I mean.. remove programmatically a specific user from the security context
Maybe Identity.cear() ?
Identity.unauthenticate() if you don't want to invalidate the user's session, otherwide use Identity.logout().
yes I know Identity.logout() method but I don't want to inalidate directly the current user..
I mean, I'm currently logged in as Admin and I'm blocking a specific User. Now I want to logout() this User form the context if he is logged in at the moment. If I try to call Identity.logout() I think that the Admin will be logged out and not the User..
So I need something to retrive the Identity of this User from the context and then call logout() on it I think...?
Ok, I see what you want now. The short answer is no, you can't reach across sessions to kill/modify something in someone else's session, the servlet container (and specification) prevents this. You could potentially
hacksomething to achieve a similar result by having the admin user setting some flag somewhere and then using a servlet filter that checks the flag, and if it is set then invalidate that user.
Seam's security is lacking some features in this area.
You can probably do this if you implement Acegi and Spring.
Have a look at this article:
Acegi has some nice features like limiting users to a single session.
If you using Rich Faces, you'll have to setup Acegi with JSF. There's plenty of articles on the net on how to do this.
Hopefully Seam can implement some of these features in the future.
Feel free to raise this as a feature request in JIRA.