0 Replies Latest reply on Mar 22, 2010 7:01 PM by John Gunvaldson

    Security.notLoggedIn Loop

    John Gunvaldson Newbie
      I have a question about logging in automatically. I am using Seam 2.1.2 and JBoss 4.2.3GA

      I have created my own Authenticator.java class and it retrieves all of the information necessary to build/store username, passwords and roles. All of that is working fine.

      Components.xml has authenticate-method="#{myAuthenticator.authenticate}" and that is working fine.

      To automate the login I have learned from this forum to use the following.

      Also in Components.xml

      <event type="org.jboss.seam.security.notLoggedIn">
          <action execute="#{identity.login}"/>
          <action execute="#{redirect.returnToCapturedView}"/>
      </event>

      This works perfectly for correctly authenticated users. Problem is when I return false from myAuthenticator (user does not have proper credentials for the app) the website goes into a loop, spawning multiple infinite cid=nnn and page loops.

      Obviously (I think) using the event notLoggedIn is not the correct place to start a "Automated Login".

      From what I have learned, the identity.login needs to be outside my authenticator, in order to properly have the authenticate-method in Components.xml work correctly.

      Or, possibly I need to override some default behavior someplace?

      Is there a better choice, a better framework location to be calling "identity.login" from?

      For an automated login perspective, (like Single Sign On) where do folks make the initial identity.login call from?