[jboss-user] [JBoss Seam] - Seam remoting and security problem

Stateless Bean do-not-reply at jboss.com
Mon Jun 18 07:06:24 EDT 2007 

Hi,
I have problem with seam remoting.
My app works fine on FF, but on IE,Avant Browser and Opera 9x, first time when user login and change somethinkg using ajax remoting, user is logouted from page and redirected to main page and "User not logged in" exception is thrown.

Second try do login and change ajax everythink now works fine. Can anyone tell me what is going on?

Here is my configuration:
components.xml

anonymous wrote : 
  | <?xml version="1.0" encoding="UTF-8"?>
  | <components xmlns="http://jboss.com/products/seam/components"
  |             xmlns:core="http://jboss.com/products/seam/core"
  |             xmlns:security="http://jboss.com/products/seam/security"
  |             xmlns:drools="http://jboss.com/products/seam/drools"
  |             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  |             xsi:schemaLocation=
  |                 "http://jboss.com/products/seam/core http://jboss.com/products/seam/core-1.1.xsd 
  |                  http://jboss.com/products/seam/components http://jboss.com/products/seam/components-1.1.xsd
  |                  http://jboss.com/products/seam/security http://jboss.com/products/seam/security-1.1.xsd
  |                  http://jboss.com/products/seam/drools http://jboss.com/products/seam/drools-1.1.xsd">
  | 
  |     <core:init jndi-pattern="Universum/#{ejbName}/local" debug="false"/>  
  |  
  |     <core:manager conversation-timeout="120000" 
  |                   concurrent-request-timeout="500"
  |                   conversation-id-parameter="cid"
  |                   conversation-is-long-running-parameter="clr"/>
  |     
  |     <core:dispatcher/>
  |     
  |       false
  |       2
  |       1
  |      
  |     
  |     <security:identity authenticate-method="#{authenticator.authenticate}"/>
  | 
  |     <drools:rule-base name="securityRules">
  |        <drools:rule-files>/META-INF/security-rules.drl</drools:rule-files>
  |    </drools:rule-base>
  |     
  |     <component name="em" auto-create="true" class="org.jboss.seam.core.ManagedPersistenceContext">
  |         java:/sguEntityManagerFactory
  |       
  |     
  | 	<core:locale-selector cookie-enabled="true"/> 
  |             
  | 

pages.xml

  | <!DOCTYPE pages PUBLIC
  |           "-//JBoss/Seam Pages Configuration DTD 1.2//EN"
  |           "http://jboss.com/products/seam/pages-1.2.dtd">
  | 
  | <pages>
  | 	<page view-id="/blc.xhtml" action="#{engineControler.calcUserPoints}" />
  | 
  |     <page view-id="/pages/*">
  |     	<restrict>#{s:hasRole('user')}</restrict>  
  |         <navigation from-action="#{gameAction.logout}">
  |             <redirect view-id="/Universum.xhtml"/>
  |         </navigation>
  | ....
  | 

web.xml

  | <?xml version="1.0" encoding="UTF-8"?>
  | <web-app version="2.4" 
  |          xmlns="http://java.sun.com/xml/ns/j2ee"
  |          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  |          xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
  |          
  | 
  |     <listener>
  |         <listener-class>org.jboss.seam.servlet.SeamListener</listener-class>
  |     </listener>
  |     
  |     <listener>
  |         <listener-class>org.apache.myfaces.webapp.StartupServletContextListener</listener-class>
  |     </listener>
  |     
  |     <context-param>
  |         <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
  |         <param-value>client</param-value>
  |     </context-param>
  |     
  |     <context-param>
  |         <param-name>facelets.DEVELOPMENT</param-name>
  |         <param-value>true</param-value>
  |     </context-param>
  |     
  |     <context-param>
  |         <param-name>javax.faces.DEFAULT_SUFFIX</param-name>
  |         <param-value>.xhtml</param-value>
  |     </context-param>
  | 
  | 	<filter>
  | 	    <filter-name>Seam Exception Filter</filter-name>
  | 	    <filter-class>org.jboss.seam.servlet.SeamExceptionFilter</filter-class>
  | 	</filter>
  | 
  |     <filter>
  |         <filter-name>Seam Redirect Filter</filter-name>
  |         <filter-class>org.jboss.seam.servlet.SeamRedirectFilter</filter-class>
  |     </filter>
  | 
  | 	<filter-mapping>
  | 	    <filter-name>Seam Exception Filter</filter-name>
  | 	    <url-pattern>*.seam</url-pattern>
  | 	</filter-mapping>
  |     
  |     <filter-mapping>
  |         <filter-name>Seam Redirect Filter</filter-name>
  |         <url-pattern>*.seam</url-pattern>
  |     </filter-mapping>
  | 
  | 	<servlet>
  |     	<servlet-name>Seam Resource Servlet</servlet-name>
  | 	    <servlet-class>org.jboss.seam.servlet.ResourceServlet</servlet-class>
  | 	</servlet>
  | 
  | 	<servlet-mapping>
  |     	<servlet-name>Seam Resource Servlet</servlet-name>
  | 	    <url-pattern>/seam/resource/*</url-pattern>
  | 	</servlet-mapping>
  | 
  |     <servlet>
  |         <servlet-name>Faces Servlet</servlet-name>
  |         <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
  |         <load-on-startup>1</load-on-startup>
  |     </servlet>
  |     
  |     <servlet-mapping>
  |         <servlet-name>Faces Servlet</servlet-name>
  |         <url-pattern>*.seam</url-pattern>
  |     </servlet-mapping>                 
  | </web-app>

and my remoting :
method
public List<String mymethod() { }

and in console i added: @WebRemote

For me it looks like security problem,

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4055156#4055156

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4055156

More information about the jboss-user mailing list