5 Replies Latest reply on Feb 27, 2011 7:07 PM by Tim Evers

    Issue with "auto-logout"

    Tom Whitner Newbie

      I just discovered that a commented out commandlink with action\="\#{identity.logout()}" on an xhtml page will cause Seam to logout the user every time the page is processed.


      <html xmlns="http://www.w3.org/1999/xhtml"
           xmlns:ui="http://java.sun.com/jsf/facelets"
           xmlns:h="http://java.sun.com/jsf/html">
      <body>
       <h2>Welcome</h2>
       <h:form>
        <!-- 
        <h:commandLink rendered="#{identity.isLoggedIn()}" 
           action="#{identity.logout()}">Logout</h:commandLink>
        -->
       </h:form> 
       <h:form>
        <div>
         <h:outputText value="Please enter your username and password:" /> 
         <h:inputText value="#{credentials.username}" /> 
         <h:inputSecret value="#{credentials.password}" />
        </div>
        <div>
         <h:commandButton action="#{identity.login}" value="Login" />
        </div>
        <h:messages styleClass="messages" />
       </h:form>
      </body>
      </html>



      I have created a small sample with the following for my authenticator


      @Stateless
      @Name("login")
      public class LoginAction implements Login {
      
           @Logger
           private Log log;
      
           public boolean login() {
                return true;
           }
      
           @Observer("org.jboss.seam.security.loginSuccessful")
           public void onSuccessfulLogin() {
                log.info("Login successful.");
           }
      
           @Observer("org.jboss.seam.security.loggedOut")
           public void onLogout() {
                log.info("User Logged Out.");
           }
      
      }



      With the command link uncommented, I see


      2011-02-21 14:17:48,924 INFO  [session.LoginAction] (http-127.0.0.1-8080-1) Login successful.
      2011-02-21 14:17:59,267 INFO  [session.LoginAction] (http-127.0.0.1-8080-1) User Logged Out.



      Note the 11 second delay before I pressed the logout button.  When I comment out the command link (as in the example above), I see the following:


      2011-02-21 14:20:40,948 INFO  [session.LoginAction] (http-127.0.0.1-8080-1) Login successful.
      2011-02-21 14:20:40,979 INFO  [session.LoginAction] (http-127.0.0.1-8080-1) User Logged Out.



      Note that I did NOT push the logout button, and the logout happens 21 ms after I pressed login.  Somehow the EL is being processed when the commandlink element is commented out.


      I think this is a defect/bug.  Has anyone seen this?  Is this a know issue?  If so, please point me to more information (Jira, doc, etc.).  Otherwise, I will open an issue in Jira.


      Thanks,
      Tom