1 Reply Latest reply on Jun 25, 2009 4:36 PM by slawek t

    automated login via special link

    Sascha Janz Master

      i got a seam app with several login secured pages.


      via a special encrypted link i want the users to be automatically logged in so no password etc. is required.


      how can i do this?

        • 1. Re: automated login via special link
          slawek t Novice

          I've done it like this:


          page under protection is /secure/hidded.xhtml



          pages.xml


          <page view-id="/*">
                <param name="authKey" value="#{urlAuthenticator.authKey}" />
                <action execute="#{urlAuthenticator.authenticate( urlAuthenticator.authKey )}" 
                        on-postback="false" if="#{!identity.loggedIn}" />
             </page> 
                 
             <page view-id="/secure/*" login-required="true">
             </page> 
              
             <page view-id="/secure/hidden.xhtml">   
             </page>



          UrlAuthenticator.java


          @Name( "urlAuthenticator" )
          @AutoCreate
          public class UrlAuthenticator {
             @Logger
             private Log log;
          
             @In
             Identity identity;
          
             @In
             Credentials credentials;
          
             @In
             private UrlAuthVerificationService urlAuthVerificationService;
          
             @RequestParameter
             private String authKey;
          
             public boolean authenticate( String key ) {
          
                log.info( "url authentication with authKey == '{0}'", key );
          
          #1    VerifiedUserCredentials vuc = urlAuthVerificationService.verifyUrlKey( key );
                if ( vuc.isAuthenticated( ) ) {
                   credentials.setUsername( vuc.getUsername( ) );
                   credentials.setPassword( vuc.getPassword( ) );
                   identity.addRole( vuc.getRole( ) );
          
          #2       String textResult = boolean result = identity.login( );
                   boolean result = textResult.equals( "loggedIn" ) ? true : false;
                   log.info( "authentication {0}", result ? "succeeded" : "failed" );
                   return result;
                }
          
                log.info( "key verification failed" );
                return false;
             }
          
             public String getAuthKey( ) {
                return authKey;
             }
          
             public void setAuthKey( String authKey ) {
                this.authKey = authKey;
             }
          
          }



          code explanation




          #1 - I'm reading from DB a username, password and role for a given authKey (delivered as url parameter)


          #2 - login to the system


          and that's it.


          For me it's working but there is one little disadventage - I'm receiving in page /secure/hidden.xhtml faces messages:


              * Please log in first
              * Welcome, admin! 
          


          and I don't know how to get rid of these messages.