See : org.acegisecurity.ui.logout.LogoutFilter
You should use this filter with a config looking like this :
<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="/statique.html?action=index"/> <!-- URL
redirected to after logout -->
<constructor-arg>
<list>
<ref bean="rememberMeServices"/>
<bean class="
org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
</list>
</constructor-arg>
<property name="filterProcessesUrl"
value="/processLogout"></property>
</bean>
Make sure you added the "/processLogout" mapping to web.xml to direct the
request to your ACEGI filter. You can also redirect to a page which will
invalidate the HTTP session after the logout, for extra security. Just use
the « <constructor-arg value="/statique.html?action=index"/> <!-- URL
redirected to after logout --> » and change it for something like «
<constructor-arg value="/statique.html?action=invalidateSession"/> ». This
page has to redirect to your site's home page afterwards, or any other
public access page, then you won't get stuck in an infinite loop.
Cheers
Luc
2007/1/29, CJ <[EMAIL PROTECTED]>:
Scenario is: an Administrator disables or deletes a user account, while
the user
is logged in. The user's Authentication should be revoked from that moment
on.
What is the recommended approach for this in Acegi?
Here's what I've tried so far:
I tried keeping a map of all users' Authentication objects, and then
calling
Authentication.setAuthenticated(false) when the corresponding user is
disabled.
That properly sends the user back to the login screen but then causes
infinite
loops at login -- presumably because the invalid Authentication is stuck
in the
user's session and never gets replaced.
I also tried keeping a map of HttpSession objects, so i could invalidate()
them
directly; but the container (Tomcat 5) doesn't like that; the session
facade
seems to use weak reference mapping, so my HttpSession reference ends up
being
null when I try to access it next.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share
your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
--
_____________________________
Luc Boudreau
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
