-
1. Re: Security: Login twice after logout
shane.bryzak Jan 30, 2008 12:19 AM (in response to thejavafreak)I've never seen anything like this happen. Can you post your code?
-
2. Re: Security: Login twice after logout
amitev Jan 30, 2008 1:18 AM (in response to thejavafreak)I've met this problem before. I think it's caused because the session is invalidated after the new view is rendered. You can't make a post back because jsf can't find the serialized view to restore.
The solution is to use redirect in your link/button. -
3. Re: Security: Login twice after logout
thejavafreak Jan 30, 2008 2:54 AM (in response to thejavafreak)"amitev" wrote:
I've met this problem before. I think it's caused because the session is invalidated after the new view is rendered. You can't make a post back because jsf can't find the serialized view to restore.
The solution is to use redirect in your link/button.
Can you please show me a snippet for doing this? -
4. Re: Security: Login twice after logout
thejavafreak Jan 30, 2008 2:58 AM (in response to thejavafreak)"shane.bryzak@jboss.com" wrote:
I've never seen anything like this happen. Can you post your code?
The link for logging out:<s:link view="/login.xhtml" action="#{identity.logout}" value="#{messages['logout']}" rendered="#{identity.loggedIn}" />
When I click this link and successfully logged out, I must log in twice. And this occurs everytime.
login.xhtml<h:form id="login"> <rich:panel> <f:facet name="header"> <h:outputText value="#{messages['login']}" /> </f:facet> <h:panelGrid columns="2" rowClasses="prop" columnClasses="name,value"> <h:outputLabel for="username"> <h:outputText value="#{messages['username']}" /> </h:outputLabel> <h:inputText id="username" value="#{identity.username}" /> <h:outputLabel for="password"> <h:outputText value="#{messages['password']}" /> </h:outputLabel> <h:inputSecret id="password" value="#{identity.password}" /> <h:outputLabel for="rememberMe"> <h:outputText value="#{messages['rememberMe']}" /> </h:outputLabel> <h:selectBooleanCheckbox id="rememberMe" value="#{identity.rememberMe}" /> <h:panelGroup></h:panelGroup> <h:panelGroup> <a4j:commandButton value="#{messages['login']}" action="#{identity.login}" /> </h:panelGroup> </h:panelGrid> </rich:panel> </h:form>
Authenticator.java@Name("authenticator") public class Authenticator implements Serializable { private static final long serialVersionUID = -5653442272412908470L; @Logger Log log; @In Identity identity; public boolean authenticate() { log.info("authenticating #0", identity.getUsername()); //write your authentication logic here, //return true if the authentication was //successful, false otherwise identity.addRole("admin"); return true; } }
-
5. Re: Security: Login twice after logout
baspet Jan 30, 2008 4:15 AM (in response to thejavafreak)i had the some problem. Solved it, putting comments to:
a) event type="org.jboss.seam.notLoggedIn"
b) event type="org.jboss.seam.postAuthenticate"
in components.xml
V. -
6. Re: Security: Login twice after logout
thejavafreak Jan 30, 2008 6:44 AM (in response to thejavafreak)"baspet" wrote:
i had the some problem. Solved it, putting comments to:
a) event type="org.jboss.seam.notLoggedIn"
b) event type="org.jboss.seam.postAuthenticate"
in components.xml
V.
So that's what cause the problem. Thanks, I'm going to try it out. :) -
7. Re: Security: Login twice after logout
brombie Feb 1, 2008 5:18 AM (in response to thejavafreak)I'm having the same problem here. This problem is easy to duplicate if you have eclipse with JBoss tools. Just create a new Seam Web Project which will give you the login and home page.
The logout link in the generated menu.xhtml is:<s:link view="/home.xhtml" action="#{identity.logout}" value="Logout" rendered="#{identity.loggedIn}" />
If you change the view to /login.xhtml like this:<s:link view="login.xhtml action="#{identity.logout}" value="Logout" rendered="#{identity.loggedIn}" />
then you'll have to login twice. The first time you hit enter, it takes you back to the login screen. You hit enter again and this time you're logged in.
I've tried commenting out the notLoggedIn and postAuthenticate events in components.xml but it didn't solve the problems. It wouldn't be a good solution anyway, since I do need those events to be handled as configured.
Here's what I see on the console for the first login:01:32:31,187 INFO [Contexts] starting up: org.jboss.seam.security.identity 01:32:31,187 INFO [Contexts] starting up: org.jboss.seam.web.session
And on the second successful login:01:32:32,500 INFO [Authenticator] authenticating: testuser
I'll appreciate it if someone can shine a light on what's going on here. -
8. Re: Security: Login twice after logout
baspet Feb 1, 2008 5:23 AM (in response to thejavafreak)Try to remove view from s:link. It works for me..
V. -
9. Re: Security: Login twice after logout
brombie Feb 1, 2008 5:37 AM (in response to thejavafreak)"baspet" wrote:
Try to remove view from s:link. It works for me..
V.
Thanks for the response, baspet, but removing the view from the logout link will take you to the home.xhtml instead of to login.xhtml, which put us back to square one. If I click the login link from the home page, I don't have to login twice. The problem is when I want to redirect the user back to the login page upon logout. In that case, I have to login twice to move forward.
Sure I can just work around this by showing a landing page when the user logs out, but I'm working on a prototype with a goal of getting a better understanding of Seam. I'm very curious to know what I'm missing here. -
10. Re: Security: Login twice after logout
baspet Feb 1, 2008 5:47 AM (in response to thejavafreak)Does home.page.xml has login-required="true"?
V. -
11. Re: Security: Login twice after logout
thejavafreak Feb 1, 2008 6:17 AM (in response to thejavafreak)"brombie" wrote:
I've tried commenting out the notLoggedIn and postAuthenticate events in components.xml but it didn't solve the problems. It wouldn't be a good solution anyway, since I do need those events to be handled as configured.
Yup I've tried that too and it didn't work.
I've also tried it both in IE and Firefox and it didn't work.
I'm wondering what cause this problem. :( -
12. Re: Security: Login twice after logout
brombie Feb 1, 2008 7:20 AM (in response to thejavafreak)"baspet" wrote:
Does home.page.xml has login-required="true"?
V.
There's no home.page.xml. The default Seam web template in eclipse or seam-gen doesn't generate that. -
13. Re: Security: Login twice after logout
baspet Feb 1, 2008 9:13 AM (in response to thejavafreak)My app uses home.page.xml with login-required="true". So, when identity.logout executes, control tries to render home.xhtml (that's why i don't use view on s:link). But, since home.xhtml is login-required and logout already called, seam correctly drives to login.xhtml. Of course, you have to catch NotLoggedInException in pages.xml to point to login.xhtml.
V.