6 Replies Latest reply on Mar 31, 2010 6:09 PM by deanhiller2000

    RememberMe not working for me

    mzuzik
    mzuzik Apr 23, 2009 8:58 PM

      Hi there,


      The RememberMe functionality doesn't seem to be working for me. I am wondering what configuration or code I may haveincorrectly implemented.


      We are running SEAM 2.1.1.GA on JBOSS 4.2.3 and testing on Firefox 3.0.8.


      The RememberMe funtionality on login is currently not working for us.


      We have configured security identity in components.xml like this:




      <security:identity authenticate-method="#{authenticator.authenticate}" jaas-config-name="LdapToActiveDirectory"
                       remember-me="true"/>





      In login.xhtml, we have the following code:



              
           <h:form style="width:450px; margin: 15px;">
                        <p style="padding-top: 15px">Enter your username and password below to login</p>
                        <div style="margin-top: 24px;margin-right: 45px;">
                            <div class="value">
                                <label>User Name</label>
                                <div class="inputRadio">
                                    <h:inputText value="#{identity.username}" size="45"/>
                                </div>
                            </div>
                            <div class="value">
                                <label>Password</label>
                                <div class="inputRadio">
                                    <h:inputSecret value="#{identity.password}" redisplay="true" size="45"/>
                                </div>
                            </div>
                            <div class="value">
                                <label>Remember User Name</label>
                                <div class="inputRadio">
                                    <input name="asdf" type="checkbox" value="#{identity.rememberMe}"/>
                                </div>
                            </div>
                            <div style="clear:both"></div>
                            <div class="button" style="margin-left: 170px">
                                <h:commandButton action="#{identity.login}" id="submitButton" value="Login">
                                    <s:defaultAction /></h:commandButton>                            </div>
                        </div>
                        <input type="submit" style="display:none"/>                        
                    </h:form>





      Thank you for any insight or help you are able to offer.


      Cheers,
      Michelle

      • 358 Views
      • Tags:
        • 1. Re: RememberMe not working for me
          egalperin Apr 24, 2009 12:19 PM (in response to mzuzik)

          Hi, I am trying to get it working too. The first problem was that I am not using Identity management module. Without it I am getting NullPointerException: 


          java.lang.NullPointerException at org.jboss.seam.security.management.IdentityManager.isUserEnabled(IdentityManager.java:130)



          So I have enabled IdentityManager and this problem was solved.


          The next problem was not redirecting to the requested page after login. I have configured events in components.xml like this:
           
            

          <event type="org.jboss.seam.security.notLoggedIn">
    <action execute="#{redirect.captureCurrentView}"/>
    <action execute="#{identity.tryLogin()}"/>
  </event>

  <event type="org.jboss.seam.security.loginSuccessful">
    <action execute="#{redirect.returnToCapturedView}"/>
  </event>



          No luck. Looking at the code, it seems that tryLogin() doesn't raise org.jboss.seam.security.loginSuccessful event, so redirect.returnToCapturedView won't be called. I have replaced the recommended configuration with my own:


             

          <event type="org.jboss.seam.security.notLoggedIn">
        <action execute="#{redirect.captureCurrentView}"/>
        <action execute="#{identity.tryLogin()}"/>
    </event>
    <event type="org.jboss.seam.security.postAuthenticate">
        <action execute="#{redirect.returnToCapturedView}"/>
    </event>



          Now, returnToCapturedView gets called, but still no redirect. After debugging I have found that the method Pages.redirectToLoginView() redirects to the login view after redirect.returnToCapturedView gets called. My solution is to replace built-in Pages component with my own:


          @Scope(ScopeType.APPLICATION)
@BypassInterceptors
@Name("org.jboss.seam.navigation.pages")
@Install(precedence = DEPLOYMENT, classDependencies = "javax.faces.context.FacesContext")
@Startup
public class Pages extends org.jboss.seam.navigation.Pages {

    public void redirectToLoginView() {
        notLoggedIn();
        // Ensure that we haven't been authenticated as a result of the org.jboss.seam.security.notLoggedIn event
        if (!Identity.instance().isLoggedIn()) {
            String loginViewId = getLoginViewId();
            if (loginViewId == null) {
                throw new NotLoggedInException();
            } else {
                Manager.instance().redirect(loginViewId);
            }
        }
    }

}



          Now it works. 




