1 Reply Latest reply on Jul 4, 2008 5:04 PM by Jan Nawara

    Webservice: authentication gets forgotten

    Daniel Behrwind Newbie


      I'm trying to extend the web service example from the seam manual: A second method gets called after logging in. The second method checks if the user is logged in by calling isLoggedIn() on the identity component, which alsways returns false, even if authentication was successfull (login returned true).

      Here's the code:

      @WebService(name="myService", serviceName="myService")
      public class MyWebservice implements MyWebserviceRemote {
           @Logger Log log;
           @In Identity identity;
           public boolean login(String username, String password) {
                log.info(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Trying to login: " + username);
                return identity.isLoggedIn();
           public void printPayload(List<PayloadParent> payload) throws AuthorizationException {
                log.info(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>receiving payload, loggedin: " + identity.isLoggedIn());
                if (!identity.isLoggedIn()) throw new AuthorizationException("Please login first.");
                for (PayloadParent parent : payload) {
                     for (PayloadChild child : parent.getCildren()) {
                          for (PayloadGrandchild grandchild : child.getGrandChildren()) {

      So every time the printPayload method gets called, an AuthorizationException is thrown.

      What is my mistake?

        • 1. Re: Webservice: authentication gets forgotten
          Jan Nawara Newbie

          I had a similar issue when I began creating a web service in Seam. For me it turned out to be a problem with my client application and not the web service itself. My client application is written in .NET and by default it does not maintaing cookies for web services. As soon as I turned on cookie support I was able to keep my identity logged in between web service calls. This sounds like what is happening in your case. Since the session id cookie is not getting passed back to the web service on the second call, it can't figure out which user you are and assumes you are a new user instead.