1 Reply Latest reply on Nov 23, 2010 12:17 PM by Elliot Trussell

    Combined auto login and manual login session issue

    Elliot Trussell Newbie

      editing...

        • 1. Re: Combined auto login and manual login session issue
          Elliot Trussell Newbie

          Ive just started using Seam 2.2.2 with a new company and my first task is to implement an auto login for users coming to the seam app from the companies other webapp. The way I have implemented it is to pass encrypted user details from the other webapp in the url. These will be used by the authentication method to log the user in.


          Everything works as expected when the server is first started and the url is passed as autologin.seam?user=john. It also work correctly when the same url is called after I have manually logged in and out through the UI.


          The problem comes after either of the login methids fail. So if I pass an invalid user in the URL the failed login screen is displayed and details are logged as expected. the same happens when incorrect details are entered through the UI. To this point everything is working as expected. but if you then call the valid url again, autologin.seam?user=john, it fails and takes you back to the failed login screen. However, nothing is logged and authentication doesnt seem to fire. Manually loggin in still work correctly.


          Its as if once login has failed the session or page is being stored and instead of calling the <action> and authentication it is referenceing the old state instead.


          Another thing to note is that if I login with invalid details and it takes me to the failed login page, if I then move to a different page and then call the autologin url it still fails with no logging but still takes me back to the failed login page. so the rules are either being run but data is caches in some way or the rules them selves are not updating some how.


          Hope I have made some sense!


          I would appreciate any help you can give, or suggestions of other ways to do this.


          The code is below:


              <page view-id="/CMS_autoLogin.xhtml">
                  <action execute="#{identity.login}" if="#{not identity.loggedIn}" />
                  <param name="user"/>
               
                  <navigation from-action="#{identity.login}"> 
                       <rule if="#{identity.loggedIn}">
                                 <redirect view-id="/home.xhtml"/>
                       </rule>
                       <rule if="#{not identity.loggedIn}"> 
                               <redirect view-id="/login.xhtml"/> 
                      </rule>
                  </navigation> 
             </page>
          



          @Name("authenticator")
          public class Authenticator
          {
              @Logger private Log log;
          
              @RequestParameter
              private String user;
              
              @In Identity identity;
              @In Credentials credentials;
          
              public boolean authenticate()
              {
                  //write your authentication logic here,
                  //return true if the authentication was
                  //successful, false otherwise
                   
                   log.info("Authentication initiated");
                   
                   if (user != null && !user.equalsIgnoreCase("")) {
                        log.info("Automated login for username '{0}'", user);
                        
                       if (user.equalsIgnoreCase("test")) {
                           credentials.setUsername(user);
                           credentials.setPassword("password");
                           identity.addRole("admin");
                           return true;
                       } else {
                           return false;
                       }
                   
                   } else {
                        log.info("Manual authentication for username {0}", credentials.getUsername());
                        
                        String uName = (String) ServletContexts.instance().getRequest().getAttribute("kd_login_id");
                        log.info("UserID in Session: "+uName);
                       
                       if ("admin".equals(credentials.getUsername()))
                       {
                           identity.addRole("admin");
                           return true;
                       }
                       return false;
                        
                   }
          
              }
          
          }