[seam-commits] Seam SVN: r7361 - trunk/src/main/org/jboss/seam/security.

seam-commits at lists.jboss.org seam-commits at lists.jboss.org
Mon Feb 4 19:32:47 EST 2008 

Author: shane.bryzak at jboss.com
Date: 2008-02-04 19:32:46 -0500 (Mon, 04 Feb 2008)
New Revision: 7361

Modified:
   trunk/src/main/org/jboss/seam/security/FacesSecurityEvents.java
   trunk/src/main/org/jboss/seam/security/Identity.java
   trunk/src/main/org/jboss/seam/security/RuleBasedIdentity.java
Log:
Identity.logout() only unauthenticates if user is logged in.  New event raised when already-authenticated user attempts to login again.

Modified: trunk/src/main/org/jboss/seam/security/FacesSecurityEvents.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/FacesSecurityEvents.java	2008-02-04 22:46:33 UTC (rev 7360)
+++ trunk/src/main/org/jboss/seam/security/FacesSecurityEvents.java	2008-02-05 00:32:46 UTC (rev 7361)
@@ -139,4 +139,14 @@
    {
       return "org.jboss.seam.loginSuccessful";
    }   
+   
+   @Observer(Identity.EVENT_ALREADY_LOGGED_IN)
+   public void addAlreadyLoggedInMessage()
+   {
+      FacesMessages.instance().addFromResourceBundleOrDefault (
+         FacesMessage.SEVERITY_WARN,
+         "org.jboss.seam.AlreadyLoggedIn",
+         "You are already logged in, please log out first if you wish to log in again"
+      );
+   }
 }

Modified: trunk/src/main/org/jboss/seam/security/Identity.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/Identity.java	2008-02-04 22:46:33 UTC (rev 7360)
+++ trunk/src/main/org/jboss/seam/security/Identity.java	2008-02-05 00:32:46 UTC (rev 7361)
@@ -64,6 +64,7 @@
    public static final String EVENT_LOGGED_OUT = "org.jboss.seam.security.loggedOut";
    public static final String EVENT_CREDENTIALS_UPDATED = "org.jboss.seam.security.credentialsUpdated";
    public static final String EVENT_REMEMBER_ME = "org.jboss.seam.security.rememberMe";
+   public static final String EVENT_ALREADY_LOGGED_IN = "org.jboss.seam.security.alreadyLoggedIn";
    
    protected static boolean securityEnabled = true;
    
@@ -192,11 +193,28 @@
       }
    }
 
+   /**
+    * Attempts to authenticate the user.  This method is distinct to the 
+    * authenticate() method in that it raises events in response to whether
+    * authentication is successful or not.  The following events may be raised
+    * by calling login():
+    * 
+    * org.jboss.seam.security.loginSuccessful - raised when authentication is successful
+    * org.jboss.seam.security.loginFailed - raised when authentication fails
+    * org.jboss.seam.security.alreadyLoggedIn - raised if the user is already authenticated
+    * 
+    * @return String returns "loggedIn" if user is authenticated, or null if not.
+    */
    public String login()
    {
       try
-      {
-         authenticate();
+      {         
+         if (!authenticate())
+         {
+            if (Events.exists()) Events.instance().raiseEvent(EVENT_ALREADY_LOGGED_IN);
+            return "loggedIn";            
+         }
+         
          if ( log.isDebugEnabled() )
          {
             log.debug("Login successful for: " + getUsername());
@@ -230,7 +248,12 @@
       catch (LoginException ex) { }
    }
    
-   public void authenticate() 
+   /**
+    * 
+    * @return boolean true if authentication is attempted, false if it is not.
+    * @throws LoginException
+    */
+   public boolean authenticate() 
       throws LoginException
    {
       // If we're already authenticated, then don't authenticate again
@@ -239,6 +262,11 @@
          principal = null;
          subject = new Subject();
          authenticate( getLoginContext() );
+         return true;
+      }      
+      else
+      {
+         return false;
       }
    }
 
@@ -250,7 +278,7 @@
          authenticating = true;
          preAuthenticate();
          loginContext.login();
-         postAuthenticate();         
+         postAuthenticate();
       }
       finally
       {
@@ -327,9 +355,12 @@
    
    public void logout()
    {
-      unAuthenticate();
-      Session.instance().invalidate();
-      if (Events.exists()) Events.instance().raiseEvent(EVENT_LOGGED_OUT);      
+      if (isLoggedIn(false))
+      {
+         unAuthenticate();
+         Session.instance().invalidate();
+         if (Events.exists()) Events.instance().raiseEvent(EVENT_LOGGED_OUT);
+      }
    }
 
    /**

Modified: trunk/src/main/org/jboss/seam/security/RuleBasedIdentity.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/RuleBasedIdentity.java	2008-02-04 22:46:33 UTC (rev 7360)
+++ trunk/src/main/org/jboss/seam/security/RuleBasedIdentity.java	2008-02-05 00:32:46 UTC (rev 7361)
@@ -222,18 +222,5 @@
    public void setSecurityRules(RuleBase securityRules)
    {
       this.securityRules = securityRules;
-   }   
-   
-   @Override
-   public void logout()
-   {
-      // Explicitly destroy the security context
-      if (getSecurityContext() != null)
-      {
-         getSecurityContext().dispose();
-         setSecurityContext(null);
-      }
-      
-      super.logout();
-   }   
+   }    
 }

More information about the seam-commits mailing list