1 Reply Latest reply on May 28, 2009 10:05 AM by Martin Sznapka

    missing loginContext.logout()

    Martin Sznapka Newbie
      With my colleague we were implementing Tomcat-JBossAS remote login module and we found that in Identity.java is missing important piece of code:


      So if the user is logging out, than loginContext.logout is not called.
      It seems like bug in Seam (2.1.2.CR1).

      Here is patch for Identity.java:

      public void unAuthenticate()
        principal = null;
        subject = new Subject();


        if(loginContext != null) {
           try {
           catch(LoginException e) {
              log.error("Logout failed", e);
           finally {
              loginContext = null;

      private transient LoginContext loginContext;

      protected LoginContext getLoginContext() throws LoginException
        if(getJaasConfigName() == null)
           loginContext = new LoginContext(Configuration.DEFAULT_JAAS_CONFIG_NAME, getSubject(), credentials.createCallbackHandler(), Configuration.instance());
           loginContext = new LoginContext(getJaasConfigName(), getSubject(), credentials.createCallbackHandler());

        return loginContext;