Swarm/Acegi and logging out

2008-06-30 Thread David R Robison
I am using Swarm with Acegi integration. Authentication and 
authorization work fine, but I am having trouble logging out. I use a 
link to a Logout class that implements the following code to log the 
user out.
  
public class LoggedOutPage extends SecureWebPage {

   private static final long serialVersionUID = 1L;

   /**
* Constructor.
*/
   public LoggedOutPage() {
   super();
   logout();
   setResponsePage(MainPage.class);
   }
  
   /**

* log the user out.
*/
   public void logout() {
   SecurityContextHolder.getContext().setAuthentication(null);
   WebRequest webRequest = (WebRequest)getRequest();
   webRequest.getHttpServletRequest().getSession().invalidate();
   }
}

However, when I am redirected to the MainPage.class, the user is not 
asked to login again and the class throws a null pointer error when it 
tries to access the logged in user. Am I doing something wrong?

Thanks, David

--

David R Robison
Open Roads Consulting, Inc.
708 S. Battlefield Blvd., Chesapeake, VA 23322
phone: (757) 546-3401
e-mail: [EMAIL PROTECTED]
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/book_detail.php?id=2579

This e-mail communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed.  If you are not the intended recipient, you should immediately stop reading this message and delete it from all computers that it resides on. Any unauthorized reading, distribution, copying or other use of this communication (or its attachments) is strictly prohibited.  If you have received this communication in error, please notify us immediately.  









-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Swarm/Acegi and logging out

2008-06-30 Thread Maurice Marrink
You have to realize that both swarm and acegi keep a copy of the
logged in user. So you have to logoff at 2 places.
You could use a logoff page but imo it would be better to do the
logging off in the link itself. Something like:
Link logoff = new Link(logoff)
{

private static final long serialVersionUID = 1L;

public void onClick()
{
WaspSession waspSession = 
((WaspSession)getSession());
if (waspSession.logoff(getLogoffContext()))
{

SecurityContextHolder.getContext().setAuthentication(null);
// homepage is not allowed anymore so 
we end up at the loginpage

setResponsePage(Application.get().getHomePage());

}
else
error(A problem occured during the 
logoff process, please try
again or contact support);
}
};
add(logoff);

By placing this link on your basepage all pages extending from
basepage will have a logoff button.

Maurice
On Mon, Jun 30, 2008 at 4:10 PM, David R Robison
[EMAIL PROTECTED] wrote:
 I am using Swarm with Acegi integration. Authentication and authorization
 work fine, but I am having trouble logging out. I use a link to a Logout
 class that implements the following code to log the user out.
  public class LoggedOutPage extends SecureWebPage {
   private static final long serialVersionUID = 1L;

   /**
* Constructor.
*/
   public LoggedOutPage() {
   super();
   logout();
   setResponsePage(MainPage.class);
   }
 /**
* log the user out.
*/
   public void logout() {
   SecurityContextHolder.getContext().setAuthentication(null);
   WebRequest webRequest = (WebRequest)getRequest();
   webRequest.getHttpServletRequest().getSession().invalidate();
   }
 }

 However, when I am redirected to the MainPage.class, the user is not asked
 to login again and the class throws a null pointer error when it tries to
 access the logged in user. Am I doing something wrong?
 Thanks, David

 --

 David R Robison
 Open Roads Consulting, Inc.
 708 S. Battlefield Blvd., Chesapeake, VA 23322
 phone: (757) 546-3401
 e-mail: [EMAIL PROTECTED]
 web: http://openroadsconsulting.com
 blog: http://therobe.blogspot.com
 book: http://www.xulonpress.com/book_detail.php?id=2579

 This e-mail communication (including any attachments) may contain
 confidential and/or privileged material intended solely for the individual
 or entity to which it is addressed.  If you are not the intended recipient,
 you should immediately stop reading this message and delete it from all
 computers that it resides on. Any unauthorized reading, distribution,
 copying or other use of this communication (or its attachments) is strictly
 prohibited.  If you have received this communication in error, please notify
 us immediately.







 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Swarm/Acegi and logging out

2008-06-30 Thread David R Robison
Thanks for the quick reply. In the code, do I need to keep around my 
original LoginContext and return it with getLogoffContext() call or does 
it not matter what Login Context I send to logoff? If so, is the current 
LogonContext saved somewhere in wicket already?

Thanks, David

Maurice Marrink wrote:

You have to realize that both swarm and acegi keep a copy of the
logged in user. So you have to logoff at 2 places.
You could use a logoff page but imo it would be better to do the
logging off in the link itself. Something like:
Link logoff = new Link(logoff)
{

private static final long serialVersionUID = 1L;

public void onClick()
{
WaspSession waspSession = 
((WaspSession)getSession());
if (waspSession.logoff(getLogoffContext()))
{

SecurityContextHolder.getContext().setAuthentication(null);
// homepage is not allowed anymore so 
we end up at the loginpage

setResponsePage(Application.get().getHomePage());

}
else
error(A problem occured during the 
logoff process, please try
again or contact support);
}
};
add(logoff);

By placing this link on your basepage all pages extending from
basepage will have a logoff button.

