Uploaded image for project: 'Seam 2'
  1. Seam 2
  2. JBSEAM-3224

RememberMe autologin mode is broken

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 2.1.0.A1, 2.1.0.BETA1
    • Fix Version/s: 2.1.0.CR1
    • Component/s: Security
    • Labels:
    • Environment:

      Ubuntu 8.04, JBoss 4.2.2, JVM 1.6.0_04, Seam 2.1 trunk as of Aug 6th 2008.

      Description

      Setting remember-me autologin mode doesn't work.

      To reproduce the problem:

      • take the Seam Space example and apply the steps described in chapter 15.3.5.1 of the reference documentation.
      • login with "Remember me" checked
      • force the autologin mechanism by deleting the JSESSIONID cookie and clicking refresh on the browser.

      The following exception is logged:

      org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,read]
      at org.jboss.seam.security.Identity.checkPermission(Identity.java:563)
      at org.jboss.seam.security.management.IdentityManager.isUserEnabled(IdentityManager.java:127)
      at org.jboss.seam.security.RememberMe$1.execute(RememberMe.java:282)
      at org.jboss.seam.security.Identity.runAs(Identity.java:711)
      at org.jboss.seam.security.RunAsOperation.run(RunAsOperation.java:84)
      at org.jboss.seam.security.RememberMe.quietLogin(RememberMe.java:278)

      The problem is originated from what seems to me a typo in RunAsOperation class constructor, where the 'systemOp' flag is never set to true, regardless of the value passed.

      public RunAsOperation(boolean systemOp)

      { this(); systemOp = true; }

      It should be:

      this.systemOp = systemOp;

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                shane.bryzak Shane Bryzak
                Reporter:
                stefanotravelli Stefano Travelli
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: