0 Replies Latest reply on Dec 21, 2010 7:11 PM by Ryan Samiley

    Infinite Loop with NotLoggedInException

    Ryan Samiley Newbie

      Trying to integrate my app with Oracle WebSSO. Unfortunately after I log in through WebSSO, Seam looks like it loses the identity then goes into an infinite loop with NotLoggedInException.


      I have an Authenticator interface:


      public interface Authenticator {
        boolean authenticate();
           
        void logout();
      }




      When WebSSO performs a successful authentication it puts the username in the Http Header with a customizable token. The WebSSO Authenticator looks like:



      @Name("webSSOAuthenticator")
      @SuppressWarnings("serial")
      public class WebSSOAuthenticator implements Authenticator, Serializable {
        @In
        private Identity identity;
      
        public WebSSOAuthenticator() {
          super();
        }
              
              
        public boolean authenticate() {
          if (identity.isLoggedIn()) {
            log.info("authenticated");
            return true;
          }
                      
          
          ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext();
          HttpServletRequest request = (HttpServletRequest) externalContext.getRequest();
      
          String username = request.getHeader("USER_TOKEN");
          // Perform some authentication logic with the username
              
          SimplePrincipal principal = new SimplePrincipal(username);
          identity.acceptExternallyAuthenticatedPrincipal(principal);
      
              
          return true;
        }     
              
        @Override
        public void logout() {
          identity.logout();        
        }




      Components.xml defines a factory to get the Authenticator since we also have another Authenticator for testing. I'm interested in the WebSSOAuthenticator.



      <security:identity authenticate-method="${authenticator.authenticate"/>
      
      <component name="authenticatorFactory" class="com.mycompany.AuthenticatorFactory" auto-create="true" scope="stateless"/>
           
      <factory name="authenticator" scope="session" method="#{authenticatorFactory.getAuthenticator}"/>



      Pages.xml:



      <pages ... login-view-id="/main.xhtml">
        <page view-id="/main.xhtml">
          <action execute="#{authenticatorFactory.getType()}" if="#{!identity.loggedIn}"/>
          <navigation from-action="#{authenticatorFactory.getType()}">
            <rule if-outcome="web-sso">
              <redirect view-id="/login-websso.xhtml"/>
            </rule>
            <!-- Additional rule for testing... -->
          </navigation>
        </page>
      
        <page view-id="/login-websso.xhtml">
          <action execute="#{identity.login}"/>
          <navigation from-action="#{identity.login}">
            <rule if-outcome="loggedIn">
              <redirect view-id="/main.xhtml"/>
            </rule>
          </navigation>
        </page>
      </pages>




      I'm using Seam 2.2.1 CR1 with Apache Tomcat 6.0.26