username;
private String passwordHash;
private Set roles;
@Id @GeneratedValue
public Integer getUserId() { return userId; }
public void setUserId(Integer userId) { this.userId = userId; }
@UserPrincipal
public String getUsername() { return username; }
public void setUsername(String username) { this.username = username; }
@UserPassword(hash = "md5")
public String getPasswordHash() { return passwordHash; }
public void setPasswordHash(String passwordHash) { this.passwordHash = passwordHash; }
@UserRoles
@ManyToMany(targetEntity = Role.class)
@JoinTable(name = "UserRoles",
joinColumns = @JoinColumn(name = "UserId"),
inverseJoinColumns = @JoinColumn(name = "RoleId"))
public Set getRoles() { return roles; }
public void setRoles(Set roles) { this.roles = roles; }
}

248

JpaIdentityStore

@Entity
public class Role {
private Integer roleId;
private String rolename;
@Id @Generated
public Integer getRoleId() { return roleId; }
public void setRoleId(Integer roleId) { this.roleId = roleId; }
@RoleName
public String getRolename() { return rolename; }
public void setRolename(String rolename) { this.rolename = rolename; }
}

16.4.2.3.2. Complex Schema Example
This example builds on the above minimal example by including all of the optional fields, and
allowing group memberships for roles.

@Entity
public class User {
private Integer userId;
private String username;
private String passwordHash;
private Set roles;
private String firstname;
private String lastname;
private boolean enabled;
@Id @GeneratedValue

249

Chapter 16. Security

public Integer getUserId() { return userId; }
public void setUserId(Integer userId) { this.userId = userId; }
@UserPrincipal
public String getUsername() { return username; }
public void setUsername(String username) { this.username = username; }
@UserPassword(hash = "md5")
public String getPasswordHash() { return passwordHash; }
public void setPasswordHash(String passwordHash) { this.passwordHash = passwordHash; }
@UserFirstName
public String getFirstname() { return firstname; }
public void setFirstname(String firstname) { this.firstname = firstname; }
@UserLastName
public String getLastname() { return lastname; }
public void setLastname(String lastname) { this.lastname = lastname; }
@UserEnabled
public boolean isEnabled() { return enabled; }
public void setEnabled(boolean enabled) { this.enabled = enabled; }
@UserRoles
@ManyToMany(targetEntity = Role.class)
@JoinTable(name = "UserRoles",
joinColumns = @JoinColumn(name = "UserId"),
inverseJoinColumns = @JoinColumn(name = "RoleId"))
public Set getRoles() { return roles; }
public void setRoles(Set roles) { this.roles = roles; }
}

@Entity
public class Role {
private Integer roleId;
private String rolename;
private boolean conditional;
@Id @Generated
public Integer getRoleId() { return roleId; }
public void setRoleId(Integer roleId) { this.roleId = roleId; }
@RoleName

250

JpaIdentityStore

public String getRolename() { return rolename; }
public void setRolename(String rolename) { this.rolename = rolename; }
@RoleConditional
public boolean isConditional() { return conditional; }
public void setConditional(boolean conditional) { this.conditional = conditional; }
@RoleGroups
@ManyToMany(targetEntity = Role.class)
@JoinTable(name = "RoleGroups",
joinColumns = @JoinColumn(name = "RoleId"),
inverseJoinColumns = @JoinColumn(name = "GroupId"))
public Set getGroups() { return groups; }
public void setGroups(Set groups) { this.groups = groups; }
}

16.4.2.4. JpaIdentityStore Events
When using JpaIdentityStore as the identity store implementation with IdentityManager, a
few events are raised as a result of invoking certain IdentityManager methods.

16.4.2.4.1. JpaIdentityStore.EVENT_PRE_PERSIST_USER
This event is raised in response to calling IdentityManager.createUser(). Just before the user
entity is persisted to the database, this event will be raised passing the entity instance as an event
parameter. The entity will be an instance of the user-class configured for JpaIdentityStore.
Writing an observer for this event may be useful for setting additional field values on the entity,
which aren't set as part of the standard createUser() functionality.

16.4.2.4.2. JpaIdentityStore.EVENT_USER_CREATED
This event is also raised in response to calling IdentityManager.createUser(). However,
it is raised after the user entity has already been persisted to the database. Like the
EVENT_PRE_PERSIST_USER event, it also passes the entity instance as an event parameter. It may
be useful to observe this event if you also need to persist other entities that reference the user
entity, for example contact detail records or other user-specific data.

16.4.2.4.3. JpaIdentityStore.EVENT_USER_AUTHENTICATED
This event is raised when calling IdentityManager.authenticate(). It passes the user entity
instance as the event parameter, and is useful for reading additional properties from the user
entity that is being authenticated.

251

Chapter 16. Security

16.4.3. LdapIdentityStore
This identity store implementation is designed for working with user records stored in an LDAP
directory. It is very highly configurable, allowing great flexibility in how both users and roles are
stored in the directory. The following sections describe the configuration options for this identity
store, and provide some configuration examples.

16.4.3.1. Configuring LdapIdentityStore
The following table describes the available properties that can be configured in components.xml
for LdapIdentityStore.

Table 16.3. LdapIdentityStore Configuration Properties
Property
server-

Default Value

Description

localhost

The address of the LDAP server.

389

The port number that the LDAP server is

address
server-port

listening on.
user-

ou=Person,dc=acme,dc=com

containing user records.

context-DN
user-DN-

uid=

,ou=Person,dc=acme,dc=com This value is appended to the end of the

username to locate the user's record.

suffix
role-

This value is prefixed to the front of the
username to locate the user's record.

prefix
user-DN-

The Distinguished Name (DN) of the context

ou=Role,dc=acme,dc=com

The DN of the context containing role records.

cn=

This value is prefixed to the front of the role

context-DN
role-DN-

name to form the DN for locating the role
record.

prefix

role-DN-

,ou=Roles,dc=acme,dc=com

the DN for locating the role record.

suffix
bind-DN

This value is appended to the role name to form

cn=Manager,dc=acme,dc=com This is the context used to bind to the LDAP

server.
bind-

secret

to bind to the LDAP server.

credentials
user-role-

roles

attributeis-DN

252

This is the name of the attribute of the user
record that contains the list of roles that the
user is a member of.

attribute

role-

These are the credentials (the password) used

true

This boolean property indicates whether the
role attribute of the user record is itself a
distinguished name.

LdapIdentityStore

Property
user-name-

Default Value
uid

Indicates which attribute of the user record
contains the username.

attribute
user-

Description

userPassword

Indicates which attribute of the user record
contains the user's password.

passwordattribute
first-name-

null

contains the user's first name.

attribute
last-name-

sn

cn

null

cn

Indicates which attribute of the role record
contains the name of the role.

attribute
object-

Indicates which attribute of the user record
determines whether the user is enabled.

attribute
role-name-

Indicates which attribute of the user record
contains the user's full (common) name.

attribute
enabled-

Indicates which attribute of the user record
contains the user's last name.

attribute
full-name-

Indicates which attribute of the user record

objectClass

Indicates which attribute determines the class
of an object in the directory.

classattribute
role-

organizationalRole

An array of the object classes that new role
records should be created as.

objectclasses
user-

person,uidObject

An array of the object classes that new user
records should be created as.

objectclasses
security-

simple

authentication-

The security level to use. Possible values are
"none", "simple" and "strong".

type

16.4.3.2. LdapIdentityStore Configuration Example
The following configuration example shows how LdapIdentityStore may be configured for
an LDAP directory running on fictional host directory.mycompany.com. The users are stored
within this directory under the context ou=Person,dc=mycompany,dc=com, and are identified using
the uid attribute (which corresponds to their username). Roles are stored in their own context,
ou=Roles,dc=mycompany,dc=com and referenced from the user's entry via the roles attribute.
Role entries are identified by their common name (the cn attribute) , which corresponds to the
role name. In this example, users may be disabled by setting the value of their enabled attribute
to false.

