4 Replies Latest reply on Oct 1, 2012 8:17 AM by c.ieva

Mixed protocol scheme problem

c.ieva Oct 1, 2012 4:22 AM

Hi to all,

I have an application which uses a mixed communication protocol: essentially it starts with a login.xhtml page over SSL and after that it switches to plain HTTP redirecting the user to a home.xhtml page (all the pages have specified the login-required="true" attribute in pages.xml).

After the first login everything goes fine but when I logged out (#{identity.logout}) the system redirect me to the login.xhtml page but when I try to login again, keeping the browser opened, the system redirect me to the login page as when the login failed even if the authenticator.authenticate method executes successfully.

In that situation, if I try the login again, all runs like a charme but after the logout I, again, need two logins before the redirection to home page takes place.

Any help would be very appreciated!

Thanks in advance,

Carlo

1. Re: Mixed protocol scheme problem

mkouba Oct 1, 2012 5:08 AM (in response to c.ieva)

Hi,
this looks odd. Do you use Seam s:link or s:button JSF controls for logout? Also do you get any JSF messages when the "wrong" redirect occurs? Paste relevant pages.xml fragment if possible and specify Seam, AS, browser versions... this might help to reproduce the issue
Actions
2. Re: Mixed protocol scheme problem

c.ieva Oct 1, 2012 5:34 AM (in response to mkouba)

Hi Martin,
thanks for your reply.

The tag I used for logout is:
    <s:link id="menuLogoutId" action="#{identity.logout}" value="Logout" rendered="#{identity.loggedIn}"/>

I didn't receive any JSF message.
The seam I used is 2.2.1.Final
Browser used for testing: Iceweasel 3.5.16, MS Internet Explorer 8

A fragment of the pages.xml:
<pages http-port="8080" https-port="8443" login-view-id="/login.xhtml"
     no-conversation-view-id="/home.xhtml"
    xmlns="http://jboss.com/products/seam/pages"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.2.xsd">

    <page view-id="*" scheme="http">
    </page>

    <page scheme="https" view-id="/login.xhtml">
        <begin-conversation join="true"/>
          <navigation from-action="#{identity.login}">
            <rule if-outcome="loggedIn">
                <redirect view-id="/home.xhtml" />
            </rule>
        </navigation>
    </page>

    <page login-required="true" view-id="/home.xhtml">
        <begin-conversation join="true"/>
    </page>

Thanks in advance!
Actions
3. Re: Mixed protocol scheme problem

mkouba Oct 1, 2012 8:05 AM (in response to c.ieva)

Hi Carlo,
what scheme do you get after the logout redirect? This looks like the user is redirected to the login with HTTP scheme and after the form submit back to HTTPS scheme (Seam automatic correction). I would also change the logging level to debug and inspect the server log file to see what's going on during the logout...
Actions
4. Re: Mixed protocol scheme problem

c.ieva Oct 1, 2012 8:17 AM (in response to mkouba)

After the logout the browser shows me the login page with the HTTPS scheme selected (as I can see in the URL)
Actions

Go to original post