4 Replies Latest reply on Nov 2, 2009 9:30 PM by guy bashan

    remember me with password?

    Sascha Janz Master

      i got a seam-gen generated app.


      at the login page there is a check box remember me


      is it possible to use with password? so the user doesn't need to login?

        • 1. Re: remember me with password?
          Arbi Sookazian Master

          Here is some info from the Seam ref doc for 2.1.1.GA:


          15.3.5. Remember Me
          Seam Security supports the same kind of "Remember Me" functionality that is commonly
          encountered in many online web-based applications. It is actually supported in two different
          "flavours", or modes - the first mode allows the username to be stored in the user's browser as a
          cookie, and leaves the entering of the password up to the browser (many modern browsers are
          capable of remembering passwords).
          The second mode supports the storing of a unique token in a cookie, and allows a user to
          authenticate automatically upon returning to the site, without having to provide a password.
          
          To summarize: While everyone is doing it, persistent "Remember Me" cookies with
          automatic authentication are a bad practice and should not be used. Cookies that
          "remember" only the users login name, and fill out the login form with that username
          as a convenience, are not an issue.


          • 2. Re: remember me with password?
            guy bashan Apprentice

            Is there an example out there that does autologin with cookie and password?

            • 3. Re: remember me with password?
              Sascha Janz Master
              i did it that way

              public String autologin() {
                        log.debug(" begin autologin");
                        String lsret = "";
                        try {
                             
                             if (Identity.instance().isLoggedIn() == false ) {
                                                           Identity.instance().setPassword(MemberManager.getInstance().getMember(Identity.instance().getUsername()).getPassword());
                                            log.debug("mandant is = " + mandant);
                                            Authenticator auth = (Authenticator) Component.getInstance("authenticator");
                                            Identity.instance().login();
                             }
                        } catch (Exception e) {
                             // TODO Auto-generated catch block
                             log.error("Error autologin", e);
                        }
                        if (Identity.instance().isLoggedIn() == false)
                             lsret = "logout";
                        log.debug("end autologin lsret =" + lsret);
                        return lsret;

                   }


              and call this function per pages.xml

                <page view-id="/home.xhtml"    >

                      <action execute="#{Page.autologin}"   if="#{!Identity.instance().isLoggedIn()}"/>
                      <navigation>
                          <rule if-outcome="logout">
                              <redirect view-id="/login.xhtml"/>
                          </rule>
                      </navigation>
                  </page>
              • 4. Re: remember me with password?
                guy bashan Apprentice

                Making an automatic login based on username is very unsafe operation. I am looking for a much safer solution and I also prefer it to be out-of-the-box solution, since I already have my own cookie based auto-login the suddenly started going crazy and prevented me from logging out. so, I decided to look for the right way of doing it using Seam. The problem is, I can't really find a working solution...