Ben Alex wrote:
Andreas Brenk wrote:
You could use a HttpSessionListener to keep the coupling to Acegi Security separate from your controller.
See http://forum.springframework.org/viewtopic.php?t=1106 for an earlier discussion.
Perhaps this should be mentioned in the upgrade readme.
Regards, Andreas
Matt Raible wrote:
With Acegi Security 0.7.0, I was able to use session.invalidate() to logout a user - much like I do when using container-managed authentication. However, with 0.8.0, I've found that I have to use ContextHolder.setContext(null). Is there anyway to change back to the old behavior so I don't have any Acegi Security-specific code in my app - so users can easily switch back to CMA (non-Acegi Security based) if they want?
Hi Matt
Which container are you using? What does DEBUG-level logging show for HttpSessionContextIntegrationFilter? It seems to work OK for me in Tomcat 5.5 with the Contacts Sample application's logout.jsp.
I'm on Tomcat 5.5.7 with JDK 1.4.2. If I change logging to DEBUG, I get the messages below. I can tell the session is getting invalidated because Clickstream prints out a log. I am redirecting back to a page that requires authentication after logging out - but I would think I'd just be prompted to login again. I'm still using the "all filters in web.xml" method - maybe one of the filters needs a <dispatcher>FORWARD</dispatcher>?
[appfuse] DEBUG [http-8080-Processor4] LoginFilter.doFilter(71) | logging out 'm
raible'
[appfuse] INFO [http-8080-Processor4] SimpleClickstreamLogger.log(56) | Clickstr
eam for: 127.0.0.1
Session ID: 8A7DE0BE6C5C02004CB602D134A4124E
Initial Referrer:
Stream started: Thu Mar 10 08:28:15 MST 2005
Last request: Thu Mar 10 08:28:26 MST 2005
Stream length: 11 seconds
1: localhost:8080/appfuse/mainMenu.html
[appfuse] DEBUG [http-8080-Processor4] HttpSessionContextIntegrationFilter.doFil
ter(256) | Context stored to HttpSession: 'net.sf.acegisecurity.context.security
[EMAIL PROTECTED]: Authentication: net.sf.acegisecurity.providers.Userna
[EMAIL PROTECTED]: Username: mraible; Password: [PROTECTED];
Authenticated: true; Details: net.sf.acegisecurity.ui.WebAuthenticationDetails@
17c50b9: RemoteIpAddress: 127.0.0.1; SessionId: 8A7DE0BE6C5C02004CB602D134A4124E
; Granted Authorities: admin'
[appfuse] DEBUG [http-8080-Processor4] HttpSessionContextIntegrationFilter.doFil
ter(265) | ContextHolder set to null as request processing completed
[appfuse] DEBUG [http-8080-Processor3] HttpSessionContextIntegrationFilter.doFil
ter(180) | Obtained from ACEGI_SECURITY_CONTEXT a valid Context and set to Conte
xtHolder: '[EMAIL PROTECTED]: Authe
ntication: [EMAIL PROTECTED]
4b624: Username: mraible; Password: [PROTECTED]; Authenticated: true; Details: n
[EMAIL PROTECTED]: RemoteIpAddress: 127.0.
0.1; SessionId: 8A7DE0BE6C5C02004CB602D134A4124E; Granted Authorities: admin'
[appfuse] DEBUG [http-8080-Processor3] AnonymousProcessingFilter.doFilter(147) |
ContextHolder not replaced with anonymous token, as ContextHolder already conta
ined: '[EMAIL PROTECTED]
4: Username: mraible; Password: [PROTECTED]; Authenticated: true; Details: net.s
[EMAIL PROTECTED]: RemoteIpAddress: 127.0.0.1;
SessionId: 8A7DE0BE6C5C02004CB602D134A4124E; Granted Authorities: admin'
[appfuse] DEBUG [http-8080-Processor3] PathBasedFilterInvocationDefinitionMap.lo
okupAttributes(215) | Converted URL to lowercase, from: '/mainmenu.html'; to: '/
mainmenu.html'
[appfuse] DEBUG [http-8080-Processor3] PathBasedFilterInvocationDefinitionMap.lo
okupAttributes(237) | Candidate is: '/mainmenu.html'; pattern is /signup.html; m
atched=false
[appfuse] DEBUG [http-8080-Processor3] PathBasedFilterInvocationDefinitionMap.lo
okupAttributes(237) | Candidate is: '/mainmenu.html'; pattern is /passwordhint.h
tml*; matched=false
[appfuse] DEBUG [http-8080-Processor3] PathBasedFilterInvocationDefinitionMap.lo
okupAttributes(237) | Candidate is: '/mainmenu.html'; pattern is /*.html*; match
ed=true
[appfuse] DEBUG [http-8080-Processor3] AbstractSecurityInterceptor.beforeInvocat
ion(373) | Secure object: FilterInvocation: URL: /mainMenu.html; ConfigAttribute
s: [admin, tomcat]
[appfuse] DEBUG [http-8080-Processor3] ProviderManager.doAuthentication(156) | A
uthentication attempt using net.sf.acegisecurity.providers.dao.DaoAuthentication
Provider
[appfuse] DEBUG [http-8080-Processor3] EhCacheBasedUserCache.getUserFromCache(70
) | Cache hit: true; username: mraible
[appfuse] DEBUG [http-8080-Processor3] AbstractSecurityInterceptor.beforeInvocat
ion(411) | Authenticated: net.sf.acegisecurity.providers.UsernamePasswordAuthent
[EMAIL PROTECTED]: Username: mraible; Password: [PROTECTED]; Authenticated: t
rue; Details: [EMAIL PROTECTED]: RemoteIp
Address: 127.0.0.1; SessionId: 8A7DE0BE6C5C02004CB602D134A4124E; Granted Authori
ties: admin
[appfuse] DEBUG [http-8080-Processor3] AbstractSecurityInterceptor.beforeInvocat
ion(429) | Authorization successful
[appfuse] DEBUG [http-8080-Processor3] AbstractSecurityInterceptor.beforeInvocat
ion(442) | RunAsManager did not change Authentication object
[appfuse] DEBUG [http-8080-Processor3] SecurityEnforcementFilter.doFilter(184) |
Chain processed normally
[appfuse] DEBUG [http-8080-Processor3] HttpSessionContextIntegrationFilter.doFil
ter(256) | Context stored to HttpSession: 'net.sf.acegisecurity.context.security
[EMAIL PROTECTED]: Authentication: net.sf.acegisecurity.providers.Userna
[EMAIL PROTECTED]: Username: mraible; Password: [PROTECTED];
Authenticated: true; Details: net.sf.acegisecurity.ui.WebAuthenticationDetails@
17c50b9: RemoteIpAddress: 127.0.0.1; SessionId: 8A7DE0BE6C5C02004CB602D134A4124E
; Granted Authorities: admin'
[appfuse] DEBUG [http-8080-Processor3] HttpSessionContextIntegrationFilter.doFil
ter(265) | ContextHolder set to null as request processing completed
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
