13 Replies Latest reply on Feb 1, 2008 9:13 AM by Vassilis Petropoulos

    Security: Login twice after logout

    Joshua Jackson Master

      Dear all,

      I have a problem regarding seam security support. The problem is I have two login twice after I have logged out. Did any one experience this problem? How do I solve this?

      Thanks in advance.

        • 1. Re: Security: Login twice after logout
          Shane Bryzak Master

          I've never seen anything like this happen. Can you post your code?

          • 2. Re: Security: Login twice after logout
            Adrian Mitev Master

            I've met this problem before. I think it's caused because the session is invalidated after the new view is rendered. You can't make a post back because jsf can't find the serialized view to restore.

            The solution is to use redirect in your link/button.

            • 3. Re: Security: Login twice after logout
              Joshua Jackson Master

               

              "amitev" wrote:
              I've met this problem before. I think it's caused because the session is invalidated after the new view is rendered. You can't make a post back because jsf can't find the serialized view to restore.

              The solution is to use redirect in your link/button.


              Can you please show me a snippet for doing this?

              • 4. Re: Security: Login twice after logout
                Joshua Jackson Master

                 

                "shane.bryzak@jboss.com" wrote:
                I've never seen anything like this happen. Can you post your code?


                The link for logging out:
                <s:link view="/login.xhtml" action="#{identity.logout}"
                 value="#{messages['logout']}" rendered="#{identity.loggedIn}" />
                

                When I click this link and successfully logged out, I must log in twice. And this occurs everytime.

                login.xhtml
                 <h:form id="login">
                
                 <rich:panel>
                 <f:facet name="header">
                 <h:outputText value="#{messages['login']}" />
                 </f:facet>
                
                 <h:panelGrid columns="2" rowClasses="prop"
                 columnClasses="name,value">
                 <h:outputLabel for="username">
                 <h:outputText value="#{messages['username']}" />
                 </h:outputLabel>
                 <h:inputText id="username" value="#{identity.username}" />
                 <h:outputLabel for="password">
                 <h:outputText value="#{messages['password']}" />
                 </h:outputLabel>
                 <h:inputSecret id="password" value="#{identity.password}" />
                 <h:outputLabel for="rememberMe">
                 <h:outputText value="#{messages['rememberMe']}" />
                 </h:outputLabel>
                 <h:selectBooleanCheckbox id="rememberMe"
                 value="#{identity.rememberMe}" />
                
                 <h:panelGroup></h:panelGroup>
                 <h:panelGroup>
                 <a4j:commandButton value="#{messages['login']}"
                 action="#{identity.login}" />
                 </h:panelGroup>
                 </h:panelGrid>
                
                 </rich:panel>
                
                 </h:form>
                


                Authenticator.java
                @Name("authenticator")
                public class Authenticator implements Serializable
                {
                 private static final long serialVersionUID = -5653442272412908470L;
                
                 @Logger Log log;
                
                 @In Identity identity;
                
                 public boolean authenticate()
                 {
                 log.info("authenticating #0", identity.getUsername());
                 //write your authentication logic here,
                 //return true if the authentication was
                 //successful, false otherwise
                 identity.addRole("admin");
                 return true;
                 }
                }
                


                • 5. Re: Security: Login twice after logout
                  Vassilis Petropoulos Newbie

                  i had the some problem. Solved it, putting comments to:
                  a) event type="org.jboss.seam.notLoggedIn"
                  b) event type="org.jboss.seam.postAuthenticate"
                  in components.xml

                  V.

                  • 6. Re: Security: Login twice after logout
                    Joshua Jackson Master

                     

                    "baspet" wrote:
                    i had the some problem. Solved it, putting comments to:
                    a) event type="org.jboss.seam.notLoggedIn"
                    b) event type="org.jboss.seam.postAuthenticate"
                    in components.xml

                    V.


                    So that's what cause the problem. Thanks, I'm going to try it out. :)

                    • 7. Re: Security: Login twice after logout
                      wan agus Newbie

                      I'm having the same problem here. This problem is easy to duplicate if you have eclipse with JBoss tools. Just create a new Seam Web Project which will give you the login and home page.

                      The logout link in the generated menu.xhtml is:

                      <s:link view="/home.xhtml" action="#{identity.logout}" value="Logout" rendered="#{identity.loggedIn}" />


                      If you change the view to /login.xhtml like this:


                      <s:link view="login.xhtml action="#{identity.logout}" value="Logout" rendered="#{identity.loggedIn}" />


                      then you'll have to login twice. The first time you hit enter, it takes you back to the login screen. You hit enter again and this time you're logged in.

                      I've tried commenting out the notLoggedIn and postAuthenticate events in components.xml but it didn't solve the problems. It wouldn't be a good solution anyway, since I do need those events to be handled as configured.

                      Here's what I see on the console for the first login:

                      01:32:31,187 INFO [Contexts] starting up: org.jboss.seam.security.identity
                      01:32:31,187 INFO [Contexts] starting up: org.jboss.seam.web.session


                      And on the second successful login:

                      01:32:32,500 INFO [Authenticator] authenticating: testuser


                      I'll appreciate it if someone can shine a light on what's going on here.

                      • 8. Re: Security: Login twice after logout
                        Vassilis Petropoulos Newbie

                        Try to remove view from s:link. It works for me..

                        V.

                        • 9. Re: Security: Login twice after logout
                          wan agus Newbie

                           

                          "baspet" wrote:
                          Try to remove view from s:link. It works for me..

                          V.


                          Thanks for the response, baspet, but removing the view from the logout link will take you to the home.xhtml instead of to login.xhtml, which put us back to square one. If I click the login link from the home page, I don't have to login twice. The problem is when I want to redirect the user back to the login page upon logout. In that case, I have to login twice to move forward.

                          Sure I can just work around this by showing a landing page when the user logs out, but I'm working on a prototype with a goal of getting a better understanding of Seam. I'm very curious to know what I'm missing here.


                          • 10. Re: Security: Login twice after logout
                            Vassilis Petropoulos Newbie

                            Does home.page.xml has login-required="true"?

                            V.

                            • 11. Re: Security: Login twice after logout
                              Joshua Jackson Master

                               

                              "brombie" wrote:
                              I've tried commenting out the notLoggedIn and postAuthenticate events in components.xml but it didn't solve the problems. It wouldn't be a good solution anyway, since I do need those events to be handled as configured.


                              Yup I've tried that too and it didn't work.
                              I've also tried it both in IE and Firefox and it didn't work.
                              I'm wondering what cause this problem. :(

                              • 12. Re: Security: Login twice after logout
                                wan agus Newbie

                                 

                                "baspet" wrote:
                                Does home.page.xml has login-required="true"?

                                V.


                                There's no home.page.xml. The default Seam web template in eclipse or seam-gen doesn't generate that.



                                • 13. Re: Security: Login twice after logout
                                  Vassilis Petropoulos Newbie

                                  My app uses home.page.xml with login-required="true". So, when identity.logout executes, control tries to render home.xhtml (that's why i don't use view on s:link). But, since home.xhtml is login-required and logout already called, seam correctly drives to login.xhtml. Of course, you have to catch NotLoggedInException in pages.xml to point to login.xhtml.

                                  V.