[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-2165) Authenticator method invoked twice when login fails
by Yannick Lazzari (JIRA)
Authenticator method invoked twice when login fails
---------------------------------------------------
Key: JBSEAM-2165
URL: http://jira.jboss.com/jira/browse/JBSEAM-2165
Project: JBoss Seam
Issue Type: Bug
Components: Security
Affects Versions: 2.0.0.CR3
Reporter: Yannick Lazzari
Priority: Minor
The default behaviour of the isLoggedIn method in the Identity class is to pass the attemptLogin flag to true. Because of that, when authentication fails, it always calls the authenticator method twice. See the code of the authenticate() method below:
public void authenticate()
throws LoginException
{
// If we're already authenticated, then don't authenticate again
if (!isLoggedIn())
{
authenticate( getLoginContext() );
}
}
public boolean isLoggedIn(boolean attemptLogin)
{
if (!authenticating && attemptLogin && getPrincipal() == null && isCredentialsSet() &&
Contexts.isEventContextActive() &&
!Contexts.getEventContext().isSet(LOGIN_TRIED))
{
Contexts.getEventContext().set(LOGIN_TRIED, true);
quietLogin();
}
// If there is a principal set, then the user is logged in.
return getPrincipal() != null;
}
public void authenticate(LoginContext loginContext)
throws LoginException
{
try
{
authenticating = true;
preAuthenticate();
loginContext.login();
postAuthenticate();
}
finally
{
authenticating = false;
}
}
The first reference to isLoggedIn tries to log the user. When it fails, it goes in the if block and tries to authenticate the user for a second time before failing again. I could fix this on my end by overriding the isLoggedIn() method in my own Identity component and passing the attemptLogin flag to false. Before doing so, I thought that perhaps a fix could be done at a higher level, i.e. in the Identity class of Seam itself. The way I see it, 2 things could be done:
1. In the authenticate() method, invoke the isLoggedIn method with false.
2. Look into the management of the authenticating class member; there might be something wrong. It's only set to true at the beginning of the authenticate(LoginContext) method. If you look at the logic in the isLoggedIn(boolean) method, when it winds up being invoked at the beginning of the authenticate(), the authenticating flag is false, the attemptLogin flag is true, I don't have a principal yet (I'm trying to login for the first time) and my credentials are set (the user just provided his username and password).
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
16 years, 10 months
[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-1388) s:fileUpload doesn't work in Portlet
by jarkko Lietolahti (JIRA)
s:fileUpload doesn't work in Portlet
------------------------------------
Key: JBSEAM-1388
URL: http://jira.jboss.com/jira/browse/JBSEAM-1388
Project: JBoss Seam
Issue Type: Bug
Affects Versions: 1.2.1.GA
Reporter: jarkko Lietolahti
>From UIFileUpload.java:
@Override
public void decode(FacesContext context)
{
super.decode(context);
ServletRequest request = (ServletRequest) context.getExternalContext().getRequest();
}
In portal/portlet, one gets ActionRequest (which extends PortalRequest) instead of ServletRequest.
Nested Exception is
java.lang.ClassCastException: com.liferay.portlet.ActionRequestImpl cannot be cast to javax.servlet.ServletRequest
at org.jboss.seam.ui.UIFileUpload.decode(UIFileUpload.java:35)
at javax.faces.component.UIComponentBase.processDecodes(UIComponentBase.java:606)
at javax.faces.component.UIForm.processDecodes(UIForm.java:53)
at javax.faces.component.UIComponentBase.processDecodes(UIComponentBase.java:602)
at javax.faces.component.UIViewRoot.processDecodes(UIViewRoot.java:135)
at org.apache.myfaces.lifecycle.LifecycleImpl.applyRequestValues(LifecycleImpl.java:219)
at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:71)
at org.apache.myfaces.portlet.MyFacesGenericPortlet.processAction(MyFacesGenericPortlet.java:220)
at com.liferay.portal.kernel.servlet.PortletServlet.service(PortletServlet.java:88)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:574)
at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:499)
at com.liferay.portlet.CachePortlet._invoke(CachePortlet.java:333)
at com.liferay.portlet.CachePortlet.processAction(CachePortlet.java:157)
at com.liferay.portal.action.LayoutAction._processPortletRequest(LayoutAction.java:269)
at com.liferay.portal.action.LayoutAction._processActionRequest(LayoutAction.java:290)
at com.liferay.portal.action.LayoutAction.execute(LayoutAction.java:113)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
at com.liferay.portal.struts.PortalRequestProcessor.process(PortalRequestProcessor.java:156)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at com.liferay.portal.servlet.MainServlet.callParentService(MainServlet.java:479)
at com.liferay.portal.servlet.MainServlet.service(MainServlet.java:877)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at com.liferay.filters.strip.StripFilter.doFilter(StripFilter.java:94)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at com.liferay.filters.secure.SecureFilter.doFilter(SecureFilter.java:143)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at com.liferay.filters.compression.CompressionFilter.doFilter(CompressionFilter.java:115)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at com.liferay.portal.servlet.filters.layoutcache.LayoutCacheFilter.doFilter(LayoutCacheFilter.java:197)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at com.liferay.portal.servlet.filters.autologin.AutoLoginFilter.doFilter(AutoLoginFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.doFilter(VirtualHostFilter.java:169)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at net.hyperic.hq.product.servlet.filter.JMXFilter.doFilter(JMXFilter.java:277)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Thread.java:619)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
16 years, 10 months
[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-2404) TimeZoneSelector: Initialization
by Martin Trummer (JIRA)
TimeZoneSelector: Initialization
--------------------------------
Key: JBSEAM-2404
URL: http://jira.jboss.com/jira/browse/JBSEAM-2404
Project: JBoss Seam
Issue Type: Feature Request
Affects Versions: 2.0.0.CR2
Reporter: Martin Trummer
org.jboss.seam.international.TimeZoneSelector
when called for the first time (no cookie set),
initTimeZone() will not initialize the id, thus:
* getTimeZoneId() will return null, but
* getTimeZone() will return the default timezone
this is not consistent
it would be better to initialize the id in the initTimeZone() method to the default timezone (if no cookie is set).
then the getTimeZone() method could always return java.util.TimeZone.getTimeZone( getTimeZoneId(), and another benefit is, that the null check in getTimeZone() can now be eliminated.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
16 years, 10 months
[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-1532) include jar-versions.xml file
by Dan Allen (JIRA)
include jar-versions.xml file
-----------------------------
Key: JBSEAM-1532
URL: http://jira.jboss.com/jira/browse/JBSEAM-1532
Project: JBoss Seam
Issue Type: Feature Request
Components: Documentation
Affects Versions: 1.3.0.ALPHA
Environment: seam CVS HEAD
Reporter: Dan Allen
Priority: Minor
It would be so helpful if a jar-versions.xml file could be kept up to date in the root of the seam source code to track the versions of the bundle libraries, in the absence of other solutions. This idea comes from the JBoss AS, which uses this file to communicate the versions of libraries used.
Documenting the versions helps:
1. developers, who may find challenge in combining APIs of libraries without knowing the version
2. users who are unable to determine the contents of what they downloaded
3. for legal reasons, just in case there are differences in licenses amongst releases of third party products, to protect seam itself as well as integrators of seam.
With all that said, the better solution is to use ant-ivy or maven2 to get the jar files out of the source code. But I digress.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
16 years, 10 months