Weird problem with Session Scope
lucaspereira Jun 6, 2008 8:40 PMI am having a problem with seam. I looked for all the forums and didn’t find any problem like mine.
We developed an application that has a two phase login:
First the user informs the login and the password and then I take this information and get a list of enterprises that this user may represent and with this information I login using JAAS.
So far so good, everything was working perfectly, but when I deployed this application in production, a weird problem started.
I am showing in the screen the user that is authenticated. When only one user login in the application, the system presents Welcome, user and works fine, but when another user login on another computer, sometimes appears the first user.
User1 authenticates
It appears: Welcome, User1
User 2 authenticates
It appears: Welcome, User2… But sometimes appears Welcome, User1
This user is in the Session Scope, but is like the session is being shared between users. It is very strange. I don’t know what is happening. I need help on this.
I am using eclipse with JBoss Tools 2.1.0.GA, Seam 2.0.2.SP1 Jboss 4.2.2.GA Richfaces Java 1.6.0_06._
<h:panelGrid columns="3" rowClasses="prop" columnClasses="name,value, message" rendered="#{empty loginAction.itensPessoas}"> <h:outputLabel for="username">E-mail</h:outputLabel> <h:inputText id="username" size="50" value="#{loginAction.usuario}" required="true"/> <h:message for="username"/> <h:outputLabel for="password">Senha</h:outputLabel> <h:inputSecret id="password" value="#{loginAction.senha}" /> <h:message for="password"/> </h:panelGrid> <rich:panel rendered="#{!empty loginAction.itensPessoas}"> Escolha <rich:spacer width="5px"/> <h:selectOneMenu value="#{loginAction.idPessoaRepresentada}"> <f:selectItems value="#{loginAction.itensPessoas}"/> </h:selectOneMenu> </rich:panel> <security:identity security-rules="#{securityRules}" authenticate-method="#{loginAction.authenticate}" remember-me="true" jaas-config-name="AnvisaRealm"/> @Begin(join = true) public String loginNivel1() { if (identity.isLoggedIn()) { identity.logout(); Session.getInstance().invalidate(); } ArrayList<CodigoDescricaoVO> retLogin = loginNivel1(usuario, senha); itensPessoas = new ArrayList<SelectItem>(); if (retLogin != null) { for (CodigoDescricaoVO codDesc : retLogin) { itensPessoas.add(new SelectItem(codDesc.getCodigo(), codDesc .getDescricao())); } } return ""; } @End public String loginNivel2() { if (identity.isLoggedIn()) { identity.logout(); Session.getInstance().invalidate(); } String ip = ((HttpServletRequest) FacesContext.getCurrentInstance() .getExternalContext().getRequest()).getRemoteAddr(); // identity.addRole("SisEmbrio.Envio"); identity.setUsername(usuario + "|" + idPessoaRepresentada); identity.setPassword(senha); identity.login(); // try{ credencial = segurancaManager.loginNivel2(usuario, senha, idPessoaRepresentada, ip); // }catch(Exception e){ // if (identity.isLoggedIn()){ // identity.logout(); // } // } itensPessoas = null; return "home"; } - <application-policy name="AnvisaRealm"> - <authentication> <login-module code="org.jboss.security.ClientLoginModule" flag="required" /> - <login-module code="br.gov.anvisa.portal.seguranca.realm.jboss.RDBMSJBossLoginModule" flag="optional"> <module-option name="unauthenticatedIdentity">guest</module-option> <module-option name="dsJndiName">java:/jdbc/oracle</module-option> <module-option name="hashAlgorithm">MD5</module-option> <module-option name="hashEncoding">BASE64</module-option> </login-module> </authentication> </application-policy>