This content has been marked as final.
Show 2 replies
-
1. Re: Token based RememberMe: cookie not updated with HTTP 302 status
jayliu2000.jayliu2000.hotmail.com Apr 24, 2010 2:14 AM (in response to jayliu2000.jayliu2000.hotmail.com)Sorry that piece of code is from RememberMe.postAuthenticate. I wrote a wrong class name in my post.
-
2. Re: Token based RememberMe: cookie not updated with HTTP 302 status
jayliu2000.jayliu2000.hotmail.com Apr 26, 2010 5:22 AM (in response to jayliu2000.jayliu2000.hotmail.com)For those who have same problem as me. I found a temp solution for this problem. The easist way is to change the postAuthenticate of org.jboss.seam.security.RememberMe to the following content:
@Observer(Identity.EVENT_POST_AUTHENTICATE) public void postAuthenticate(Identity identity) { if (mode.equals(Mode.usernameOnly)) { // Password is set to null during authentication, so we set dirty usernameSelector.setDirty(); if ( !enabled ) { usernameSelector.clearCookieValue(); } else { usernameSelector.setCookieMaxAge(cookieMaxAge); usernameSelector.setCookieValueIfEnabled( Identity.instance().getCredentials().getUsername() ); } } else if (mode.equals(Mode.autoLogin)) { tokenSelector.setDirty(); DecodedToken decoded = new DecodedToken(tokenSelector.getCookieValue()); // Invalidate the current token (if it exists) whether enabled or not if (decoded.getUsername() != null) { tokenStore.invalidateToken(decoded.getUsername(), decoded.getValue()); } if ( !enabled ) { tokenSelector.clearCookieValue(); } else if(!autoLoggedIn) { String value = generateTokenValue(); tokenStore.createToken(identity.getPrincipal().getName(), value); tokenSelector.setCookieEnabled(enabled); tokenSelector.setCookieMaxAge(cookieMaxAge); tokenSelector.setCookieValueIfEnabled(encodeToken(identity.getPrincipal().getName(), value)); } } }
Actually just need to change the
else
in this block:else { String value = generateTokenValue(); tokenStore.createToken(identity.getPrincipal().getName(), value); tokenSelector.setCookieEnabled(enabled); tokenSelector.setCookieMaxAge(cookieMaxAge); tokenSelector.setCookieValueIfEnabled(encodeToken(identity.getPrincipal().getName(), value)); }
change the
else
toelse if(!autoLoggedIn)