On Mar 11, 2005, at 6:28 AM, Matt Raible wrote:
On Mar 11, 2005, at 2:17 AM, Ben Alex wrote:
Matt Raible wrote:
For some reason, calling session.invalidate() (in a filter or in a JSP) doesn't seem to help get rid of any Acegi authentication information. Adding ContextHolder.setContext(null) in a filter that's mapped to logout.jsp seems to be the only thing that works for me. Here's my LoginFilter that gets hit:Sorry Matt, what container was it again? Does the 0.8.0 official Contacts Sample app work properly in the same container (ie its logout page works)? I'm wondering if the filter ordering is correct, as it changed in version 0.8.0. It would be good to get to the bottom of this....
http://static.raibledesigns.com/downloads/appfuse/api/org/appfuse/ webapp/filter/LoginFilter.java.html
And my console is printing out:
[appfuse] DEBUG [http-8080-Processor3] LoginFilter.doFilter(72) | logging out 'mraible'
Tomcat 5.5.7 on Windows XP and JDK 1.4.2. Yes, the Contacts sample app from CVS works when I logout. I've used both the FilterChainProxy and the specify-each-filter in web.xml methods and it happens with both. It could be a filter ordering problem, but I'm pretty sure the order I have is needed to make other things work.
Here's a link to AppFuse's applicationContext-security.xml file - the filters are specified in the first bean at the top.
http://tinyurl.com/6y4jd
Matt
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer