Dear all,

I have a problem (2 days old and counting...) with Seam and custom JAAS. I have written a custom JAAS login module to handle user login activity. The module is declare in component.xml,

<security:identity jaas-config-name="jaasLogin" />

A simple login page is used to obtain username and password as shown in the Seam references in Chapter 13,

<div>
<h:outputLabel for="name" value="Username"/>
<h:inputText id="name" value="#{identity.username}"/>
</div>
<div>
<h:outputLabel for="password" value="Password"/>
<h:inputSecret id="password" value="#{identity.password}"/>
</div>
<div>
<h:commandButton value="Login" action="#{identity.login}"/>
</div>

With the above setup, there is NO problem when the user provide the correct username and password. But the problem is when the user provide a wrong username or password, the login module get invokes twice. The custom login module throw javax.security.auth.login.FailedLoginException when the login has failed. I can understand the #{identity.login} action fire the login module the first time, but have no idea what causes the login module to fire the second time immediately after the first execution and before JSF render response phase?

In addition, when I hit refresh at the login page after a failed login attempt, the login module get call each time the refresh button is hit. Is this behavior somehow related to the conversation context with respect to the login page and/or the Identity seam component?

Does anyone have any idea and insight as what is happening behind the scene?

Many thanks.