1 Reply Latest reply on Feb 27, 2009 3:19 AM by Daniel Knightly

    On Login, User outjection not always working

    Daniel Knightly Newbie

      I have an authenticate() method stolen from the DVDStore example. 
      I find when I
      1) navigate to login.xhtml
      2) login (with successful credentials)
      3) I get redirected to my home page (as expected).
      4) when I arrive at home, identity.loggedIn sometimes resolves False and sometimes True.
      5) When I am considered 'logged in' then debug.seam shows the User in the Session Scope.
      6) When I am considered 'not logged in' then debug.seam shows no User in the Session scope.

      In the case where login seems to fail, if I navigate back to login.seam, then identity.loggedIn resolves to True, and going to debug.seam from the login page shows the User on the Session Scope, but going to the home page I'm still not logged in, and trying to goto any page which requires a user to be logged in, considers me 'not logged in' sends me back to the login.seam page for authentication, but then the login.seam page things I am logged in.

      Here is my authentication component (pretty much stolen from the DVDStore)

      public class AuthenticatorAction implements Authenticator,Serializable {
          private EntityManager em;
          @In(required = false, scope = SESSION)
          @Out(required = false, scope = SESSION)
          private User user;
          Identity identity;
          Credentials credentials;
          String returnView;
          private static final LogProvider log = Logging
          public boolean authenticate() {
              try {
                  user = (User) em.createQuery(
                  "from User where username = :username and password = :password")
                  .setParameter("username", credentials.getUsername())
                  .setParameter("password", credentials.getPassword())
                  // This doesn't help either...same result as @Out
                 // Contexts.getSessionContext().set("user", user); 
                  return true;
              catch (NoResultException ex){
                  return false;
          public void updateLoginStatistics(){
                  user.setLoginTime(new Date());

      (if I take the updateLoginStatistics, I still get the same error).  I also tried setting the user directly on the SessionContext. 

      my components.xml has:

      <security:identity authenticate-method="#{authenticator.authenticate}" />

      If anyone has any suggestions I'd love to hear them.