253

Chapter 16. Security



16.4.4. Writing your own IdentityStore
Writing your own identity store implementation allows you to authenticate and perform
identity management operations against security providers that aren't supported out of the
box by Seam. Only a single class is required to achieve this, and it must implement the
org.jboss.seam.security.management.IdentityStore interface.
Please refer to the JavaDoc for IdentityStore for a description of the methods that must be
implemented.

16.4.5. Authentication with Identity Management
If you are using the Identity Management features in your Seam application, then it is not
required to provide an authenticator component (see previous Authentication section) to enable
authentication. Simply omit the authenticate-method from the identity configuration in
components.xml, and the SeamLoginModule will by default use IdentityManager to authenticate
your application's users, without any special configuration required.

16.4.6. Using IdentityManager
The IdentityManager can be accessed either by injecting it into your Seam component as
follows:

@In IdentityManager identityManager;

or by accessing it through its static instance() method:

254

Using IdentityManager

IdentityManager identityManager = IdentityManager.instance();

The following table describes IdentityManager's API methods:

Table 16.4. Identity Management API
Method
createUser(String

name,

Returns
String boolean

Creates a new user
account, with the
specified name and
password.
Returns
true if successful, or
false if not.

password)

deleteUser(String name)

Description

boolean

Deletes

the

user

account
with
the
specified
name.
Returns
true
if
successful, or false if
not.
createRole(String role)

boolean

Creates a new role,
with the specified
name. Returns true if
successful, or false if
not.

deleteRole(String name)

boolean

Deletes

the

role

with the specified
name. Returns true if
successful, or false if
not.
enableUser(String name)

boolean

Enables

the

user

account
with
the
specified
name.
Accounts that are
not enabled are not
able to authenticate.
Returns
true
if
successful, or false if
not.
disableUser(String name)

boolean

Disables

the

account
specified
Returns

with

user

the
name.
true
if

255

Chapter 16. Security

Method

Returns

Description
successful, or false if
not.

changePassword(String

name,

String boolean

the

password for the
user account with
the specified name.
Returns
true
if
successful, or false if
not.

password)

isUserEnabled(String name)

Changes

boolean

Returns true if the
specified user account
is enabled, or false if
it isn't.

grantRole(String name, String role)

boolean

Grants the specified
role to the specified
user or role. The
role must already exist
for it to be granted.
Returns true if the
role is successfully
granted, or false if it
is already granted to
the user.

revokeRole(String name, String role)

boolean

Revokes the specified
role from the specified
user or role. Returns
true if the specified
user is a member of
the role and it is
successfully revoked,
or false if the user is
not a member of the
role.

userExists(String name)

boolean

Returns true if the
specified user exists,
or false if it doesn't.

listUsers()

List

Returns a list of all
user names, sorted in
alpha-numeric order.

listUsers(String filter)

List

Returns a list of all
user names filtered

256

Using IdentityManager

Method

Returns

Description
by the specified filter
parameter, sorted in
alpha-numeric order.

listRoles()

List

Returns a list of all role
names.

getGrantedRoles(String name)

List

Returns a list of the
names of all the
roles explicitly granted
to the specified user
name.

getImpliedRoles(String name)

List

Returns a list of the
names of all the
roles implicitly granted
to
the
specified
user name. Implicitly
granted roles include
those that are not
directly granted to
a user, rather they
are granted to the
roles that the user
is a member of. For
example, is the admin
role is a member of
the user role, and
a user is a member
of the admin role,
then the implied roles
for the user are both
the admin, and user
roles.

authenticate(String
password)

name,

String boolean

Authenticates

the

specified username
and password using
the configured Identity
Store. Returns true
if successful or false
if
authentication
failed.
Successful
authentication implies
nothing beyond the
return value of the

257

Chapter 16. Security

Method

Returns

Description
method. It does not
change the state
of
the
Identity
component
to
perform a proper
Seam
login
the
Identity.login()

must be used instead.
addRoleToGroup(String

role,

String boolean

Adds

the

specified

role as a member
of
the
specified
group. Returns true
if the operation is
successful.

group)

removeRoleFromGroup(String

role, boolean

the

specified role from
the specified group.
Returns
true
if
the
operation
is
successful.

