11 Replies Latest reply on Feb 22, 2007 10:20 AM by Shane Bryzak

    Identity.login adds a hardcoded message

    Fernando Montaño Expert


      I just try the Seam security, I did an authenticator something like this:

      public boolean authenticate(String username, String password, Set<String> roles) {
       try {
       User currentUser = (User) entityManager.createQuery("select u from User u where u.username=:username and u.password=:password")
       .setParameter("username", username)
       .setParameter("password", password)
       if (currentUser.getRoles() != null) {
       for (Role role : currentUser.getRoles())
       facesMessages.addFromResourceBundle("User.loggedIn", new Object[]{currentUser.getFullName()});
       return true;
       catch (NoResultException ex) {
       return false;

      I also created the respective page for this authentication. But when the authentication fails, I am getting two messages:
      a) "Login.error" value (messages.properties)
      b) Login failed (hardcoded).

      Then I saw that in the Identity.java you have:

      public String login()
       log.debug("Login successful for: " + getUsername());
       return "success";
       catch (LoginException ex)
       log.debug("Login failed for:" + getUsername(), ex);
       FacesMessages.instance().add("Login failed");
       return null;

      I think the line for "FacesMessages.instance().add("Login failed")" is not useful in the most cases, especially for i18n applications.

      I suggest to:
      a) remove this hardcode message
      b) add the posibility to configure the respective i18n message.

      I think the option a) is better. What do you think?

      Thanks in advance.

      Best regards.