[jboss-user] [JBoss Seam] - Login issue
baspet
do-not-reply at jboss.com
Mon Feb 4 07:55:40 EST 2008
Hi,
i am facing a strange behaviour running the scenario below:
a) user supplied valid username - password and successfully logged in
b) press back button on browser
c) relogin supplying invalid username or password
d) successfully logs in!!
it seems that seam 'remembers' that user was already logged in and doesn't call authenticate method, allowing a non existing user to enter. Is that expected?
A workaround is to override org.jboss.seam.security.Identity.Identity and call login method as followes:
| @Name("org.jboss.seam.security.identity")
| @Scope(SESSION)
| @Install(precedence = APPLICATION)
| @BypassInterceptors
| @Startup
| public class AppIdentity extends Identity {
|
| @Override
| public String login() {
| unAuthenticate();
| return super.login();
| }
|
| }
|
|
I just wonder why unAuthenticate() is not called through Identity.login()
V.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4126129#4126129
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4126129
More information about the jboss-user
mailing list