String group)

listRoles()

Removes

List

Lists the names of all
roles.

Using the Identity Management API requires that the calling user has the appropriate authorization
to invoke its methods. The following table describes the permission requirements for each of the
methods in IdentityManager. The permission targets listed below are literal String values.

Table 16.5. Identity Management Security Permissions
Method

Permission Target

Permission
Action

createUser()

seam.user

create

deleteUser()

seam.user

delete

createRole()

seam.role

create

deleteRole()

seam.role

delete

enableUser()

seam.user

update

disableUser()

seam.user

update

changePassword()

seam.user

update

isUserEnabled()

seam.user

read

grantRole()

seam.user

update

258

Error Messages

Method

Permission Target

Permission
Action

revokeRole()

seam.user

update

userExists()

seam.user

read

listUsers()

seam.user

read

listRoles()

seam.role

read

addRoleToGroup()

seam.role

update

removeRoleFromGroup()

seam.role

update

The following code listing provides an example set of security rules that grants access to all Identity
Management-related methods to members of the admin role:

rule ManageUsers
no-loop
activation-group "permissions"
when
check: PermissionCheck(name == "seam.user", granted == false)
Role(name == "admin")
then
check.grant();
end
rule ManageRoles
no-loop
activation-group "permissions"
when
check: PermissionCheck(name == "seam.role", granted == false)
Role(name == "admin")
then
check.grant();
end

16.5. Error Messages
The security API produces a number of default faces messages for various security-related events.
The following table lists the message keys that can be used to override these messages by
specifying them in a message.properties resource file. To suppress the message, just put the
key with an empty value in the resource file.

259

Chapter 16. Security

Table 16.6. Security Message Keys
Message Key

Description

org.jboss.seam.loginSuccessful This message is produced when a user successfully logs

in via the security API.
org.jboss.seam.loginFailed

This message is produced when the login process fails,
either because the user provided an incorrect username
or password, or because authentication failed in some
other way.

org.jboss.seam.NotLoggedIn

This message is produced when a user attempts to
perform an action or access a page that requires
a security check, and the user is not currently
authenticated.

org.jboss.seam.AlreadyLoggedIn This message is produced when a user that is already

authenticated attempts to log in again.

16.6. Authorization
There are a number of authorization mechanisms provided by the Seam Security API for securing
access to components, component methods, and pages. This section describes each of these.
An important thing to note is that if you wish to use any of the advanced features (such as rulebased permissions) then your components.xml may need to be configured to support this - see
the Configuration section above.

16.6.1. Core concepts
Seam Security is built around the premise of users being granted roles and/or permissions,
allowing them to perform operations that may not otherwise be permissible for users without
the necessary security privileges. Each of the authorization mechanisms provided by the Seam
Security API are built upon this core concept of roles and permissions, with an extensible
framework providing multiple ways to secure application resources.

16.6.1.1. What is a role?
A role is a group, or type, of user that may have been granted certain privileges for performing
one or more specific actions within an application. They are simple constructs, consisting of just
a name such as "admin", "user", "customer", etc. They can be granted either to users (or in some
cases to other roles), and are used to create logical groups of users for the convenient assignment
of specific application privileges.

260

Securing components

16.6.1.2. What is a permission?
A permission is a privilege (sometimes once-off) for performing a single, specific action. It is
entirely possible to build an application using nothing but permissions, however roles offer a higher
level of convenience when granting privileges to groups of users. They are slightly more complex
in structure than roles, essentially consisting of three "aspects"; a target, an action, and a recipient.
The target of a permission is the object (or an arbitrary name or class) for which a particular action
is allowed to be performed by a specific recipient (or user). For example, the user "Bob" may have
permission to delete customer objects. In this case, the permission target may be "customer", the
permission action would be "delete" and the recipient would be "Bob".

Within this documentation, permissions are generally represented in the form target:action
(omitting the recipient, although in reality one is always required).

16.6.2. Securing components
Let's start by examining the simplest form of authorization, component security, starting with the
@Restrict annotation.

