1 Reply Latest reply on May 28, 2009 10:05 AM by msznapka.martin.sznapka.gmail.com

    missing loginContext.logout()

    msznapka.martin.sznapka.gmail.com
    msznapka.martin.sznapka.gmail.com May 19, 2009 3:14 PM
      With my colleague we were implementing Tomcat-JBossAS remote login module and we found that in Identity.java is missing important piece of code:

      loginContext.logout();

      So if the user is logging out, than loginContext.logout is not called.
      It seems like bug in Seam (2.1.2.CR1).

      Here is patch for Identity.java:

      public void unAuthenticate()
      {     
        principal = null;
        subject = new Subject();

        credentials.clear();

        if(loginContext != null) {
           try {
              loginContext.logout();
           }
           catch(LoginException e) {
              log.error("Logout failed", e);
           }
           finally {
              loginContext = null;
           }
        }
      }

      private transient LoginContext loginContext;

      protected LoginContext getLoginContext() throws LoginException
      {
        if(getJaasConfigName() == null)
           loginContext = new LoginContext(Configuration.DEFAULT_JAAS_CONFIG_NAME, getSubject(), credentials.createCallbackHandler(), Configuration.instance());
        else
           loginContext = new LoginContext(getJaasConfigName(), getSubject(), credentials.createCallbackHandler());

        return loginContext;
      }
      • 204 Views
      • Tags: