This content has been marked as final.
Show 5 replies
-
-
2. Re: Logout problem
srpantano Oct 4, 2007 10:18 AM (in response to srpantano)Again, please, please, please. Can anyone help?
-
3. Re: Logout problem
dustismo Oct 4, 2007 11:58 AM (in response to srpantano)From seam javadoc of Session:
Controls HttpSession invalidation in any servlet or JSF environment. Since Seam keeps internal state in the HttpSession, is is illegal to call HttpSession.invalidate() while Seam contexts are active. Applications using Seam security should call Identity.logout() instead of calling this component directly.
Seems like you should try Identity.logout().
best,
Dustin -
4. Re: Logout problem
dnikolic Oct 10, 2007 11:35 AM (in response to srpantano)Try this:
import javax.faces.context.FacesContext; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.acegisecurity.context.SecurityContextHolder; import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices; import org.jboss.seam.Seam; ... private void logoutAuthentication() { HttpServletRequest request = (HttpServletRequest)FacesContext.getCurrentInstance() .getExternalContext().getRequest(); HttpServletResponse response = (HttpServletResponse)FacesContext.getCurrentInstance() .getExternalContext().getResponse(); try { if (request.getRemoteUser() != null) { Seam.invalidateSession(); // invalidate session Cookie terminate = new Cookie(TokenBasedRememberMeServices .ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY, null); terminate.setMaxAge(0); terminate.setPath("/"); // You need to add this!!!!! response.addCookie(terminate); SecurityContextHolder.clearContext(); // invalidate // authentication } } catch (Exception e) { log.error("Error logging out: ", e); } log.debug("SecurityContext invalidated!"); }
-
5. Re: Logout problem
wquraishi Oct 10, 2007 2:37 PM (in response to srpantano)easiest way i know of is to add a link in your jsf as such:
<s:link action="#{identity.logout}" value="Logout |"
rendered="#{identity.loggedIn}">
the identity.logout action will invalidate the session.