            • Actions
          • 2. Re: RememberMe not working for me
            jbarrett
            jbarrett Apr 24, 2009 10:54 PM (in response to mzuzik)

            This post was very timely. I was having the same problem today. The fix posted here works but with one problem. When it redirects back to the original requested page after successful tryLogin the original faces message Please log in first from the failed isLoggedIn call.



            This seems to be the source of the message.


            pages.xml:


                 <exception class="org.jboss.seam.security.NotLoggedInException">
          <redirect view-id="/logon.xhtml">
               <message severity="warn">#{messages['org.jboss.seam.NotLoggedIn']}</message>
          </redirect>
     </exception>




            Is there an easy way to have it display those messages only when tryLogin fails?

              • Actions
            • 3. Re: RememberMe not working for me
              egalperin Apr 27, 2009 9:18 AM (in response to mzuzik)

              The message is not important for me. I have simply disabled it in messages.properties


              org.jboss.seam.NotLoggedIn=



              I think the source of the message is in the org.jboss.seam.security.facesSecurityEvents Component:
                
                

              @Observer(Identity.EVENT_NOT_LOGGED_IN)
   public void addNotLoggedInMessage()
   {      
      StatusMessages.instance().addFromResourceBundleOrDefault( 
            Severity.WARN, 
            "org.jboss.seam.NotLoggedIn", 
            "Please log in first" 
         );      
   }



              You can try to remove the message from StatusMessages. Something like this:   
                 
                 

              @Observer(Identity.EVENT_POST_AUTHENTICATE)
    public void postAuthenticate() {
        StatusMessages.instance().clearKeyedMessages("org.jboss.seam.NotLoggedIn");
    }



              Please note, I didn't try it - may be it doesn't work.

                • Actions
              • 4. Re: RememberMe not working for me
                egalperin Apr 27, 2009 10:15 AM (in response to mzuzik)

                Eugen Galperin wrote on Apr 27, 2009 09:18:

                   
                   
                @Observer(Identity.EVENT_POST_AUTHENTICATE)
    public void postAuthenticate() {
        StatusMessages.instance().clearKeyedMessages("org.jboss.seam.NotLoggedIn");
    }



                Please note, I didn't try it - may be it doesn't work.



                Yes, it doesn't work - KeyedMessages is a wrong place. This code does the trick but it clears all global messages for the current request:



                @Scope(ScopeType.APPLICATION)
@BypassInterceptors
@Name("org.jboss.seam.navigation.pages")
@Install(precedence = DEPLOYMENT, classDependencies = "javax.faces.context.FacesContext")
@Startup
public class Pages extends org.jboss.seam.navigation.Pages {

    public void redirectToLoginView() {
        notLoggedIn();
        // Ensure that we haven't been authenticated as a result of the org.jboss.seam.security.notLoggedIn event
        if (!Identity.instance().isLoggedIn()) {
            String loginViewId = getLoginViewId();
            if (loginViewId == null) {
                throw new NotLoggedInException();
            } else {
                Manager.instance().redirect(loginViewId);
            }
        } else {
            StatusMessages.instance().clearGlobalMessages();
        }
    }
}



                  • Actions
                • 5. Re: RememberMe not working for me
                  jbarrett
                  jbarrett Jun 30, 2009 11:30 PM (in response to mzuzik)

                  I found a work around to the messages issue.


                  Put a facesMessages.clear action in the event.




                  <event type="org.jboss.seam.security.notLoggedIn">
     <action execute="#{redirect.captureCurrentView}" />
     <action execute="#{facesMessages.clear}" />
     <action execute="#{identity.tryLogin}" />
</event>




                    • Actions
                  • 6. Re: RememberMe not working for me
                    deanhiller2000
                    deanhiller2000 Mar 31, 2010 6:09 PM (in response to mzuzik)

                    darn, the facesMessages.clear in pages file did not work for me in 2.2 :(


                    I love this post though.  Fixed our redirect problem with remember me.


                    ps. We had to write our own remember me since JpaTokenStore says it is Serializable but is not because the AnnotatedBeanProperty fields in it are not Serializable and it throws all these exceptions in a clustered environment so I love how we can override core seam components to work around this stuff....it's great!!!!

                      • Actions