-
1. Re: Forcing Authenticated Session Expiration
lightguard Mar 29, 2012 3:30 PM (in response to richfaces_ahop)Are you setting the timeout in web.xml for sessions?
-
2. Re: Forcing Authenticated Session Expiration
richfaces_ahop Mar 29, 2012 4:00 PM (in response to lightguard)I have set the <session-timeout> in the web.xml to various values, such as 2 mins, 2 hours, but it doesn't trigger the forced session timeout.
-
3. Re: Forcing Authenticated Session Expiration
lightguard Mar 29, 2012 5:04 PM (in response to richfaces_ahop)Um... I got nothing right now. Are you using a JSF component library that might be talking to the server via a poll or something?
-
4. Re: Forcing Authenticated Session Expiration
richfaces_ahop Mar 29, 2012 5:11 PM (in response to lightguard)I created a Authenticator Seam component to validate the user input, like below:
@Name("authenticator")
public class Authenticator {
@In EntityManager entityManager;
public boolean authenticate() {
try
{
User user = (User) entityManager.createQuery(
"from User where username = :username and password = :password")
.setParameter("username", Identity.instance().getUsername())
.setParameter("password", Identity.instance().getPassword())
.getSingleResult();
if (user.getRoles() != null)
{
for (UserRole mr : user.getRoles())
Identity.instance().addRole(mr.getName());
}
return true;
}
catch (NoResultException ex)
{
FacesMessages.instance().add("Invalid username/password");
return false;
}
}
I also did the below authenticate the session. Besides the session timeout variable, I am not sure what else I need to do?
<components xmlns="http://jboss.com/products/seam/components"
xmlns:core="http://jboss.com/products/seam/core"
xmlns:security="http://jboss.com/products/seam/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation=
"http://jboss.com/products/seam/core http://jboss.com/products/seam/core-1.1.xsd
http://jboss.com/products/seam/components http://jboss.com/products/seam/components-1.1.xsd
http://jboss.com/products/seam/security http://jboss.com/products/seam/security-1.1.xsd">
<security:identity authenticate-method="#{authenticator.authenticate}"/>
</components>