9 Replies Latest reply on Nov 8, 2007 11:27 AM by Pete Muir

    Problems using Authenticator.authenticate()

    Kurt Edegger Newbie

      Hi!

      I'd like to use Seam's simplified security mode with the build in identity and a custom authenticator class.
      I've initialized the security context in components.xml:


      <security:identity authenticate-method="#{authenticator.authenticate}" />


      Added the authenticator class:
      @Stateless
      @Name("authenticator")
      public class AuthenticatorImpl implements Authenticator
      {
       @Logger Log log;
      
       @In Identity identity;
      
       @In(create=true, value="JDBCTest_DB_ACCESS_BEAN")
       @Out
       private DBAccess dbAccess;
      
       public boolean authenticate()
       {
       log.info("authenticating #0", identity.getUsername());
       if ( dbAccess.authenticate(identity.getUsername(),identity.getPassword()) )
       {
       log.info("Authentication successful leading to accountId: #0 ", dbAccess.getAccountId());
       return true;
       }
       else
       {
       log.info("Authentication NOT successful!");
       return false;
       }
       }
      }
      


      Coded a login form:
       <h:form id="login">
      
       <rich:panel>
       <f:facet name="header">Login</f:facet>
      
       <p>Please login using any username and password</p>
      
       <div class="dialog">
       <h:panelGrid columns="2" rowClasses="prop" columnClasses="name,value">
       <h:outputLabel for="username">Username</h:outputLabel>
       <h:inputText id="username"
       value="#{identity.username}"/>
       <h:outputLabel for="password">Password</h:outputLabel>
       <h:inputSecret id="password"
       value="#{identity.password}"/>
       <h:outputLabel for="rememberMe">Remember me</h:outputLabel>
       <h:selectBooleanCheckbox id="rememberMe"
       value="#{identity.rememberMe}"/>
       </h:panelGrid>
       </div>
      
       </rich:panel>
      
       <div class="actionButtons">
       <h:commandButton value="Login" action="#{identity.login}"/>
       </div>
      
       </h:form>
      


      Most of it is generated by seam-gen, except the authenticate() method, which I've implemented to actually perform some work.

      If a user is successfully authenticated everything works like a charm: the authenticate() method returns true and the user is logged in.
      But on the other hand, if a user provides wrong credentials, the authenticate() method is called twice (there are two entries of 'authenticating #0' in the jboss log) and a subsequent valid login crashes the application with an PersistenceException - Session is closed! [1].

      First of all, I'm unclear why the authenticate() method is called twice if it is returning false the first time.
      Second, I don't understand why the injected (into DBAccess) Entitymanager (@PersistenceContext private EntityManager em;) got an closed session after an invalid login.

      How is a authenticate() method coded correctly, so that it is called only once every attempted login?
      Any ideas why the session is closed after an invalid login?
      DBAccess.authenticate() simply performs a NativeQuery to validate the credentials without any exceptions thrown.

      Any pointers are greatly appreciated! Please let me know, if I've missed to put some information into my post.

      Best regards, Kurt

      [1] Here's the stacktrace of the exception after an invalid login:


      javax.persistence.PersistenceException: org.hibernate.SessionException: Session is closed!
      at org.hibernate.ejb.AbstractEntityManagerImpl.throwPersistenceException(AbstractEntityManagerImpl.java:629)
      at org.hibernate.ejb.QueryImpl.getSingleResult(QueryImpl.java:99)
      at at.telbiomed.arc.DBAccessImpl.authenticate(DBAccessImpl.java:118)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112)
      at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166)
      at org.jboss.seam.intercept.EJBInvocationContext.proceed(EJBInvocationContext.java:44)
      at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
      at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:31)
      at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
      at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:42)
      at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
      at org.jboss.seam.persistence.EntityManagerProxyInterceptor.aroundInvoke(EntityManagerProxyInterceptor.java:26)
      at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
      at org.jboss.seam.persistence.HibernateSessionProxyInterceptor.aroundInvoke(HibernateSessionProxyInterceptor.java:27)
      at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
      at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:106)
      at org.jboss.seam.intercept.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:50)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118)
      at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.entity.ExtendedPersistenceContextPropagationInterceptor.invoke(ExtendedPersistenceContextPropagationInterceptor.java:57)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.aspects.tx.TxPolicy.invokeInCallerTx(TxPolicy.java:126)
      at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:195)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.stateful.StatefulInstanceInterceptor.invoke(StatefulInstanceInterceptor.java:83)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77)
      at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:106)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.stateful.StatefulContainer.localInvoke(StatefulContainer.java:204)
      at org.jboss.ejb3.stateful.StatefulLocalProxy.invoke(StatefulLocalProxy.java:100)
      at $Proxy199.authenticate(Unknown Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at org.jboss.seam.util.Reflections.invoke(Reflections.java:21)
      at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:31)
      at org.jboss.seam.intercept.ClientSideInterceptor$1.proceed(ClientSideInterceptor.java:76)
      at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
      at org.jboss.seam.ejb.RemoveInterceptor.aroundInvoke(RemoveInterceptor.java:41)
      at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
      at org.jboss.seam.core.SynchronizationInterceptor.aroundInvoke(SynchronizationInterceptor.java:32)
      at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
      at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:106)
      at org.jboss.seam.intercept.ClientSideInterceptor.invoke(ClientSideInterceptor.java:54)
      at org.javassist.tmp.java.lang.Object_$$_javassist_2.authenticate(Object_$$_javassist_2.java)
      at at.telbiomed.arc.AuthenticatorImpl.authenticate(AuthenticatorImpl.java:43)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112)
      at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166)
      at org.jboss.seam.intercept.EJBInvocationContext.proceed(EJBInvocationContext.java:44)
      at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
      at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:31)
      at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
      at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:46)
      at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
      at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:42)
      at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
      at org.jboss.seam.persistence.EntityManagerProxyInterceptor.aroundInvoke(EntityManagerProxyInterceptor.java:26)
      at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
      at org.jboss.seam.persistence.HibernateSessionProxyInterceptor.aroundInvoke(HibernateSessionProxyInterceptor.java:27)
      at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
      at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:106)
      at org.jboss.seam.intercept.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:50)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118)
      at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.aspects.tx.TxPolicy.invokeInCallerTx(TxPolicy.java:126)
      at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:195)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77)
      at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:106)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:214)
      at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:184)
      at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:81)
      at $Proxy195.authenticate(Unknown Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at org.jboss.seam.util.Reflections.invoke(Reflections.java:21)
      at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:31)
      at org.jboss.seam.intercept.ClientSideInterceptor$1.proceed(ClientSideInterceptor.java:76)
      at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
      at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:106)
      at org.jboss.seam.intercept.ClientSideInterceptor.invoke(ClientSideInterceptor.java:54)
      at org.javassist.tmp.java.lang.Object_$$_javassist_0.authenticate(Object_$$_javassist_0.java)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:328)
      at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:341)
      at org.jboss.el.parser.AstPropertySuffix.invoke(AstPropertySuffix.java:58)
      at org.jboss.el.parser.AstValue.invoke(AstValue.java:96)
      at org.jboss.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276)
      at org.jboss.seam.core.Expressions$2.invoke(Expressions.java:174)
      at org.jboss.seam.security.jaas.SeamLoginModule.login(SeamLoginModule.java:108)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
      at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
      at org.jboss.seam.security.Identity.authenticate(Identity.java:335)
      at org.jboss.seam.security.Identity.authenticate(Identity.java:324)
      at org.jboss.seam.security.Identity.quietLogin(Identity.java:265)
      at org.jboss.seam.security.Identity.isLoggedIn(Identity.java:182)
      at org.jboss.seam.security.Identity.isLoggedIn(Identity.java:172)
      at sun.reflect.GeneratedMethodAccessor138.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at javax.el.BeanELResolver.getValue(BeanELResolver.java:62)
      at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:53)
      at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:64)
      at org.jboss.el.parser.AstPropertySuffix.getValue(AstPropertySuffix.java:53)
      at org.jboss.el.parser.AstValue.getValue(AstValue.java:67)
      at org.jboss.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:186)
      at com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:71)
      at javax.faces.component.UIComponentBase.isRendered(UIComponentBase.java:370)
      at javax.faces.component.UIComponentBase.processDecodes(UIComponentBase.java:990)
      at javax.faces.component.UIComponentBase.processDecodes(UIComponentBase.java:998)
      at javax.faces.component.UIComponentBase.processDecodes(UIComponentBase.java:998)
      at javax.faces.component.UIComponentBase.processDecodes(UIComponentBase.java:998)
      at javax.faces.component.UIViewRoot.processDecodes(UIViewRoot.java:493)
      at org.ajax4jsf.component.AjaxViewRoot.access$001(AjaxViewRoot.java:57)
      at org.ajax4jsf.component.AjaxViewRoot$1.invokeRoot(AjaxViewRoot.java:260)
      at org.ajax4jsf.context.JsfOneOneInvoker.invokeOnRegionOrRoot(JsfOneOneInvoker.java:56)
      at org.ajax4jsf.context.AjaxContextImpl.invokeOnRegionOrRoot(AjaxContextImpl.java:173)
      at org.ajax4jsf.component.AjaxViewRoot.processDecodes(AjaxViewRoot.java:276)
      at com.sun.faces.lifecycle.ApplyRequestValuesPhase.execute(ApplyRequestValuesPhase.java:101)
      at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:251)
      at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:117)
      at javax.faces.webapp.FacesServlet.service(FacesServlet.java:244)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
      at org.jboss.seam.debug.hot.HotDeployFilter.doFilter(HotDeployFilter.java:68)
      at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
      at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:85)
      at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
      at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
      at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
      at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:44)
      at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
      at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:141)
      at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:281)
      at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:60)
      at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
      at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:58)
      at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
      at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:150)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
      at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:853)
      at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
      at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1513)
      at java.lang.Thread.run(Thread.java:595)
      Caused by: org.hibernate.SessionException: Session is closed!
      at org.hibernate.impl.AbstractSessionImpl.errorIfClosed(AbstractSessionImpl.java:49)
      at org.hibernate.impl.SessionImpl.setFlushMode(SessionImpl.java:1286)
      at org.hibernate.impl.AbstractQueryImpl.before(AbstractQueryImpl.java:860)
      at org.hibernate.impl.SQLQueryImpl.list(SQLQueryImpl.java:146)
      at org.hibernate.ejb.QueryImpl.getSingleResult(QueryImpl.java:80)
      ... 213 more


        • 1. Re: Problems using Authenticator.authenticate()
          orhan yilmaz Newbie

          it seems problem is abou this method can you show the code dbAccess.authenticate(...)

          • 2. Re: Problems using Authenticator.authenticate()
            Kurt Edegger Newbie

            Hi!

            Thank you for your response!

            As I mentioned only textual to spare the reader some extra code quotations, the dbAccess.athenticate(...) methode is executing a native SQL query through the injected EntityManager (@PersistenceContext private EntityManager em;):

            <..snip - just constructing the Strings used in the following ..>
            Query q1 = em.createNativeQuery("select * from login ( :username, :password, :clientIP, :zopeId, :userAgent, :host);");
            q1.setParameter("username", username);
            q1.setParameter("password", password);
            q1.setParameter("clientIP", clientIP);
            q1.setParameter("zopeId", zopeId);
            q1.setParameter("userAgent", userAgent);
            q1.setParameter("host", host);
            Object res = q1.getSingleResult();
            log.debug("Got result from login: "+Arrays.toString((Object[])res));
            Long accountId = ((BigInteger) ((Object[])res)[0]).longValue();
            String token = (String) ((Object[])res)[1]);
            return (accountId != null && token != null);
            


            Also I've tested that the method - it is returning solely true or false whether the user could be authenticated or not - no exceptions are thrown.

