Hi, Let me start with background of issue I have. My authenticator method uses an external web service, multiple invocation of this method on a failed attempt causes the account to be locked earlier then expected. Locking of account is controlled by the external service. Hence, I really need to ensure that authenticator is invoked only once. Please see that in this scenario the guarantee that login failed event is raised only once is not useful as that event is can't be seen by the authentication service.
After reading JIRA issue 2165, I understand that I need to invoke Identity.isLoggedIn(false) instead of Identity.isLoggedIn() to avoid multiple invocation of authenticator. My app uses identity.isLoggedIn as an EL expression in pages.xml file. If I change this EL expression to identity.isLoggedIn(false), I get an error page on Login attempt as that EL expression gets mapped to Identity.isLoggedIn(java.lang.Boolean) instead of Identity.isLoggedIn(boolean). My questions: 1. Is there way to write el expression that will map parameter type to boolean instead of java.lang.Boolean? 2. Is there a better way to ensure authenticator is invoked only once? Thanks. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4117119#4117119 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4117119 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
