// copied from org.jboss.seam.security.Identity protected void postAuthenticate() { // Populate the working memory with the user's principals for (Principal p : getSubject().getPrincipals()) { if (!(p instanceof Group)) { if (principal == null) { principal = p; break; } } } if (!preAuthenticationRoles.isEmpty() && isLoggedIn()) { for (String role : preAuthenticationRoles) { addRole(role); } preAuthenticationRoles.clear(); } credentials.clearPassword(); // It's used in: // - org.jboss.seam.security.management.JpaIdentityStore.setUserAccountForSession() // - org.jboss.seam.security.FacesSecurityEvents.postAuthenticate(Identity) // -org.jboss.seam.security.RememberMe.postAuthenticate(Identity) // to avoid a class cast exception, we pass Identity here (FacesSecurityEvents is not doing // anything with it) // We already set authenticatedUser in session so no need to raise this event any more // if (Events.exists()) { // Events.instance().raiseEvent(Identity.EVENT_POST_AUTHENTICATE, // new Identity()); // } }
// based on org.jboss.seam.security.Identity.authenticate() private synchronized void authenticate() throws LoginException { // If we're already authenticated, then don't authenticate again if (!isLoggedIn()) { principal = null; subject = new Subject(); try { authenticating = true; preAuthenticate(); getLoginContext().login(); postAuthenticate(); } finally { // Set password to null whether authentication is successful or not credentials.clearPassword(); authenticating = false; } } }