            Additionally the authenticator.authenticate() method is called twice even if I don't call dbAccess.authenticate() but return "false" every time.

            Best Regards, Kurt

            • 3. Re: Problems using Authenticator.authenticate()
              Pete Muir Master

              There is no garuntee on how many times the authenticate method will be called.

              Are you sure that no persistence exceptions have been thrown causing the transaction to be in an invalid state?

              • 4. Re: Problems using Authenticator.authenticate()
                Kurt Edegger Newbie

                Hi!

                Thank you for your response! I really appreciate it.

                "pete.muir@jboss.org" wrote:
                There is no garuntee on how many times the authenticate method will be called.
                <..snip..>


                That's bad :(
                I'm facing the situation that the database is counting the login attempts and blocks the account, when an invalid password is provided three times.
                How would I deal with the fact, that I don't know how often the Authenticator.authenticate() method is called?
                Does this mean, that I can't use the build-in identity component?

                Could you explain, why the method could be called multiple times within the same request-response-cycle? I thought, if the action method returns "false" then a simple re-rendering of the page is performed.

                Regarding the exceptions, I do have a try/catch(Exception e) in my dbAccess.authenticate() method - nothing is captured there...

                Best Regards, Kurt

                • 5. Re: Problems using Authenticator.authenticate()
                  Vincent Wiencek Newbie

                  Hi,

                  I'm also facing the same problem, when trying to count how many times the user tries to log-in.

                  Thanks
                  Vincent

                  • 6. Re: Problems using Authenticator.authenticate()
                    neilac333 Novice

                    This lack of a guarantee is definitely troubling. My authenticate method is fairly exotic I suppose. It actually sends a web service message to an external web service that wraps authentication functionality. Essentially, if the web service returns true, the user is authenticated.

                    However, the web service, as it should, locks you out after three failed attempts. If the user logs in incorrectly once, and the authenticate method is called twice (or perhaps an indeterminate amount of times) by Seam, then the user has at best one more shot at getting it right.

                    That is bad.

                    Why is it that the number of authenticate calls is undefined? As others have asked, what are the workarounds?

                    • 7. Re: Problems using Authenticator.authenticate()
                      Shane Bryzak Master

                      I just created a new issue in JIRA which should address this:

                      http://jira.jboss.org/jira/browse/JBSEAM-2200

                      • 8. Re: Problems using Authenticator.authenticate()
                        Kurt Edegger Newbie

                        Hi!

                        I was giving this whole authentication and undetermined number of calls to authenticator.authenticate() some thoughts and my workaround is that I'm using my own LoginHandler.

                        This one is called from the LoginPage and acts as a regular JSF Bean, hence can determine the next rendered page by returning given outcomes. It uses the Identity component, so the rest of the nice features (like using identity.loggedIn,...) can still be used.
                        Also here the authentication is performed only once, because the method is called only once per request.

                        The actual authenticator.authenticate method just uses the results from the LoginHandler to return true or false.

                        With this, the database is able count the actual login attempts and the authenticator.authenticate method can be called as often as it might get ...

                        I'm still unclear, why and in which circumstances the authenticator.authenticate() method is called from Seam, but I guess it's a useable workaround for me.
                        For example, the authenticator.authenticate() method is called even if the login page is calling some other method than identity.login - haven't had time to dig into this ...

                        Best regards, Kurt

                        • 9. Re: Problems using Authenticator.authenticate()
                          Pete Muir Master

                          Shane has now created events for login attempts so you can count them by observing that event.