11 Replies Latest reply on Mar 26, 2007 10:34 PM by Gavin King

    Seam security adds default messages

    Piotr Walczyszyn Newbie

      I just installed seam-1.1.6 and I can see that seam-secuity adds default messages (this is new behaviour since 1.1.5), when user logs in it adds:

      Welcome, %username%
      and when user fails to authenticate it adds:
      Invalid login
      Is it possible to turn off this behaviour because I want to display my own messages in different language and in case of successful login I don't want any message.

      Best,
      Piotr

        • 1. Re: Seam security adds default messages
          Gavin King Master

          Add your message to messages.properties, check the sourcecode to find the name of the key, I forget.

          • 2. Re: Seam security adds default messages
            Fernando Montaño Expert

            The messages you should add to your .properties file are

            org.jboss.seam.loginSuccessful = Welcome, #0

            and

            org.jboss.seam.loginFailed = Login failed


            In case of login fails it is natural to add the message (which I can configure as I want), but in the case of the login is successfully not all cases it is required to add a success message.

            Is there a way in order to turn off the success message?

            • 4. Re: Seam security adds default messages
              Fernando Montaño Expert

              I think an empty message will generate the <h:messages> also renders an empty message.

              I think it would be better detects if "org.jboss.seam.loginSuccessful" is in the messages.properties, if it exists then add the message, if doesn't exist, don't add the message.

              • 5. Re: Seam security adds default messages
                Piotr Walczyszyn Newbie

                I think fernando_jmt is right, for example in my case I link graphical icon with messages.
                Icon is rendered when #{! empty facesContext.maximumSeverity}, unfortunetly when I set org.jboss.seam.loginSuccessful to be an empty string my icon is also rendered.

                • 6. Re: Seam security adds default messages
                  Stefan Frank Newbie

                  I found&can override two messages:
                  org.jboss.seam.loginSuccessful = Welcome, #0
                  org.jboss.seam.loginFailed = Login failed

                  but there is at least a third one that is shown when the user is redirected to the login-page for the first time, it says:

                  Please log in first


                  I looked into the sourcecode, but could not find the keys for the last message: Where can I find these codes?!

                  Cheers
                  stf

                  PS: And it would be easier, if there was a small section in the security-doc that simply lists these keys and shows how to override them...





                  • 7. Re: Seam security adds default messages
                    Fernando Montaño Expert

                    org.jboss.seam.NotLoggedIn

                    • 8. Re: Seam security adds default messages
                      Shane Bryzak Master

                      Please create a JIRA issue to add these message keys to the docs.

                      • 9. Re: Seam security adds default messages
                        Jonathan Ekwempu Newbie

                         

                        "fernando_jmt" wrote:
                        The messages you should add to your .properties file are

                        org.jboss.seam.loginSuccessful = Welcome, #0

                        and

                        org.jboss.seam.loginFailed = Login failed


                        In case of login fails it is natural to add the message (which I can configure as I want), but in the case of the login is successfully not all cases it is required to add a success message.

                        Is there a way in order to turn off the success message?



                        I am using a custom resource bundle (not the jsf style resource bundle) because of the requirements of our multi-language application. In that case what you recommended may not apply.


                        I tried setting my own message as shown below but got my own message and the default message ("Login failed") displayed as error messages. The result tells me that you set the error message only after the authenticate() method returns false.

                        Error messages displayed:

                        * Invalid username or password
                        * Login failed

                        in that order.

                        public boolean authenticate(){

                        try {

                        user = (TsUsersEntityBean) em.createQuery("from TsUsersEntityBean where userLoginId = :username")
                        .setParameter("username", identity.getUsername())
                        .getSingleResult();

                        }catch (NoResultException ex){
                        FacesMessages.instance().add("Invalid username or password");
                        return false;
                        }

                        To make the error handling more generic, I am recommending that you have methods that return and set the various messages. Your indentity class might be the appropriate class to add the methods - similar to Identity.addRole(String) method.

                        Hence, one can then set the appropriate message based on your specified key. For example: Identity.setLoginError("org.jboss.seam.loginFailed", "Invalid username or password"); The message set could be in any locale.

                        In your own code(seam code) if the user authenticate method returns false, you can then call Identity.getLoginError("org.jboss.seam.loginFailed"), if it returns null then set it to "Login failed" otherwise use the returned value.

                        Do a similar thing for all the other messages related to authentication (login). Doing so will make your authentication method usable by any locale.

                        • 10. Re: Seam security adds default messages
                          Fernando Montaño Expert

                          Simply, if you want to add your custom messages (in any locale) for authentication or whatever in Seam and you don't like (or you don't need) messages Seam adds as default, you should add in your resource bundle an empty key (Seam key message) in order to avoid that message be rendered.

                          In the example you give you have the messages:

                          * Invalid username or password
                          * Login failed (added by Seam)
                          


                          So if you don't want the second message appears, add this in your resource bundle:

                          org.jboss.seam.loginFailed
                          


                          The key without value.


                          HTH.

                          • 11. Re: Seam security adds default messages
                            Gavin King Master

                            You can easily override the built-in Identity component to do whatever you like, eg. stub out the addLoginSuccessfulMessage() method.

                            This is one of the nice things about Seam built-in components.