Maurice
On Mon, Jun 30, 2008 at 4:10 PM, David R Robison
[EMAIL PROTECTED] wrote:
  

I am using Swarm with Acegi integration. Authentication and authorization
work fine, but I am having trouble logging out. I use a link to a Logout
class that implements the following code to log the user out.
 public class LoggedOutPage extends SecureWebPage {
  private static final long serialVersionUID = 1L;

  /**
   * Constructor.
   */
  public LoggedOutPage() {
  super();
  logout();
  setResponsePage(MainPage.class);
  }
/**
   * log the user out.
   */
  public void logout() {
  SecurityContextHolder.getContext().setAuthentication(null);
  WebRequest webRequest = (WebRequest)getRequest();
  webRequest.getHttpServletRequest().getSession().invalidate();
  }
}

However, when I am redirected to the MainPage.class, the user is not asked
to login again and the class throws a null pointer error when it tries to
access the logged in user. Am I doing something wrong?
Thanks, David

--

David R Robison
Open Roads Consulting, Inc.
708 S. Battlefield Blvd., Chesapeake, VA 23322
phone: (757) 546-3401
e-mail: [EMAIL PROTECTED]
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/book_detail.php?id=2579

This e-mail communication (including any attachments) may contain
confidential and/or privileged material intended solely for the individual
or entity to which it is addressed.  If you are not the intended recipient,
you should immediately stop reading this message and delete it from all
computers that it resides on. Any unauthorized reading, distribution,
copying or other use of this communication (or its attachments) is strictly
prohibited.  If you have received this communication in error, please notify
us immediately.







-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

  


--

David R Robison
Open Roads Consulting, Inc.
708 S. Battlefield Blvd., Chesapeake, VA 23322
phone: (757) 546-3401
e-mail: [EMAIL PROTECTED]
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/book_detail.php?id=2579

This e-mail communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed.  If you are not the intended recipient, you should immediately stop reading this message and delete it from all computers that it resides on. Any unauthorized reading, distribution, copying or other use of this communication (or its attachments) is strictly prohibited.  If you have received this communication in error, please notify us immediately.  








Re: Swarm/Acegi and logging out

2008-06-30 Thread Maurice Marrink
You do not need to return the same instance but you do need to return
an instance of the same class. Swarm does not keep your original
logincontext anywhere, rather it keeps some sort of hash around.
logging off with a new instance of the same class will produce the
same hash. For that purpose most logincontexts have 2 constructors:
one with arguments, so the user can be authenticated. and a no-arg
constructor you can use when logging off.

Maurice

On Mon, Jun 30, 2008 at 4:29 PM, David R Robison
[EMAIL PROTECTED] wrote:
 Thanks for the quick reply. In the code, do I need to keep around my
 original LoginContext and return it with getLogoffContext() call or does it
 not matter what Login Context I send to logoff? If so, is the current
 LogonContext saved somewhere in wicket already?
 Thanks, David

 Maurice Marrink wrote:

 You have to realize that both swarm and acegi keep a copy of the
 logged in user. So you have to logoff at 2 places.
 You could use a logoff page but imo it would be better to do the
 logging off in the link itself. Something like:
 Link logoff = new Link(logoff)
{

private static final long serialVersionUID = 1L;

public void onClick()
{
WaspSession waspSession =
 ((WaspSession)getSession());
if (waspSession.logoff(getLogoffContext()))
{

 SecurityContextHolder.getContext().setAuthentication(null);
// homepage is not allowed anymore
 so we end up at the loginpage

  setResponsePage(Application.get().getHomePage());

}
else
error(A problem occured during the
 logoff process, please try
 again or contact support);
}
};
add(logoff);

 By placing this link on your basepage all pages extending from
 basepage will have a logoff button.

 Maurice
 On Mon, Jun 30, 2008 at 4:10 PM, David R Robison
 [EMAIL PROTECTED] wrote:


 I am using Swarm with Acegi integration. Authentication and authorization
 work fine, but I am having trouble logging out. I use a link to a Logout
 class that implements the following code to log the user out.
  public class LoggedOutPage extends SecureWebPage {
  private static final long serialVersionUID = 1L;

  /**
   * Constructor.
   */
  public LoggedOutPage() {
  super();
  logout();
  setResponsePage(MainPage.class);
  }
/**
   * log the user out.
   */
  public void logout() {
  SecurityContextHolder.getContext().setAuthentication(null);
  WebRequest webRequest = (WebRequest)getRequest();
  webRequest.getHttpServletRequest().getSession().invalidate();
  }
 }

 However, when I am redirected to the MainPage.class, the user is not
 asked
 to login again and the class throws a null pointer error when it tries to
 access the logged in user. Am I doing something wrong?
 Thanks, David

 --

 David R Robison
 Open Roads Consulting, Inc.
 708 S. Battlefield Blvd., Chesapeake, VA 23322
 phone: (757) 546-3401
 e-mail: [EMAIL PROTECTED]
 web: http://openroadsconsulting.com
 blog: http://therobe.blogspot.com
 book: http://www.xulonpress.com/book_detail.php?id=2579

 This e-mail communication (including any attachments) may contain
 confidential and/or privileged material intended solely for the
 individual
 or entity to which it is addressed.  If you are not the intended
 recipient,
 you should immediately stop reading this message and delete it from all
 computers that it resides on. Any unauthorized reading, distribution,
 copying or other use of this communication (or its attachments) is
 strictly
 prohibited.  If you have received this communication in error, please
 notify
 us immediately.







 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]




 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]



 --

 David R Robison
 Open Roads Consulting, Inc.
 708 S. Battlefield Blvd., Chesapeake, VA 23322
 phone: (757) 546-3401
 e-mail: [EMAIL PROTECTED]
 web: http://openroadsconsulting.com
 blog: http://therobe.blogspot.com
 book: http://www.xulonpress.com/book_detail.php?id=2579

 This e-mail communication (including any attachments) may contain
 confidential and/or privileged material intended solely for the individual
 or entity to which it is addressed.  If you are not the intended recipient,
 you should immediately stop reading this message and delete it from all
 computers that it resides on. Any unauthorized reading, distribution,
 copying or other use of this communication (or its attachments) is strictly
 prohibited.  If you have