Hi,
i am facing a strange behaviour running the scenario below:
a) user supplied valid username - password and successfully logged in
b) press back button on browser
c) relogin supplying invalid username or password
d) successfully logs in!!
it seems that seam 'remembers' that user was already logged in and doesn't call
authenticate method, allowing a non existing user to enter. Is that expected?
A workaround is to override org.jboss.seam.security.Identity.Identity and call
login method as followes:
| @Name("org.jboss.seam.security.identity")
| @Scope(SESSION)
| @Install(precedence = APPLICATION)
| @BypassInterceptors
| @Startup
| public class AppIdentity extends Identity {
|
| @Override
| public String login() {
| unAuthenticate();
| return super.login();
| }
|
| }
|
|
I just wonder why unAuthenticate() is not called through Identity.login()
V.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4126129#4126129
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4126129
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
