0 Replies Latest reply on Nov 12, 2009 11:34 AM by Manuel Van Wesemael

    StatusMessages getting lost

    Manuel Van Wesemael Newbie


      When a user logs in, we perform LDAP authorization and after that succeeds, we do some extra processing in the postAuthenticate.

      <event type="org.jboss.seam.security.postAuthenticate">
           <action execute="#{sessionInfo.postAuthenticate}" />

      In this postAuthenticate we do some checks. This might lead to the user being refused to login.

      public class DealerPortalSessionInfo implements Serializable {
        public void postAuthenticate() {
           StatusMessages.instance().addFromResourceBundle(Severity.WARN, getAccountProblemKey());
           throw new AuthorizationException("Authorization failed");

      In the pages.xml we have defined the following:

      <exception class="org.jboss.seam.security.AuthorizationException">
           <redirect view-id="/logout.xhtml">
                <message severity="error">#{messages['AuthorizationException']}</message>
      <page view-id="/logout.xhtml">
          <action execute="#{identity.logout}"/>
                <redirect view-id="/login.xhtml">
                   <message severity="warn">#{messages['org.jboss.seam.NotLoggedIn']}</message>

      So after the logout, the user goes back to the login page.
      Strange thing is that the user does not see the Error messages that we added to the StatusMessages.

      In the error log I see following (besides the stacktrace of our error):

      2009-11-12 11:15:21,425 ERROR [javax.enterprise.resource.webcontainer.jsf.lifecycle] JSF1054: (Phase ID: INVOKE_APPLICATION 5, View ID: /login.xhtml) Exception thrown during phase execution: javax.faces.event.PhaseEvent[source=com.sun.faces.lifecycle.LifecycleImpl@a5027]
      2009-11-12 11:15:21,505 ERROR [org.jboss.seam.exception.Exceptions] handled and logged exception
      javax.servlet.ServletException: #{identity.login}: javax.el.ELException: org.jboss.seam.security.AuthorizationException: Authorization failed

      We suspected the fact that we logout, and thus lose the conversation, but we are not sure.

      Normal timeout messages are shown on the login page, as well as ldap password is wrong, ...

      Anyway, what can we do to keep the messages 'alive', so that they can be shown to the user? (the message text will be changed :-))
      Is there something wrong in the current configuration maybe?