2 Replies Latest reply on Mar 3, 2009 5:09 PM by Harold Booth

    Quit login not working

    Stephen Friedrich Novice

      I try to integrate my app with a custom SSO solution.
      To do this I looked at RememberMe and quickly found that it is not what I need. (The SSO cookie is opaque for me. I have no idea what its format is like - it is only validated by a web service. And btw it really should not contain the password).

      So, I tried to use the same underlying mechanism that Remember me uses, i.e. listenening for the events




      However the second event never happens if I hit a page that requires login while not being logged in, for example

      <page view-id="/contact-data.xhtml" login-required="true">
          <rewrite pattern="/contact-data"/>

      Instead I am taken to the log-in page. However if I remove the login-required from the page definition and add a <restrict>-tag then everything works as designed.

      I found the culprit to be the code that checks if a redirect to the login page is required. It never tries a quite login.
      See Pages.java:

         private boolean isLoginRedirectRequired(String viewId, Page page)
            return page.isLoginRequired() && 
                  !viewId.equals( getLoginViewId() ) && 

      If I change this method like so, it works fine:

      private boolean isLoginRedirectRequired(String viewId, Page page) {
          if (!page.isLoginRequired() || viewId.equals(getLoginViewId())) {
              return false;
          Identity identity = Identity.instance();
          return identity.isLoggedIn();

      Is this a bug/oversight or do I expect something that was never intended to work that way?