[jbossseam-issues] [JBoss JIRA] Updated: (JBSEAM-3224) RememberMe autologin mode is broken

RememberMe autologin mode is broken ----------------------------------- Key: JBSEAM-3224 URL: https://jira.jboss.org/jira/browse/JBSEAM-3224 Project: Seam Issue Type: Bug Components: Security Affects Versions: 2.1.0.A1 Environment: Ubuntu 8.04, JBoss 4.2.2, JVM 1.6.0_04, Seam 2.1 trunk as of Aug 6th 2008. Reporter: Stefano Travelli Attachments: RunAsOperation.patch, Test_for_RunAsOperation_(JBSEAM-3224).patch Setting remember-me autologin mode doesn't work. To reproduce the problem: - take the Seam Space example and apply the steps described in chapter 15.3.5.1 of the reference documentation. - login with "Remember me" set - force the autologin mechanism by deleting the JSESSIONID cookie and clicking refresh on the browser. The following exception is logged: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,read] at org.jboss.seam.security.Identity.checkPermission(Identity.java:563) at org.jboss.seam.security.management.IdentityManager.isUserEnabled(IdentityManager.java:127) at org.jboss.seam.security.RememberMe$1.execute(RememberMe.java:282) at org.jboss.seam.security.Identity.runAs(Identity.java:711) at org.jboss.seam.security.RunAsOperation.run(RunAsOperation.java:84) at org.jboss.seam.security.RememberMe.quietLogin(RememberMe.java:278) The problem is originated from what seems to me a typo in RunAsOperation class constructor, where the 'systemOp' flag is never set to true, regardless of the value passed. public RunAsOperation(boolean systemOp) { this(); systemOp = true; } It should be: this.systemOp = systemOp;