3 Replies Latest reply on Mar 6, 2013 2:56 AM by snamshelp ns

    Weird problem with Session Scope

    Lucas Pereira Newbie

      I am having a problem with seam. I looked for all the forums and didn’t find any problem like mine.


      We developed an application that has a two phase login:


      First the user informs the login and the password and then I take this information and get a list of enterprises that this user may represent and with this information I login using JAAS.


      So far so good, everything was working perfectly, but when I deployed this application in production, a weird problem started.


      I am showing in the screen the user that is authenticated. When only one user login in the application, the system presents Welcome, user and works fine, but when another user login on another computer, sometimes appears the first user.


      User1 authenticates
      It appears: Welcome, User1


      User 2 authenticates
      It appears: Welcome, User2… But sometimes appears Welcome, User1


      This user is in the Session Scope, but is like the session is being shared between users. It is very strange. I don’t know what is happening. I need help on this.



      I am using eclipse with 
      JBoss Tools 2.1.0.GA, 
      Seam 2.0.2.SP1
      Jboss 4.2.2.GA
      Richfaces 
      Java 1.6.0_06._




       
      <h:panelGrid columns="3" rowClasses="prop" columnClasses="name,value, message" rendered="#{empty loginAction.itensPessoas}">
                          <h:outputLabel for="username">E-mail</h:outputLabel>
                          <h:inputText id="username" size="50"
                                    value="#{loginAction.usuario}" required="true"/>
                          <h:message for="username"/>
                          <h:outputLabel for="password">Senha</h:outputLabel>
                          <h:inputSecret id="password" 
                                      value="#{loginAction.senha}" />
                          <h:message for="password"/>
                      </h:panelGrid>
                      <rich:panel rendered="#{!empty loginAction.itensPessoas}">
                              Escolha <rich:spacer width="5px"/>
                              <h:selectOneMenu value="#{loginAction.idPessoaRepresentada}">
                                      <f:selectItems value="#{loginAction.itensPessoas}"/>
                              </h:selectOneMenu>
                      </rich:panel>
      
      
         <security:identity 
         
         security-rules="#{securityRules}" 
         authenticate-method="#{loginAction.authenticate}" 
         remember-me="true"
         jaas-config-name="AnvisaRealm"/>
      
      
              
      @Begin(join = true)
              public String loginNivel1() {
                      if (identity.isLoggedIn()) {
                              identity.logout();
                              Session.getInstance().invalidate();
                      }
                      ArrayList<CodigoDescricaoVO> retLogin = loginNivel1(usuario, senha);
                      itensPessoas = new ArrayList<SelectItem>();
                      if (retLogin != null) {
                              for (CodigoDescricaoVO codDesc : retLogin) {
                                      itensPessoas.add(new SelectItem(codDesc.getCodigo(), codDesc
                                                      .getDescricao()));
                              }
                      }
                      return "";
              }
      
              
      @End
              public String loginNivel2() {
                      if (identity.isLoggedIn()) {
                              identity.logout();
                              Session.getInstance().invalidate();
                      }
                      String ip = ((HttpServletRequest) FacesContext.getCurrentInstance()
                                      .getExternalContext().getRequest()).getRemoteAddr();
                      // identity.addRole("SisEmbrio.Envio");
                      identity.setUsername(usuario + "|" + idPessoaRepresentada);
                      identity.setPassword(senha);
                      identity.login();
      
                      // try{
                      credencial = segurancaManager.loginNivel2(usuario, senha,
                                      idPessoaRepresentada, ip);
                      // }catch(Exception e){
                      // if (identity.isLoggedIn()){
                      // identity.logout();
                      // }
                      // }
                      itensPessoas = null;
                      return "home";
              }
      
      - <application-policy name="AnvisaRealm">
      - <authentication>
        <login-module code="org.jboss.security.ClientLoginModule" flag="required" /> 
      - <login-module code="br.gov.anvisa.portal.seguranca.realm.jboss.RDBMSJBossLoginModule" flag="optional">
        <module-option name="unauthenticatedIdentity">guest</module-option> 
        <module-option name="dsJndiName">java:/jdbc/oracle</module-option> 
        <module-option name="hashAlgorithm">MD5</module-option> 
        <module-option name="hashEncoding">BASE64</module-option> 
        </login-module>
        </authentication>
        </application-policy>