-
1. Re: Seam security / identity.logout
shane.bryzak Nov 28, 2007 4:43 PM (in response to b.reeve)Write an event observer for "org.jboss.seam.loggedOut", this event is raised when Identity.logout() is called.
-
2. Re: Seam security / identity.logout
b.reeve Nov 28, 2007 7:20 PM (in response to b.reeve)Thanks, it worked. I had another question too...
I am configuring my identity.login to loginBean.login and my loginBean class is likeimport org.jboss.seam.annotations.In; import org.jboss.seam.annotations.Name; @Name("loginBean") public class LoginBean { @In("#{identity.username}") private String username; @In("#{identity.password}") private String password; public boolean login() { //login code here return true; } public void logout(){ //logout code here } }
<?xml version="1.0" encoding="UTF-8"?> <components xmlns="http://jboss.com/products/seam/components" xmlns:core="http://jboss.com/products/seam/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation= "http://jboss.com/products/seam/core http://jboss.com/products/seam/core-2.0.xsd http://jboss.com/products/seam/components http://jboss.com/products/seam/components-2.0.xsd"> <security:identity authenticate-method="#{loginBean.login}"/> <event type="org.jboss.seam.loggedOut"> <action execute="#{loginBean.logout}"/> </event> </components>
I am getting @In required exception during logout only for password field. identity.username is still there and its not complaining. Just wanted to double check if this is the normal behavior that identity.password will be flushed out once the user is authenticated while the username remains. Or am I missing something.
Is it because the username is stored in the cookie. Please advice.
Thanks ! -
3. Re: Seam security / identity.logout
shane.bryzak Nov 28, 2007 9:42 PM (in response to b.reeve)That is normal behaviour. The password is cleared after successful authentication.
-
4. Re: Seam security / identity.logout
b.reeve Nov 29, 2007 1:23 PM (in response to b.reeve)Thanks Shane.
I see one more behavior
When i provide the wrong username or password, my configured login method is being called twice. On debugging I see that the method authenticate of Identity classpublic void authenticate() throws LoginException { // If we're already authenticated, then don't authenticate again if (!isLoggedIn()) { authenticate( getLoginContext() ); } }
is getting called again when my login fails. And once more it runs through my login method and completes.
I am returning true on sucessful login and false on failure and I am checking #{identity.loggedIn} in my pages.xml file. But that is getting called at the very end which is correct, but I can't understand why authenticate is called once again when the login returns false.
Any thoughts about this would be really helpful as there is a whole lot of code going inside my login and I dont want it to be called unnecessarily.
Thanks ! -
5. Re: Seam security / identity.logout
shane.bryzak Nov 29, 2007 4:32 PM (in response to b.reeve)This is normal also - there is no guarantee as to how many times your authenticate method is called. If you need to perform certain actions when authentication is successful then use an event.
-
6. Re: Seam security / identity.logout
b.reeve Nov 30, 2007 1:10 PM (in response to b.reeve)I think I put it the wrong way.
What I meant to say is i have mapped<security:identity authenticate-method="#{loginBean.login}"/>
and the loginBean.login method is something likepublic boolean login(){ boolean succeeded = loginAction.login(); return succeeded; }
so this method is called twice when succeeded = false and is called just once when suceeded = true
so when i debugged i see that Identity class's authenticate method is getting called twice. Why is trying to call loginBean.login again??? -
7. Re: Seam security / identity.logout
shane.bryzak Dec 1, 2007 3:10 AM (in response to b.reeve)You explained it the right way - as I said there is no guarantee that your authenticate method (loginBean.login) will only be called once by Seam's security API.
-
8. Re: Seam security / identity.logout
b.reeve Dec 6, 2007 6:31 PM (in response to b.reeve)On further research I found this.
http://jira.jboss.org/jira/browse/JBSEAM-2165
It has been fixed in the new release.
Thanks !!!