Good news! We've just gone live with Seam 2.1.2.CR2. This release puts us right on the brink of a final release, with only documentation issues and a little more testing remaining on the work list. If you haven't already done so, now is the time to test the release with your Seam projects and report back issues, as the next scheduled stop on the Seam roadmap will be Seam 2.2.

When we put CR1 out, I mentioned the focus we put on bug fixing, but I completely failed to mention that we do have a few new features in this release. One of the biggest is the new s:token tag, aimed at fighting cross site request forgery attacks against Seam applications. On the charting side, we added the ability to customize generated charts and charting data sets in Seam components, for those cases when the strictly declarative charting tags are insufficient. We now have some basic Guice support. And finally, we've been marching seam-gen forward with a number of new features like identity management support and Glassfish-ready project generation.

[Download] [Reference Documentation] [JIRA] [Release Notes] [Migration Guide]

It's been a few months, and we're finally close enough on Seam 2.1.2 to push CR1 out for you guys. We don't have a ton of new features this time around. Instead, we've focussed primarily on bug fixes, stability and minor enhancments, with 165 JIRA items cleared. I'd really like to thank the Seam community as a whole for the participation levels we've seen in this release. We've seen an increase in the quality of the JIRA requests and an even bigger increase in the number of issues with patches and test cases. Seeing open source work is a beautiful thing.

[Download] [Reference Documentation] [JIRA] [Release Notes] [Migration Guide]

It looks like we can add to the Christmas cheer by announcing that Seam 2.1.1 is now out. Seam 2.1.1 is largely a bug-fix release, with a number of notable performance improvements, especially around hot deploy. We've added support for PDF forms to the iText integration as well as OpenID support. Seam-gen now generates IntelliJ IDEA projects. And, I should also point out that we've changed a few of the URLs on examples to match up better with the example names. If you are developing on Seam 2.1, you should consider upgrading quickly to get the latest fixes.

[Download] [Reference Documentation] [JIRA] [Release Notes] [Migration Guide]

Seam 2.1.1 adds OpenID support as the first of, we hope, many external authentication options in Seam. Since this is fairly new, I've put together a mini-FAQ on our OpenID support.

What is OpenID?

OpenID is a community standard for external web-based authentication. The basic idea is that when a user comes to your application, instead of registering and maintaining a username and password for your application, the user can register and login with his OpenID. Think of it as a user-controlled single sign-on. Instead of trying to explain OpenID here, I recommend watching OpenID According to Dave for a quick overview or Simon Willison's Google Tech Tech for a more technical introduction.

Does OpenID replace my current authentication mechanism?

OpenID can be used in a lot of different ways, and we've tried to keep our support as flexible as possible to support a wide variety of uses. To do that, we've made OpenID a supplemental authentication mechanism. The OpenID component doesn't replace your existing identity component; it sits along side it. After validating an OpenID, the OpenID component can immediately log the user in with no additional work on behalf of your application. Or, you handle the validated OpenID in an application-specific manner.

Do I still need to maintain an entity for the user?

You don't have to use any form of local identity. No local identity might make sense for some uses, like blog comments or voting in a poll, but for most applications you'll probably want to maintain a local user object to attach user-specific data to.

Does OpenID mean you give up control over the login proces?

No. OpenID is about authentication and not authorization. The OpenID provider can tell you that the user trying to access your application is who he claims, but that doesn't necessarily mean the user should be allowed to access your application. Blindly accepting OpenID credentials could open your application to spammers and other internet cretins, so you'll almost certainly want to impose the same registration and login requirements as you would for a non-OpenID login.

Do we support attribute exchange?

Not yet, but that's very high on the list of things we'd like to add.

How do I use OpenID in Seam?

Look in examples/openid for a simple Seam application that uses OpenID. This application demonstrates the simplest form of OpenID usage with no local user. For a more thorough look at how to configure OpenID, have a look at the docs. If you have any questions, problems or suggestions regarding the OpenID support, post a message to the forums.

Seam 2.1.1.CR2 is ready. We're really close to a final release, so please give it a test. Assuming we don't find any more issues, and right now things are looking good, you can probably look for a GA in the next week.

[Download] [Reference Documentation] [JIRA] [Release Notes]