Per Les' response about NOT doing anything after logout. I tested it
and it worked even in the ZK event handler.
So if using ZK, just do:
Executions.getCurrent().sendRedirect(someURL); //
Thanks Les.
I remembering seeing this information, about not doing anything with the
session after logout in the quickstart or any the API doc. Please add
a big note about that there and in the logout() API.
.v
John Cladmore wrote:
I have the same problem, but only when I log out using a ZK event
handler in my Grails application.
For some strange reason, calling logout() from a ZK event handler
causes this problem. HOWEVER, if I instead have that same ZK button
call a grails controller/action (like /auth/logout which is available
with the jsec/ki plugin for grails), it works.
For those who know ZK, this works:
----- .zul
<button label="Logout" href="/auth/logout" />
and allows you to log in again
but this DOES NOT:
--- .zul
<button id="btLogout" label="Logout" forward="onLogout"/>
...
---- .groovy
class SomeComposer extends GenericForwardComposer{
...
void onLogout(ForwardEvent evt){
...
SecurityUtils.subject.logout()
...
}
}
Someone on the zk-grails forum suggested a listener setting in zk.xml,
but it didn't work.
I can provide more information/example code if it will help.
.v
Les Hazlewood wrote:
Subject#getSession() should not return null. Do you have a stack
trace or test case that can re-create this issue? If so, please
create a Jira issue.
On Tue, Jul 14, 2009 at 12:50 AM, javamallu <[email protected]
<mailto:[email protected]>> wrote:
Hi,
I am also facing a problem regarding sessions .First time when I
login to my
application the Subject.getSession returns a valid session and it is
successfully loggedin.But when I logout and login again in same
browser,the
Subject.getSession returns null.Please help.
Alphy
Razvan wrote:
>
> Hi everyone,
>
> I am new to JSecurity, I am using it, I have a scenario to
implement, I
> have
> some problems with it and I thought you could help :)
>
> scenario :
>
> A website that uses JSecurity to manage user's access to
different parts
> of
> the site. Different parts of the site are subject to different
terms and
> conditions. Also, the download of different products are also
subject
> different terms and conditions. These terms and conditions may
change
> while
> the users are still logged in ( rememberMe or active
connection). What we
> need is that once the terms and conditions for a particular
product/part
> of
> the site is changing, some users must be kicked before doing any
action
> and
> forced to re-login to accept the new terms and conditions.
Having this
> scenario, we need to access a list of all logged in subjects,
check their
> principals against our particular set of users and kick those
who match.
>
>
> problem :
>
> I've got the JSecurity sources and tried to follow code paths,
debug etc
> etc
> and went to the point where I have all the active sessions.
Unfortunately
> I
> haven't found a way to reach the subject associated with that
session and
> I
> can't get the subject's principals and check them against my
separate
> list.
>
>
> questions :
>
> What is the way to reach the subject via a session, in my case ?
> Is there another way/s to get all the logged in subjects ?
> Do you think is a good idea to keep a list of authenticated
subjects in my
> Realm implementation ? Does it affect clustering or anything
else ( mainly
> distributed stuff ) ?
>
>
> still digging :
>
> If you will point me to some listeners, none of the listeners
> (AuthenticatingListener or SessionListener) does not know about
the
> subject
> but only auth token, auth info, and session so I cannot really
handle my
> problem (storing the subject somewhere at login time or session
initiation
> time) only by using listeners and without extending some
JSecurity classes
> like SecurityManager impls which is not necessary a big effort
but it
> looks
> like it (not very nice to maintain) for such a basic thing.
>
>
> Kind Regards,
>
> Thanks in advance
>
> Razvan
>
>
--
View this message in context:
http://n2.nabble.com/Subject-Session-relationship-tp2303079p3254275.html
Sent from the Shiro User mailing list archive at Nabble.com.
