2 Replies Latest reply on Nov 30, 2007 5:07 PM by Lloyd Closson

    Security Design Question

    Lloyd Closson Newbie

      I am developing a subscription based site. When authenticating users I would like to be able to do the following. If the user has valid credentials, but the account is not active (through cancelation, credit card failure, etc.) I would like to redirect the user to a page that allows them to reactivate the account by entering new credit card information. In this case the login has a different outcome than just failed or successful.

      I have not seen an obvious way to accomplish this task with Seam Security. Does anyone have any suggestions?

      Thanks in advance.

        • 1. Re: Security Design Question
          Damian Harvey Master

          Set up a navigation rule that directs the user to your reactivation page from login (eg. based on some status):

           <navigation from-action="#{identity.login}">
           <rule if="#{identity.loggedIn && user.status == 'ACTIVE'}">
           <redirect view-id="/normalHomePage.xhtml"/>
           </rule>
           <rule if="#{identity.loggedIn && user.status == 'INACTIVE'}">
           <redirect view-id="/activationPage.xhtml"/>
           </rule>
           </navigation>
          

          You would set the status in the authenticator class and outject the User bean (or wherever you want to store the status).

          Cheers,

          Damian.

          • 2. Re: Security Design Question
            Lloyd Closson Newbie

            Damian,

            Thanks for the quick reply. It is appreciated. This helped me get past my mind block and solve my problem.

            Thanks Again.