Automatic logins
kokice Oct 28, 2008 8:10 AMHi there,
I couldn't come up with a better topic title, but here we go. I'm using the latest Seam, and I have some trouble implementing something.
What I need to do is implement my own custom login-strategy. In short terms, I need to check if a specific user is logged on through an external system, if so the user is automatically logged in. This is simply done by checking if a specific cookie is there, and contacting a webservice which returns me some values based on this cookie. Pretty basic and straightforward, and this part works FINE. However, I'm having some problems with the Seam lifecycle me thinks. I'm also a Seam-newbie, so bear with me here. :)
What I did was to add a method to be called when the NotLoggedIn-event is fired:
<event type="org.jboss.seam.notLoggedIn">
<action execute="#{authenticator.autoLogin}"/>
<action execute="#{redirect.captureCurrentView}"/>
</event>
This is an idea I got from:
http://sdudzin.blogspot.com/2007/12/windows-sso-with-jboss-seam.html
My autoLogin-method is called, I do some custom authentication-stuff, i.e. verifying that the user is logged in through a webservice, and initialize the Credentials- and identity objects by setting necessary values. In other words, these two objects now contain some values.
Then in my pages.xml:
<page view-id="*" login-required="true">
<navigation>
<rule if-outcome="home">
<redirect view-id="/home.xhtml"/>
</rule>
</navigation>
</page>
And here's the funny stuff. Here you also define a login-view-id. So every time I enter my application, my autoLogin-method is called, the Credentials- and Identity-objects are populated, but I still end up at /login.xhtml, where I need to actually press the login-button to login so that the authenticate-method is called. Then I am logged in, and the correct user is shown.
How do I automate this? I don't want Seam to redirect me to login.xhtml, I want Seam to accept that I'm logged in, but still protect every page!!
I tried adding: <action execute="#{identity.tryLogin}"/>
to the NotLoggedIn-event, but still the same. What am I missing here? How can I "bypass" this in the best way?
Hope I'm making some sense here....
Thanks in advance!
I couldn't come up with a better topic title, but here we go. I'm using the latest Seam, and I have some trouble implementing something.
What I need to do is implement my own custom login-strategy. In short terms, I need to check if a specific user is logged on through an external system, if so the user is automatically logged in. This is simply done by checking if a specific cookie is there, and contacting a webservice which returns me some values based on this cookie. Pretty basic and straightforward, and this part works FINE. However, I'm having some problems with the Seam lifecycle me thinks. I'm also a Seam-newbie, so bear with me here. :)
What I did was to add a method to be called when the NotLoggedIn-event is fired:
<event type="org.jboss.seam.notLoggedIn">
<action execute="#{authenticator.autoLogin}"/>
<action execute="#{redirect.captureCurrentView}"/>
</event>
This is an idea I got from:
http://sdudzin.blogspot.com/2007/12/windows-sso-with-jboss-seam.html
My autoLogin-method is called, I do some custom authentication-stuff, i.e. verifying that the user is logged in through a webservice, and initialize the Credentials- and identity objects by setting necessary values. In other words, these two objects now contain some values.
Then in my pages.xml:
<page view-id="*" login-required="true">
<navigation>
<rule if-outcome="home">
<redirect view-id="/home.xhtml"/>
</rule>
</navigation>
</page>
And here's the funny stuff. Here you also define a login-view-id. So every time I enter my application, my autoLogin-method is called, the Credentials- and Identity-objects are populated, but I still end up at /login.xhtml, where I need to actually press the login-button to login so that the authenticate-method is called. Then I am logged in, and the correct user is shown.
How do I automate this? I don't want Seam to redirect me to login.xhtml, I want Seam to accept that I'm logged in, but still protect every page!!
I tried adding: <action execute="#{identity.tryLogin}"/>
to the NotLoggedIn-event, but still the same. What am I missing here? How can I "bypass" this in the best way?
Hope I'm making some sense here....
Thanks in advance!