5 Replies Latest reply on Oct 10, 2007 2:37 PM by Waseem Quraishi

    Logout problem

    Sergio R Pantano Newbie

      I am using Seam 2.0Beta1 + Acegi + Spring + Hibernate.
      When I try to logout, and I used:

      Session.instance().invalidate()
      
      ;
      HttpSession session = (HttpSession)FacesContext.getCurrentInstance().getExternalContext().getSession(false);
       session.removeAttribute("ACEGI_SECURITY_CONTEXT");
       session.removeAttribute("ACEGI_SECURITY_LAST_USERNAME");
      

      Everything goes berserk, and my EntityManager is killed:
      16:37:32,369 ERROR [ExceptionFilter] handling uncaught exception
      java.lang.IllegalStateException: EntityManager is closed
       at org.hibernate.ejb.EntityManagerImpl.getSession(EntityManagerImpl.java:42)
       at org.hibernate.ejb.AbstractEntityManagerImpl.createQuery(AbstractEntityManagerImpl.java:92)
       at org.hibernate.search.jpa.impl.FullTextEntityManagerImpl.createQuery(FullTextEntityManagerImpl.java:130)
       at org.jboss.seam.persistence.EntityManagerProxy.createQuery(EntityManagerProxy.java:79)
       at com.bcsinfo.security.view.web.user.UserList.findUserByUsername(UserList.java:48)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:589)
       at org.jboss.seam.util.Reflections.invoke(Reflections.java:21)
       at org.jboss.se
      


      Please Help.

        • 1. Re: Logout problem
          Sergio R Pantano Newbie

          Please anyone??

          • 2. Re: Logout problem
            Sergio R Pantano Newbie

            Again, please, please, please. Can anyone help?

            • 3. Re: Logout problem
              Dustin Norlander Apprentice

              From seam javadoc of Session:


              Controls HttpSession invalidation in any servlet or JSF environment. Since Seam keeps internal state in the HttpSession, is is illegal to call HttpSession.invalidate() while Seam contexts are active. Applications using Seam security should call Identity.logout() instead of calling this component directly.


              Seems like you should try Identity.logout().


              best,
              Dustin

              • 4. Re: Logout problem
                Drazen Nikolic Newbie

                Try this:

                import javax.faces.context.FacesContext;
                import javax.servlet.http.Cookie;
                import javax.servlet.http.HttpServletRequest;
                import javax.servlet.http.HttpServletResponse;
                
                import org.acegisecurity.context.SecurityContextHolder;
                import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
                import org.jboss.seam.Seam;
                
                
                ...
                
                private void logoutAuthentication() {
                 HttpServletRequest request =
                 (HttpServletRequest)FacesContext.getCurrentInstance()
                 .getExternalContext().getRequest();
                 HttpServletResponse response = (HttpServletResponse)FacesContext.getCurrentInstance()
                 .getExternalContext().getResponse();
                 try {
                 if (request.getRemoteUser() != null) {
                 Seam.invalidateSession(); // invalidate session
                 Cookie terminate = new Cookie(TokenBasedRememberMeServices
                 .ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY, null);
                 terminate.setMaxAge(0);
                 terminate.setPath("/"); // You need to add this!!!!!
                 response.addCookie(terminate);
                 SecurityContextHolder.clearContext(); // invalidate
                 // authentication
                 }
                
                 } catch (Exception e) {
                 log.error("Error logging out: ", e);
                 }
                 log.debug("SecurityContext invalidated!");
                }
                
                


                • 5. Re: Logout problem
                  Waseem Quraishi Newbie

                  easiest way i know of is to add a link in your jsf as such:

                  <s:link action="#{identity.logout}" value="Logout |"
                  rendered="#{identity.loggedIn}">

                  the identity.logout action will invalidate the session.