Thanks for the quick reply. In the code, do I need to keep around my original LoginContext and return it with getLogoffContext() call or does it not matter what Login Context I send to logoff? If so, is the current LogonContext saved somewhere in wicket already?
Thanks, David

Maurice Marrink wrote:
You have to realize that both swarm and acegi keep a copy of the
logged in user. So you have to logoff at 2 places.
You could use a logoff page but imo it would be better to do the
logging off in the link itself. Something like:
Link logoff = new Link("logoff")
                {

                        private static final long serialVersionUID = 1L;

                        public void onClick()
                        {
                                WaspSession waspSession = 
((WaspSession)getSession());
                                if (waspSession.logoff(getLogoffContext()))
                                {

SecurityContextHolder.getContext().setAuthentication(null);
                                        // homepage is not allowed anymore so 
we end up at the loginpage
                                        
setResponsePage(Application.get().getHomePage());

                                }
                                else
                                        error("A problem occured during the 
logoff process, please try
again or contact support");
                        }
                };
                add(logoff);

By placing this link on your basepage all pages extending from
basepage will have a logoff button.

Maurice
On Mon, Jun 30, 2008 at 4:10 PM, David R Robison
<[EMAIL PROTECTED]> wrote:
I am using Swarm with Acegi integration. Authentication and authorization
work fine, but I am having trouble logging out. I use a link to a Logout
class that implements the following code to log the user out.
 public class LoggedOutPage extends SecureWebPage {
  private static final long serialVersionUID = 1L;

  /**
   * Constructor.
   */
  public LoggedOutPage() {
      super();
      logout();
      setResponsePage(MainPage.class);
  }
    /**
   * log the user out.
   */
  public void logout() {
      SecurityContextHolder.getContext().setAuthentication(null);
      WebRequest webRequest = (WebRequest)getRequest();
      webRequest.getHttpServletRequest().getSession().invalidate();
  }
}

However, when I am redirected to the MainPage.class, the user is not asked
to login again and the class throws a null pointer error when it tries to
access the logged in user. Am I doing something wrong?
Thanks, David

--

David R Robison
Open Roads Consulting, Inc.
708 S. Battlefield Blvd., Chesapeake, VA 23322
phone: (757) 546-3401
e-mail: [EMAIL PROTECTED]
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/book_detail.php?id=2579

This e-mail communication (including any attachments) may contain
confidential and/or privileged material intended solely for the individual
or entity to which it is addressed.  If you are not the intended recipient,
you should immediately stop reading this message and delete it from all
computers that it resides on. Any unauthorized reading, distribution,
copying or other use of this communication (or its attachments) is strictly
prohibited.  If you have received this communication in error, please notify
us immediately.







---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


--

David R Robison
Open Roads Consulting, Inc.
708 S. Battlefield Blvd., Chesapeake, VA 23322
phone: (757) 546-3401
e-mail: [EMAIL PROTECTED]
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/book_detail.php?id=2579

This e-mail communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed. If you are not the intended recipient, you should immediately stop reading this message and delete it from all computers that it resides on. Any unauthorized reading, distribution, copying or other use of this communication (or its attachments) is strictly prohibited. If you have received this communication in error, please notify us immediately.




Reply via email to