Infinite Loop with NotLoggedInException
ryneezy.ryan.samiley.live.com Dec 21, 2010 7:11 PMTrying to integrate my app with Oracle WebSSO. Unfortunately after I log in through WebSSO, Seam looks like it loses the identity then goes into an infinite loop with NotLoggedInException.
I have an Authenticator interface:
public interface Authenticator { boolean authenticate(); void logout(); }
When WebSSO performs a successful authentication it puts the username in the Http Header with a customizable token. The WebSSO Authenticator looks like:
@Name("webSSOAuthenticator") @SuppressWarnings("serial") public class WebSSOAuthenticator implements Authenticator, Serializable { @In private Identity identity; public WebSSOAuthenticator() { super(); } public boolean authenticate() { if (identity.isLoggedIn()) { log.info("authenticated"); return true; } ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext(); HttpServletRequest request = (HttpServletRequest) externalContext.getRequest(); String username = request.getHeader("USER_TOKEN"); // Perform some authentication logic with the username SimplePrincipal principal = new SimplePrincipal(username); identity.acceptExternallyAuthenticatedPrincipal(principal); return true; } @Override public void logout() { identity.logout(); }
Components.xml defines a factory to get the Authenticator since we also have another Authenticator for testing. I'm interested in the WebSSOAuthenticator.
<security:identity authenticate-method="${authenticator.authenticate"/> <component name="authenticatorFactory" class="com.mycompany.AuthenticatorFactory" auto-create="true" scope="stateless"/> <factory name="authenticator" scope="session" method="#{authenticatorFactory.getAuthenticator}"/>
Pages.xml:
<pages ... login-view-id="/main.xhtml"> <page view-id="/main.xhtml"> <action execute="#{authenticatorFactory.getType()}" if="#{!identity.loggedIn}"/> <navigation from-action="#{authenticatorFactory.getType()}"> <rule if-outcome="web-sso"> <redirect view-id="/login-websso.xhtml"/> </rule> <!-- Additional rule for testing... --> </navigation> </page> <page view-id="/login-websso.xhtml"> <action execute="#{identity.login}"/> <navigation from-action="#{identity.login}"> <rule if-outcome="loggedIn"> <redirect view-id="/main.xhtml"/> </rule> </navigation> </page> </pages>
I'm using Seam 2.2.1 CR1 with Apache Tomcat 6.0.26