This content has been marked as final.
Show 4 replies
-
1. Re: remember me with password?
gonorrhea Apr 2, 2009 10:11 PM (in response to ajanz)Here is some info from the Seam ref doc for 2.1.1.GA:
15.3.5. Remember Me Seam Security supports the same kind of "Remember Me" functionality that is commonly encountered in many online web-based applications. It is actually supported in two different "flavours", or modes - the first mode allows the username to be stored in the user's browser as a cookie, and leaves the entering of the password up to the browser (many modern browsers are capable of remembering passwords). The second mode supports the storing of a unique token in a cookie, and allows a user to authenticate automatically upon returning to the site, without having to provide a password. To summarize: While everyone is doing it, persistent "Remember Me" cookies with automatic authentication are a bad practice and should not be used. Cookies that "remember" only the users login name, and fill out the login form with that username as a convenience, are not an issue.
-
2. Re: remember me with password?
bashan Nov 1, 2009 9:55 PM (in response to ajanz)Is there an example out there that does autologin with cookie and password?
-
3. Re: remember me with password?
ajanz Nov 2, 2009 9:26 AM (in response to ajanz)i did it that way
public String autologin() {
log.debug(" begin autologin");
String lsret = "";
try {
if (Identity.instance().isLoggedIn() == false ) {
Identity.instance().setPassword(MemberManager.getInstance().getMember(Identity.instance().getUsername()).getPassword());
log.debug("mandant is = " + mandant);
Authenticator auth = (Authenticator) Component.getInstance("authenticator");
Identity.instance().login();
}
} catch (Exception e) {
// TODO Auto-generated catch block
log.error("Error autologin", e);
}
if (Identity.instance().isLoggedIn() == false)
lsret = "logout";
log.debug("end autologin lsret =" + lsret);
return lsret;
}
and call this function per pages.xml
<page view-id="/home.xhtml" >
<action execute="#{Page.autologin}" if="#{!Identity.instance().isLoggedIn()}"/>
<navigation>
<rule if-outcome="logout">
<redirect view-id="/login.xhtml"/>
</rule>
</navigation>
</page> -
4. Re: remember me with password?
bashan Nov 2, 2009 9:30 PM (in response to ajanz)Making an automatic login based on username is very unsafe operation. I am looking for a much safer solution and I also prefer it to be out-of-the-box solution, since I already have my own cookie based auto-login the suddenly started going crazy and prevented me from logging out. so, I decided to look for the
right way
of doing it using Seam. The problem is, I can't really find a working solution...