1 Reply Latest reply on Jun 18, 2007 7:11 AM by Stateless Bean

    Seam remoting and security problem

    Stateless Bean Novice

      Hi,
      I have problem with seam remoting.
      My app works fine on FF, but on IE,Avant Browser and Opera 9x, first time when user login and change somethinkg using ajax remoting, user is logouted from page and redirected to main page and "User not logged in" exception is thrown.

      Second try do login and change ajax everythink now works fine. Can anyone tell me what is going on?

      Here is my configuration:
      components.xml


      <?xml version="1.0" encoding="UTF-8"?>
      <components xmlns="http://jboss.com/products/seam/components"
      xmlns:core="http://jboss.com/products/seam/core"
      xmlns:security="http://jboss.com/products/seam/security"
      xmlns:drools="http://jboss.com/products/seam/drools"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation=
      "http://jboss.com/products/seam/core http://jboss.com/products/seam/core-1.1.xsd
      http://jboss.com/products/seam/components http://jboss.com/products/seam/components-1.1.xsd
      http://jboss.com/products/seam/security http://jboss.com/products/seam/security-1.1.xsd
      http://jboss.com/products/seam/drools http://jboss.com/products/seam/drools-1.1.xsd">

      <core:init jndi-pattern="Universum/#{ejbName}/local" debug="false"/>

      <core:manager conversation-timeout="120000"
      concurrent-request-timeout="500"
      conversation-id-parameter="cid"
      conversation-is-long-running-parameter="clr"/>

      <core:dispatcher/>
      <component name="org.jboss.seam.remoting.remoting">
      <property name="debug">false</property>
      <property name="pollTimeout">2</property>
      <property name="pollInterval">1</property>
      </component>

      <security:identity authenticate-method="#{authenticator.authenticate}"/>

      <drools:rule-base name="securityRules">
      <drools:rule-files><value>/META-INF/security-rules.drl</value></drools:rule-files>
      </drools:rule-base>

      <component name="em" auto-create="true" class="org.jboss.seam.core.ManagedPersistenceContext">
      <property name="persistenceUnitJndiName">java:/sguEntityManagerFactory</property>
      </component>

      <core:locale-selector cookie-enabled="true"/>

      </components>


      pages.xml
      <!DOCTYPE pages PUBLIC
       "-//JBoss/Seam Pages Configuration DTD 1.2//EN"
       "http://jboss.com/products/seam/pages-1.2.dtd">
      
      <pages>
       <page view-id="/blc.xhtml" action="#{engineControler.calcUserPoints}" />
      
       <page view-id="/pages/*">
       <restrict>#{s:hasRole('user')}</restrict>
       <navigation from-action="#{gameAction.logout}">
       <redirect view-id="/Universum.xhtml"/>
       </navigation>
      ....
      


      web.xml
      <?xml version="1.0" encoding="UTF-8"?>
      <web-app version="2.4"
       xmlns="http://java.sun.com/xml/ns/j2ee"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
      
      
       <listener>
       <listener-class>org.jboss.seam.servlet.SeamListener</listener-class>
       </listener>
      
       <listener>
       <listener-class>org.apache.myfaces.webapp.StartupServletContextListener</listener-class>
       </listener>
      
       <context-param>
       <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
       <param-value>client</param-value>
       </context-param>
      
       <context-param>
       <param-name>facelets.DEVELOPMENT</param-name>
       <param-value>true</param-value>
       </context-param>
      
       <context-param>
       <param-name>javax.faces.DEFAULT_SUFFIX</param-name>
       <param-value>.xhtml</param-value>
       </context-param>
      
       <filter>
       <filter-name>Seam Exception Filter</filter-name>
       <filter-class>org.jboss.seam.servlet.SeamExceptionFilter</filter-class>
       </filter>
      
       <filter>
       <filter-name>Seam Redirect Filter</filter-name>
       <filter-class>org.jboss.seam.servlet.SeamRedirectFilter</filter-class>
       </filter>
      
       <filter-mapping>
       <filter-name>Seam Exception Filter</filter-name>
       <url-pattern>*.seam</url-pattern>
       </filter-mapping>
      
       <filter-mapping>
       <filter-name>Seam Redirect Filter</filter-name>
       <url-pattern>*.seam</url-pattern>
       </filter-mapping>
      
       <servlet>
       <servlet-name>Seam Resource Servlet</servlet-name>
       <servlet-class>org.jboss.seam.servlet.ResourceServlet</servlet-class>
       </servlet>
      
       <servlet-mapping>
       <servlet-name>Seam Resource Servlet</servlet-name>
       <url-pattern>/seam/resource/*</url-pattern>
       </servlet-mapping>
      
       <servlet>
       <servlet-name>Faces Servlet</servlet-name>
       <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
       <load-on-startup>1</load-on-startup>
       </servlet>
      
       <servlet-mapping>
       <servlet-name>Faces Servlet</servlet-name>
       <url-pattern>*.seam</url-pattern>
       </servlet-mapping>
      </web-app>


      and my remoting :
      method
      public List<String mymethod() { }

      and in console i added: @WebRemote

      For me it looks like security problem,