Issue with "auto-logout"
tomwhitner Feb 21, 2011 2:28 PMI just discovered that a commented out commandlink with action\="\#{identity.logout()}" on an xhtml page will cause Seam to logout the user every time the page is processed.
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:h="http://java.sun.com/jsf/html"> <body> <h2>Welcome</h2> <h:form> <!-- <h:commandLink rendered="#{identity.isLoggedIn()}" action="#{identity.logout()}">Logout</h:commandLink> --> </h:form> <h:form> <div> <h:outputText value="Please enter your username and password:" /> <h:inputText value="#{credentials.username}" /> <h:inputSecret value="#{credentials.password}" /> </div> <div> <h:commandButton action="#{identity.login}" value="Login" /> </div> <h:messages styleClass="messages" /> </h:form> </body> </html>
I have created a small sample with the following for my authenticator
@Stateless @Name("login") public class LoginAction implements Login { @Logger private Log log; public boolean login() { return true; } @Observer("org.jboss.seam.security.loginSuccessful") public void onSuccessfulLogin() { log.info("Login successful."); } @Observer("org.jboss.seam.security.loggedOut") public void onLogout() { log.info("User Logged Out."); } }
With the command link uncommented, I see
2011-02-21 14:17:48,924 INFO [session.LoginAction] (http-127.0.0.1-8080-1) Login successful. 2011-02-21 14:17:59,267 INFO [session.LoginAction] (http-127.0.0.1-8080-1) User Logged Out.
Note the 11 second delay before I pressed the logout button. When I comment out the command link (as in the example above), I see the following:
2011-02-21 14:20:40,948 INFO [session.LoginAction] (http-127.0.0.1-8080-1) Login successful. 2011-02-21 14:20:40,979 INFO [session.LoginAction] (http-127.0.0.1-8080-1) User Logged Out.
Note that I did NOT push the logout button, and the logout happens 21 ms after I pressed login. Somehow the EL is being processed when the commandlink element is commented out.
I think this is a defect/bug. Has anyone seen this? Is this a know issue? If so, please point me to more information (Jira, doc, etc.). Otherwise, I will open an issue in Jira.
Thanks,
Tom