I haven't tried the technique you are using. I found it easier to create
an object with references to everything else my application needs and
store that in the session. The object then implements
HttpSessionBindingListener to detect that the session is being
destroyed. This does not require anything be added to web.xml. Since it
is your object being called I should think you'd have access to
everything you need without even going to the authentication context.
I'm not sure how to retrieve the authentication context manually. You
will have to read the code in the authentication framework block unless
someone can provide a code snippet.
Ralph
Stefan Pietschmann wrote:
I asked something similar in the users list some time ago but got no
response, so you’re my last chance ;)
As usual we’re storing information in the AuthenticationContext. So
far this information has been written on disk with every request
processed by the server.
Due to several reasons we’ve decided to just write it to a file
everytime the user logs out OR the session times out. Thus it is not
sufficient to add the method to the logout matcher, because the data
will be lost if the user just closes is browser.
I decided to use an HTTPSessionListener which I added to Cocoon’s
web.xml. This works fine so far, but it only allows me to retrieve the
user’s HTTPSession in the method sessionDestroyed(HttpSessionEvent
event). From there I can get the the ServletContext, but I see no way
to access the AuthenticationContext? Is it accessable at all? I tought
one of these should work, but both are null.
AuthenticationContext authContext =
(AuthenticationContext)session.getServletContext().getContext("authentication");
AuthenticationContext authContext2 =
(AuthenticationContext)session.getServletContext().getContext(AuthenticationConstants.SESSION_CONTEXT_NAME)
Cheers,
Stefan
