1 Reply Latest reply on Feb 27, 2009 3:19 AM by dknig1b

    On Login, User outjection not always working

    dknig1b Feb 26, 2009 7:14 AM

      I have an authenticate() method stolen from the DVDStore example. 
      I find when I
      1) navigate to login.xhtml
      2) login (with successful credentials)
      3) I get redirected to my home page (as expected).
      4) when I arrive at home, identity.loggedIn sometimes resolves False and sometimes True.
      5) When I am considered 'logged in' then debug.seam shows the User in the Session Scope.
      6) When I am considered 'not logged in' then debug.seam shows no User in the Session scope.


      In the case where login seems to fail, if I navigate back to login.seam, then identity.loggedIn resolves to True, and going to debug.seam from the login page shows the User on the Session Scope, but going to the home page I'm still not logged in, and trying to goto any page which requires a user to be logged in, considers me 'not logged in' sends me back to the login.seam page for authentication, but then the login.seam page things I am logged in.


      Here is my authentication component (pretty much stolen from the DVDStore)



      @Stateless
@Name("authenticator")
public class AuthenticatorAction implements Authenticator,Serializable {
    @PersistenceContext
    private EntityManager em;
    @In(required = false, scope = SESSION)
    @Out(required = false, scope = SESSION)
    private User user;

    @In
    Identity identity;
    @In
    Credentials credentials;
    String returnView;
    private static final LogProvider log = Logging
            .getLogProvider(AuthenticatorAction.class);

    public boolean authenticate() {
        try {
            user = (User) em.createQuery(
            "from User where username = :username and password = :password")
            .setParameter("username", credentials.getUsername())
            .setParameter("password", credentials.getPassword())
            .getSingleResult();
            // This doesn't help either...same result as @Out
           // Contexts.getSessionContext().set("user", user); 
            return true;
        }
        catch (NoResultException ex){
            return false;
        }

    }
    @Observer("org.jboss.seam.security.loginSuccessful")
    public void updateLoginStatistics(){
            user.setLastLoginTime(user.getLoginTime());
            user.setLoginTime(new Date());
            user=em.merge(user);    
    }



      (if I take the updateLoginStatistics, I still get the same error).  I also tried setting the user directly on the SessionContext. 


      my components.xml has:


      <security:identity authenticate-method="#{authenticator.authenticate}" />



      If anyone has any suggestions I'd love to hear them. 


        • 1. Re: On Login, User outjection not always working
          dknig1b Feb 27, 2009 3:19 AM (in response to dknig1b)
          The problem is with the way Tomcat deals with cookies.  HTTPS cookies don't stick when you go back to HTTP

          see:


          http://forum.springframework.org/showthread.php?p=176072

          There is also a good point about whether one should be doing this...maybe some security problems.
            • Actions