1 Reply Latest reply on Sep 15, 2011 9:33 AM by Shane Bryzak

    IDM annotation-based configuration - log-out broken

    Andrew Murphy Newbie

      Shane, perhaps you are best placed to comment?


      Since adding the @IdentityEntity annotations included in the latest seam-security snapshot to my IDM entity classes, my log-out functionality is no longer working. Apart from the addition of the class-level annotations, the removal of the JpaIdentityStoreConfiguration mappings from seam-beans.xml, and the amendment of the interceptor class mapping in beans.xml to org.jboss.seam.security.SecurityInterceptor, nothing else in my code has been changed.


      My application starts without error and IDM authentication works as expected. The only problem now is the user is no longer redirected to the log-in page after logging out.


      My current log-out configuration, which works with the seam-security-3.1.0-20110913.040412-20 snapshot build (prior to the annotation implementation), uses an observer method to invalidate the user session as follows...


      public String handlePostLoggedOutEvent(
          @Observes final PostLoggedOutEvent event,
              HttpServletRequest httpRequest) {
          final HttpSession session = httpRequest.getSession();
          if (session != null) {
              logger.logv(Level.DEBUG, "Invalidating session for user: {0}",
                      event.getUser().getId());
              session.invalidate();
          }
          return null;
      }
      



      ... and handles the redirect to the login page as defined below.


      @ViewConfig
      public interface MyViewConfig {
      
          static enum Pages {
      
              @FacesRedirect
              @ViewPattern("/secure/*")
              @LoggedIn
              @LoginView("/login.jsf")
              SECURE_PAGES,
      
              //... rest omitted
          }
      }
      



      I can confirm Identity.logout() is being called and that the session is being invalidated by handlePostLoggedOutEvent, so it would appear the redirect no longer works (current secured page remains in view).


      There are no errors or exceptions reported.


      I’ve scoured the latest changes in GitHub but cannot see any obvious changes that would break my code, so any guidance will be appreciated.


      Thanks, Andrew