4 Replies Latest reply on Nov 2, 2009 9:30 PM by bashan

remember me with password?

ajanz Apr 1, 2009 10:50 AM

i got a seam-gen generated app.

at the login page there is a check box remember me

is it possible to use with password? so the user doesn't need to login?

1. Re: remember me with password?

gonorrhea Apr 2, 2009 10:11 PM (in response to ajanz)

Here is some info from the Seam ref doc for 2.1.1.GA:

15.3.5. Remember Me
Seam Security supports the same kind of "Remember Me" functionality that is commonly
encountered in many online web-based applications. It is actually supported in two different
"flavours", or modes - the first mode allows the username to be stored in the user's browser as a
cookie, and leaves the entering of the password up to the browser (many modern browsers are
capable of remembering passwords).
The second mode supports the storing of a unique token in a cookie, and allows a user to
authenticate automatically upon returning to the site, without having to provide a password.

To summarize: While everyone is doing it, persistent "Remember Me" cookies with
automatic authentication are a bad practice and should not be used. Cookies that
"remember" only the users login name, and fill out the login form with that username
as a convenience, are not an issue.

2. Re: remember me with password?

bashan Nov 1, 2009 9:55 PM (in response to ajanz)

Is there an example out there that does autologin with cookie and password?
Actions
3. Re: remember me with password?

ajanz Nov 2, 2009 9:26 AM (in response to ajanz)

i did it that way

public String autologin() {
          log.debug(" begin autologin");
          String lsret = "";
          try {

               if (Identity.instance().isLoggedIn() == false ) {
                                             Identity.instance().setPassword(MemberManager.getInstance().getMember(Identity.instance().getUsername()).getPassword());
                              log.debug("mandant is = " + mandant);
                              Authenticator auth = (Authenticator) Component.getInstance("authenticator");
                              Identity.instance().login();
               }
          } catch (Exception e) {
               // TODO Auto-generated catch block
               log.error("Error autologin", e);
          }
          if (Identity.instance().isLoggedIn() == false)
               lsret = "logout";
          log.debug("end autologin lsret =" + lsret);
          return lsret;

     }

and call this function per pages.xml

<page view-id="/home.xhtml"    >

        <action execute="#{Page.autologin}"   if="#{!Identity.instance().isLoggedIn()}"/>
        <navigation>
            <rule if-outcome="logout">
                <redirect view-id="/login.xhtml"/>
            </rule>
        </navigation>
    </page>
Actions
4. Re: remember me with password?

bashan Nov 2, 2009 9:30 PM (in response to ajanz)

Making an automatic login based on username is very unsafe operation. I am looking for a much safer solution and I also prefer it to be out-of-the-box solution, since I already have my own cookie based auto-login the suddenly started going crazy and prevented me from logging out. so, I decided to look for the right way of doing it using Seam. The problem is, I can't really find a working solution...
Actions

Go to original post