8 Replies Latest reply on Dec 6, 2007 6:31 PM by Devika Pillai

    Seam security / identity.logout

    Devika Pillai Newbie

      Is there a way to map identity.logout to some component method if there is something to be done while logging out.
      Just as we map identity.login="authenticator.authenticate", can we map identity.logout="authenticator.logout" also? Or overriding identity.logout?

      Thanks in Advance !

        • 1. Re: Seam security / identity.logout
          Shane Bryzak Master

          Write an event observer for "org.jboss.seam.loggedOut", this event is raised when Identity.logout() is called.

          • 2. Re: Seam security / identity.logout
            Devika Pillai Newbie

            Thanks, it worked. I had another question too...
            I am configuring my identity.login to loginBean.login and my loginBean class is like

            import org.jboss.seam.annotations.In;
            import org.jboss.seam.annotations.Name;
            
            @Name("loginBean")
            public class LoginBean {
            
             @In("#{identity.username}")
             private String username;
            
             @In("#{identity.password}")
             private String password;
            
             public boolean login() {
             //login code here
             return true;
             }
            
             public void logout(){
             //logout code here
             }
            
            }
            


            <?xml version="1.0" encoding="UTF-8"?>
            <components xmlns="http://jboss.com/products/seam/components"
             xmlns:core="http://jboss.com/products/seam/core"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation=
             "http://jboss.com/products/seam/core http://jboss.com/products/seam/core-2.0.xsd
             http://jboss.com/products/seam/components http://jboss.com/products/seam/components-2.0.xsd">
            
             <security:identity authenticate-method="#{loginBean.login}"/>
            
             <event type="org.jboss.seam.loggedOut">
             <action execute="#{loginBean.logout}"/>
             </event>
            
            </components>
            


            I am getting @In required exception during logout only for password field. identity.username is still there and its not complaining. Just wanted to double check if this is the normal behavior that identity.password will be flushed out once the user is authenticated while the username remains. Or am I missing something.
            Is it because the username is stored in the cookie. Please advice.

            Thanks !

            • 3. Re: Seam security / identity.logout
              Shane Bryzak Master

              That is normal behaviour. The password is cleared after successful authentication.

              • 4. Re: Seam security / identity.logout
                Devika Pillai Newbie

                Thanks Shane.

                I see one more behavior
                When i provide the wrong username or password, my configured login method is being called twice. On debugging I see that the method authenticate of Identity class

                public void authenticate()
                 throws LoginException
                 {
                 // If we're already authenticated, then don't authenticate again
                 if (!isLoggedIn())
                 {
                 authenticate( getLoginContext() );
                 }
                 }
                


                is getting called again when my login fails. And once more it runs through my login method and completes.

                I am returning true on sucessful login and false on failure and I am checking #{identity.loggedIn} in my pages.xml file. But that is getting called at the very end which is correct, but I can't understand why authenticate is called once again when the login returns false.

                Any thoughts about this would be really helpful as there is a whole lot of code going inside my login and I dont want it to be called unnecessarily.

                Thanks !

                • 5. Re: Seam security / identity.logout
                  Shane Bryzak Master

                  This is normal also - there is no guarantee as to how many times your authenticate method is called. If you need to perform certain actions when authentication is successful then use an event.

                  • 6. Re: Seam security / identity.logout
                    Devika Pillai Newbie

                    I think I put it the wrong way.
                    What I meant to say is i have mapped

                    <security:identity authenticate-method="#{loginBean.login}"/>
                    


                    and the loginBean.login method is something like
                    public boolean login(){
                     boolean succeeded = loginAction.login();
                     return succeeded;
                    }
                    


                    so this method is called twice when succeeded = false and is called just once when suceeded = true

                    so when i debugged i see that Identity class's authenticate method is getting called twice. Why is trying to call loginBean.login again???


                    • 7. Re: Seam security / identity.logout
                      Shane Bryzak Master

                      You explained it the right way - as I said there is no guarantee that your authenticate method (loginBean.login) will only be called once by Seam's security API.

                      • 8. Re: Seam security / identity.logout
                        Devika Pillai Newbie

                        On further research I found this.

                        http://jira.jboss.org/jira/browse/JBSEAM-2165

                        It has been fixed in the new release.

                        Thanks !!!