I have a question about logging in automatically. I am using Seam 2.1.2 and JBoss 4.2.3GA
I have created my own Authenticator.java class and it retrieves all of the information necessary to build/store username, passwords and roles. All of that is working fine.
Components.xml has authenticate-method="#{myAuthenticator.authenticate}" and that is working fine.
To automate the login I have learned from this forum to use the following.
Also in Components.xml
<event type="org.jboss.seam.security.notLoggedIn">
<action execute="#{identity.login}"/>
<action execute="#{redirect.returnToCapturedView}"/>
</event>
This works perfectly for correctly authenticated users. Problem is when I return false from myAuthenticator (user does not have proper credentials for the app) the website goes into a loop, spawning multiple infinite cid=nnn and page loops.
Obviously (I think) using the event notLoggedIn is not the correct place to start a "Automated Login".
From what I have learned, the identity.login needs to be outside my authenticator, in order to properly have the authenticate-method in Components.xml work correctly.
Or, possibly I need to override some default behavior someplace?
Is there a better choice, a better framework location to be calling "identity.login" from?
For an automated login perspective, (like Single Sign On) where do folks make the initial identity.login call from?