2 Replies Latest reply on Feb 11, 2009 2:47 PM by Augusto Senerchia

    quite logon  - auto logn not working 2.1.1

    Joost Heldens Newbie
      My clients use a smartcard to logon to my application. All this is handled by the browser and App Server through SSL and client authentication.

      This means that all my client are authenticated and that I only need to perform authorization. I thought I could use the auto login feature to accomplish this but this is not working.

      This is my set up:
      <security:identity authenticate-method="#{authenticator.readClientCertificateData}"  />
         <security:remember-me mode="autoLogin"/>

         <event type="org.jboss.seam.security.notLoggedIn">
                   <action execute="#{redirect.captureCurrentView}"/>
                   <action execute="#{authenticator.readCredentials}"/>
               <action execute="#{identity.tryLogin()}"/>
         <event type="org.jboss.seam.security.quietLogin" >
                   <action execute="#{identity.login}" />     
         <event type="org.jboss.seam.security.loginSuccessful">
               <action execute="#{redirect.returnToCapturedView}"/>


      <pages xmlns="http://jboss.com/products/seam/pages"
             xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.1.xsd"


          <page view-id="/pages/*" login-required="true">
                  <rule if-outcome="home">
                      <redirect view-id="/pages/home.xhtml"/>

      FYI the loginsuccessful event is fired, but i have the impressing that the not logedin event will always forwared the browser to the login page (which does not make sense in my setup).

      I also tried adding <security:remember-me mode="autoLogin"/> with no effect . It only raises a xml validation exception because it is not defined in the security xsd.

      I hope someone can help me or confirm that this not (yet) working.