@Restrict vs Typesafe security annotations
While using the @Restrict annotation provides a powerful and flexible method
for security component methods due to its ability to support EL expressions, it is
recommended that the typesafe equivalent (described later) be used, at least for
the compile-time safety it provides.

16.6.2.1. The @Restrict annotation
Seam components may be secured either at the method or the class level, using the @Restrict
annotation. If both a method and it's declaring class are annotated with @Restrict, the
method restriction will take precedence (and the class restriction will not apply). If a method
invocation fails a security check, then an exception will be thrown as per the contract for
Identity.checkRestriction() (see Inline Restrictions). A @Restrict on just the component
class itself is equivalent to adding @Restrict to each of its methods.
An empty @Restrict implies a permission check of componentName:methodName. Take for
example the following component method:

261

Chapter 16. Security

@Name("account")
public class AccountAction {
@Restrict public void delete() {
...
}
}

In this example, the implied permission required to call the delete()
method
is
account:delete.
The
equivalent
of
this
would
be
to
write
@Restrict("#{s:hasPermission('account','delete')}"). Now let's look at another
example:

@Restrict @Name("account")
public class AccountAction {
public void insert() {
...
}
@Restrict("#{s:hasRole('admin')}")
public void delete() {
...
}
}

This time, the component class itself is annotated with @Restrict. This means that any methods
without an overriding @Restrict annotation require an implicit permission check. In the case
of this example, the insert() method requires a permission of account:insert, while the
delete() method requires that the user is a member of the admin role.
Before we go any further, let's address the #{s:hasRole()} expression seen in the above
example. Both s:hasRole and s:hasPermission are EL functions, which delegate to the
correspondingly named methods of the Identity class. These functions can be used within any
EL expression throughout the entirety of the security API.
Being an EL expression, the value of the @Restrict annotation may reference any objects that
exist within a Seam context. This is extremely useful when performing permission checks for a
specific object instance. Look at this example:

@Name("account")
public class AccountAction {
@In Account selectedAccount;
@Restrict("#{s:hasPermission(selectedAccount,'modify')}")
public void modify() {

262

Security in the user interface

selectedAccount.modify();
}
}

The interesting thing to note from this example is the reference to selectedAccount seen within
the hasPermission() function call. The value of this variable will be looked up from within the
Seam context, and passed to the hasPermission() method in Identity, which in this case can
then determine if the user has the required permission for modifying the specified Account object.

16.6.2.2. Inline restrictions
Sometimes it might be desirable to perform a security check in code, without using the @Restrict
annotation. In this situation, simply use Identity.checkRestriction() to evaluate a security
expression, like this:

public void deleteCustomer() {
Identity.instance().checkRestriction("#{s:hasPermission(selectedCustomer,'delete')}");
}

If the expression specified doesn't evaluate to true, either
• if the user is not logged in, a NotLoggedInException exception is thrown or
• if the user is logged in, an AuthorizationException exception is thrown.
It is also possible to call the hasRole() and hasPermission() methods directly from Java code:

if (!Identity.instance().hasRole("admin"))
throw new AuthorizationException("Must be admin to perform this action");
if (!Identity.instance().hasPermission("customer", "create"))
throw new AuthorizationException("You may not create new customers");

16.6.3. Security in the user interface
One indication of a well designed user interface is that the user is not presented with options for
which they don't have the necessary privileges to use. Seam Security allows conditional rendering
of either 1) sections of a page or 2) individual controls, based upon the privileges of the user,
using the very same EL expressions that are used for component security.
Let's take a look at some examples of interface security. First of all, let's pretend that we
have a login form that should only be rendered if the user is not already logged in. Using the
identity.isLoggedIn() property, we can write this:

263

Chapter 16. Security



If the user isn't logged in, then the login form will be rendered - very straight forward so far. Now let's
pretend there is a menu on the page that contains some actions which should only be accessible
to users in the manager role. Here's one way that these could be written:


Manager Reports


This is also quite straight forward. If the user is not a member of the manager role, then the
outputLink will not be rendered. The rendered attribute can generally be used on the control itself,
or on a surrounding  or  control.
Now for something more complex. Let's say you have a h:dataTable control on a page listing
records for which you may or may not wish to render action links depending on the user's
privileges. The s:hasPermission EL function allows us to pass in an object parameter which can
be used to determine whether the user has the requested permission for that object or not. Here's
how a dataTable with secured links might look:



Name
#{cl.name}


City
#{cl.city}


Action





264

Securing pages

16.6.4. Securing pages
Page security requires that the application is using a pages.xml file, however is extremely simple
to configure. Simply include a  element within the page elements that you wish to
secure. If no explicit restriction is specified by the restrict element, an implied permission of /
viewId.xhtml:render will be checked when the page is accessed via a non-faces (GET) request,
and a permission of /viewId.xhtml:restore will be required when any JSF postback (form
submission) originates from the page. Otherwise, the specified restriction will be evaluated as a
standard security expression. Here's a couple of examples:





This page has an implied permission of /settings.xhtml:render required for non-faces
requests and an implied permission of /settings.xhtml:restore for faces requests.


#{s:hasRole('admin')}


Both faces and non-faces requests to this page require that the user is a member of the admin role.

16.6.5. Securing Entities
Seam security also makes it possible to apply security restrictions to read, insert, update and
delete actions for entities.
To secure all actions for an entity class, add a @Restrict annotation on the class itself:

@Entity
@Name("customer")
@Restrict
public class Customer {
...
}

If no expression is specified in the @Restrict annotation, the default security check that is
performed is a permission check of entity:action, where the permission target is the entity
instance, and the action is either read, insert, update or delete.

265

Chapter 16. Security

It is also possible to only restrict certain actions, by placing a @Restrict annotation on the relevant
entity lifecycle method (annotated as follows):

• @PostLoad - Called after an entity instance is loaded from the database. Use this method to
configure a read permission.
• @PrePersist - Called before a new instance of the entity is inserted. Use this method to
configure an insert permission.
• @PreUpdate - Called before an entity is updated. Use this method to configure an update
permission.
• @PreRemove - Called before an entity is deleted. Use this method to configure a delete
permission.
Here's an example of how an entity would be configured to perform a security check for any insert
operations. Please note that the method is not required to do anything, the only important thing
in regard to security is how it is annotated:

@PrePersist @Restrict
public void prePersist() {}

Using /META-INF/orm.xml
You can also specify the call back method in /META-INF/orm.xml:








266

Securing Entities

Of course, you still need to annotate the prePersist() method on Customer with
@Restrict

And here's an example of an entity permission rule that checks if the authenticated user is allowed
to insert a new MemberBlog record (from the seamspace example). The entity for which the
security check is being made is automatically inserted into the working memory (in this case
MemberBlog):

rule InsertMemberBlog
no-loop
activation-group "permissions"
when
principal: Principal()
memberBlog:
MemberBlog(member
:
member
(member.getUsername().equals(principal.getName())))
check: PermissionCheck(target == memberBlog, action == "insert", granted == false)
then
check.grant();
end;

->

This rule will grant the permission memberBlog:insert if the currently authenticated user
(indicated by the Principal fact) has the same name as the member for which the blog entry is
being created. The "principal: Principal()" structure that can be seen in the example code is
a variable binding - it binds the instance of the Principal object from the working memory (placed
there during authentication) and assigns it to a variable called principal. Variable bindings
allow the value to be referred to in other places, such as the following line which compares the
member's username to the Principal name. For more details, please refer to the JBoss Rules
documentation.
Finally, we need to install a listener class that integrates Seam security with your JPA provider.

16.6.5.1. Entity security with JPA
Security checks for EJB3 entity beans are performed with an EntityListener. You can install
this listener by using the following META-INF/orm.xml file:




267

Chapter 16. Security










16.6.5.2. Entity security with a Managed Hibernate Session
If you are using a Hibernate SessionFactory configured via Seam, and are using annotations,
or orm.xml, then you don't need to do anything special to use entity security.

16.6.6. Typesafe Permission Annotations
Seam provides a number of annotations that may be used as an alternative to @Restrict, which
have the added advantage of providing compile-time safety as they don't support arbitrary EL
expressions in the same way that @Restrict does.
Out of the box, Seam comes with annotations for standard CRUD-based permissions, however
it is a simple matter to add your own. The following annotations are provided in the
org.jboss.seam.annotations.security package:
• @Insert
• @Read
• @Update
• @Delete
To use these annotations, simply place them on the method or parameter for which you wish to
perform a security check. If placed on a method, then they should specify a target class for which
the permission will be checked. Take the following example:

@Insert(Customer.class)
public void createCustomer() {
...
}

In this example, a permission check will be performed for the user to ensure that they have the
rights to create new Customer objects. The target of the permission check will be Customer.class

268

Typesafe Role Annotations

(the actual java.lang.Class instance itself), and the action is the lower case representation of
the annotation name, which in this example is insert.
It is also possible to annotate the parameters of a component method in the same way. If this is
done, then it is not required to specify a permission target (as the parameter value itself will be
the target of the permission check):

public void updateCustomer(@Update Customer customer) {
...
}

To create your own security annotation, you simply need to annotate it with @PermissionCheck,
for example:

@Target({METHOD, PARAMETER})
@Documented
@Retention(RUNTIME)
@Inherited
@PermissionCheck
public @interface Promote {
Class value() default void.class;
}

If you wish to override the default permission action name (which is the lower case version of the
annotation name) with another value, you can specify it within the @PermissionCheck annotation:

@PermissionCheck("upgrade")

16.6.7. Typesafe Role Annotations
In addition to supporting typesafe permission annotation, Seam Security also provides typesafe
role annotations that allow you to restrict access to component methods based on the role
memberships of the currently authenticated user. Seam provides one such annotation out
of the box, org.jboss.seam.annotations.security.Admin, used to restrict access to a
method to users that are a member of the admin role (so long as your own application
supports such a role). To create your own role annotations, simply meta-annotate them with
org.jboss.seam.annotations.security.RoleCheck, like in the following example:

@Target({METHOD})
@Documented

269

Chapter 16. Security

@Retention(RUNTIME)
@Inherited
@RoleCheck
public @interface User {
}

Any methods subsequently annotated with the @User annotation as shown in the above example
will be automatically intercepted and the user checked for the membership of the corresponding
role name (which is the lower case version of the annotation name, in this case user).

16.6.8. The Permission Authorization Model
Seam Security provides an extensible framework for resolving application permissions. The
following class diagram shows an overview of the main components of the permission framework:

270

The Permission Authorization Model

The relevant classes are explained in more detail in the following sections.

16.6.8.1. PermissionResolver
This is actually an interface, which provides methods for resolving individual object permissions.
Seam provides the following built-in PermissionResolver implementations, which are described
in more detail later in the chapter:
• RuleBasedPermissionResolver - This permission resolver uses Drools to resolve rule-based
permission checks.
• PersistentPermissionResolver - This permission resolver stores object permissions in a
persistent store, such as a relational database.

271

Chapter 16. Security

16.6.8.1.1. Writing your own PermissionResolver
It is very simple to implement your own permission resolver. The PermissionResolver interface
defines only two methods that must be implemented, as shown by the following table. By deploying
your own PermissionResolver implementation in your Seam project, it will be automatically
scanned during deployment and registered with the default ResolverChain.

Table 16.7. PermissionResolver interface
Return

Method

Description

type
boolean

void

hasPermission(Object

target, This

method

must

resolve

String action)

whether the currently authenticated
user (obtained via a call to
Identity.getPrincipal()) has the
permission specified by the target and
action parameters. It should return
true if the user has the permission, or
false if they don't.

filterSetByAction(Set
Seam Reference Guide

seam-reference-guide

Message List

Login

Todo List

Guess a number...

You won!

Search Hotels

Room Preference

#{blogEntry.title}

#{blogEntry.title}

Create Person

Create Person

List of people

Search for people

Search for people

This is a big heading

This is a smaller heading

This is more complex HTML

#{blogEntry.title}

#{blogEntry.title}

Navigation menu

Versions of this User Manual:

Views

Navigation

Username
Real Name
Password