I have a question about logging in automatically. I am using Seam 2.1.2 and JBoss 4.2.3GA

I have created my own Authenticator.java class and it retrieves all of the information necessary to build/store username, passwords and roles. All of that is working fine.

Components.xml has authenticate-method="#{myAuthenticator.authenticate}" and that is working fine.

To automate the login I have learned from this forum to use the following.

Also in Components.xml

<event type="org.jboss.seam.security.notLoggedIn">
    <action execute="#{identity.login}"/>
    <action execute="#{redirect.returnToCapturedView}"/>
</event>

This works perfectly for correctly authenticated users. Problem is when I return false from myAuthenticator (user does not have proper credentials for the app) the website goes into a loop, spawning multiple infinite cid=nnn and page loops.

Obviously (I think) using the event notLoggedIn is not the correct place to start a "Automated Login".

From what I have learned, the identity.login needs to be outside my authenticator, in order to properly have the authenticate-method in Components.xml work correctly.

Or, possibly I need to override some default behavior someplace?

Is there a better choice, a better framework location to be calling "identity.login" from?

For an automated login perspective, (like Single Sign On) where do folks make the initial identity.login call from?