[jbossseam-issues] [JBoss JIRA] Updated: (JBSEAM-3224) RememberMe autologin mode is broken

[ https://jira.jboss.org/jira/browse/JBSEAM-3224?page=com.atlassian.jira.pl... ] Stefano Travelli updated JBSEAM-3224: ------------------------------------- Description: Setting remember-me autologin mode doesn't work. To reproduce the problem: - take the Seam Space example and apply the steps described in chapter 15.3.5.1 of the reference documentation. - login with "Remember me" checked - force the autologin mechanism by deleting the JSESSIONID cookie and clicking refresh on the browser. The following exception is logged: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,read] at org.jboss.seam.security.Identity.checkPermission(Identity.java:563) at org.jboss.seam.security.management.IdentityManager.isUserEnabled(IdentityManager.java:127) at org.jboss.seam.security.RememberMe$1.execute(RememberMe.java:282) at org.jboss.seam.security.Identity.runAs(Identity.java:711) at org.jboss.seam.security.RunAsOperation.run(RunAsOperation.java:84) at org.jboss.seam.security.RememberMe.quietLogin(RememberMe.java:278) The problem is originated from what seems to me a typo in RunAsOperation class constructor, where the 'systemOp' flag is never set to true, regardless of the value passed. public RunAsOperation(boolean systemOp) { this(); systemOp = true; } It should be: this.systemOp = systemOp; was: Setting remember-me autologin mode doesn't work. To reproduce the problem: - take the Seam Space example and apply the steps described in chapter 15.3.5.1 of the reference documentation. - login with "Remember me" set - force the autologin mechanism by deleting the JSESSIONID cookie and clicking refresh on the browser. The following exception is logged: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,read] at org.jboss.seam.security.Identity.checkPermission(Identity.java:563) at org.jboss.seam.security.management.IdentityManager.isUserEnabled(IdentityManager.java:127) at org.jboss.seam.security.RememberMe$1.execute(RememberMe.java:282) at org.jboss.seam.security.Identity.runAs(Identity.java:711) at org.jboss.seam.security.RunAsOperation.run(RunAsOperation.java:84) at org.jboss.seam.security.RememberMe.quietLogin(RememberMe.java:278) The problem is originated from what seems to me a typo in RunAsOperation class constructor, where the 'systemOp' flag is never set to true, regardless of the value passed. public RunAsOperation(boolean systemOp) { this(); systemOp = true; } It should be: this.systemOp = systemOp; -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira