11 Replies Latest reply on Feb 22, 2007 10:20 AM by Shane Bryzak

    Identity.login adds a hardcoded message

    Fernando Montaño Expert

      Hi.

      I just try the Seam security, I did an authenticator something like this:

      public boolean authenticate(String username, String password, Set<String> roles) {
       try {
      
       User currentUser = (User) entityManager.createQuery("select u from User u where u.username=:username and u.password=:password")
       .setParameter("username", username)
       .setParameter("password", password)
       .getSingleResult();
      
       if (currentUser.getRoles() != null) {
       for (Role role : currentUser.getRoles())
       roles.add(role.getName());
       }
       facesMessages.addFromResourceBundle("User.loggedIn", new Object[]{currentUser.getFullName()});
       return true;
       }
       catch (NoResultException ex) {
       facesMessages.addFromResourceBundle("Login.error");
       return false;
       }
       }
      


      I also created the respective page for this authentication. But when the authentication fails, I am getting two messages:
      a) "Login.error" value (messages.properties)
      b) Login failed (hardcoded).


      Then I saw that in the Identity.java you have:

      public String login()
       {
       try
       {
       authenticate();
       log.debug("Login successful for: " + getUsername());
       return "success";
       }
       catch (LoginException ex)
       {
       log.debug("Login failed for:" + getUsername(), ex);
       FacesMessages.instance().add("Login failed");
       return null;
       }
       }
      


      I think the line for "FacesMessages.instance().add("Login failed")" is not useful in the most cases, especially for i18n applications.


      I suggest to:
      a) remove this hardcode message
      b) add the posibility to configure the respective i18n message.

      I think the option a) is better. What do you think?

      Thanks in advance.

      Best regards.