5 Replies Latest reply on Oct 10, 2007 2:37 PM by wquraishi

    Logout problem

    srpantano

      I am using Seam 2.0Beta1 + Acegi + Spring + Hibernate.
      When I try to logout, and I used:

      Session.instance().invalidate()
      
      ;
      HttpSession session = (HttpSession)FacesContext.getCurrentInstance().getExternalContext().getSession(false);
       session.removeAttribute("ACEGI_SECURITY_CONTEXT");
       session.removeAttribute("ACEGI_SECURITY_LAST_USERNAME");
      

      Everything goes berserk, and my EntityManager is killed:
      16:37:32,369 ERROR [ExceptionFilter] handling uncaught exception
      java.lang.IllegalStateException: EntityManager is closed
       at org.hibernate.ejb.EntityManagerImpl.getSession(EntityManagerImpl.java:42)
       at org.hibernate.ejb.AbstractEntityManagerImpl.createQuery(AbstractEntityManagerImpl.java:92)
       at org.hibernate.search.jpa.impl.FullTextEntityManagerImpl.createQuery(FullTextEntityManagerImpl.java:130)
       at org.jboss.seam.persistence.EntityManagerProxy.createQuery(EntityManagerProxy.java:79)
       at com.bcsinfo.security.view.web.user.UserList.findUserByUsername(UserList.java:48)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:589)
       at org.jboss.seam.util.Reflections.invoke(Reflections.java:21)
       at org.jboss.se
      


      Please Help.

        • 1. Re: Logout problem
          srpantano

          Please anyone??

          • 2. Re: Logout problem
            srpantano

            Again, please, please, please. Can anyone help?

            • 3. Re: Logout problem
              dustismo

              From seam javadoc of Session:


              Controls HttpSession invalidation in any servlet or JSF environment. Since Seam keeps internal state in the HttpSession, is is illegal to call HttpSession.invalidate() while Seam contexts are active. Applications using Seam security should call Identity.logout() instead of calling this component directly.


              Seems like you should try Identity.logout().


              best,
              Dustin

              • 4. Re: Logout problem
                dnikolic

                Try this:

                import javax.faces.context.FacesContext;
                import javax.servlet.http.Cookie;
                import javax.servlet.http.HttpServletRequest;
                import javax.servlet.http.HttpServletResponse;
                
                import org.acegisecurity.context.SecurityContextHolder;
                import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
                import org.jboss.seam.Seam;
                
                
                ...
                
                private void logoutAuthentication() {
                 HttpServletRequest request =
                 (HttpServletRequest)FacesContext.getCurrentInstance()
                 .getExternalContext().getRequest();
                 HttpServletResponse response = (HttpServletResponse)FacesContext.getCurrentInstance()
                 .getExternalContext().getResponse();
                 try {
                 if (request.getRemoteUser() != null) {
                 Seam.invalidateSession(); // invalidate session
                 Cookie terminate = new Cookie(TokenBasedRememberMeServices
                 .ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY, null);
                 terminate.setMaxAge(0);
                 terminate.setPath("/"); // You need to add this!!!!!
                 response.addCookie(terminate);
                 SecurityContextHolder.clearContext(); // invalidate
                 // authentication
                 }
                
                 } catch (Exception e) {
                 log.error("Error logging out: ", e);
                 }
                 log.debug("SecurityContext invalidated!");
                }
                
                


                • 5. Re: Logout problem
                  wquraishi

                  easiest way i know of is to add a link in your jsf as such:

                  <s:link action="#{identity.logout}" value="Logout |"
                  rendered="#{identity.loggedIn}">

                  the identity.logout action will invalidate the session.