I just moved to Seam 2 and I found this little change in the Identity class.
Prior to 2.0 we had :
public void authenticate()
throws LoginException
{
authenticate( getLoginContext() );
}
Now we have :
public void authenticate()
throws LoginException
{
// If we're already authenticated, then don't authenticate again
if (!isLoggedIn())
{
authenticate( getLoginContext() );
}
}
If an already logged in user (say bob) try to login again (as admin) it's successful (the authenticator is no called) and you get the "Welcome, admin" message.
To me the old code was better and breaks login compatibility ...