Announcement Announcement Module
Collapse
No announcement yet.
Logout in acegi 1.0-RC2 Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Is Remember<e Authentication Service is required?

    It also doesn;t work for me and only now I take account that TokenBasedRememberMeServices.ACEGI_SECURITY _HASHED_REMEMBER_ME_COOKIE_KEY Cookie is used for logout...

    But in my case RememberMe is not used. - Is it neccessary?

    Here is part of my acegi configuration:
    Code:
    	<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
          <property name="filterInvocationDefinitionSource">
             <value>
    		    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    		    PATTERN_TYPE_APACHE_ANT
                /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
             </value>
          </property>
        </bean>
    
       <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
       </bean>
       
       <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
          <property name="authenticationManager"><ref bean="authenticationManager"/></property>
          <property name="authenticationFailureUrl"><value>/acegilogin.jsp?login_error=1</value></property>
          <property name="defaultTargetUrl"><value>/</value></property>
          <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
       </bean>
       
       <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
          <property name="authenticationManager"><ref bean="authenticationManager"/></property>
          <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
          <property name="objectDefinitionSource">
             <value>
    			    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    			    PATTERN_TYPE_APACHE_ANT
    				/**=ROLE_EMFORGEUSER
             </value>
          </property>
       </bean>
       <bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
          <property name="allowIfAllAbstainDecisions"><value>false</value></property>
          <property name="decisionVoters">
             <list>
                <ref bean="roleVoter"/>
             </list>
          </property>
       </bean>
       <!-- An access decision voter that reads ROLE_* configuration settings -->
       <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"/>
    
       <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
          <property name="key"><value>foobar</value></property>
          <property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
       </bean>
    May be it help to found source of problem?

    P.S. I just tested with last Acegi 1.0.0 - same problem

    Comment


    • #17
      Firefox Only Fix

      I spent a few hours on this and found that FireFox and IE behave differentlly. IE was logging out fine however FireFox was not deleting the Cookie, thus the user was still logged in. The following code worked in IE but not Firefox:
      Code:
      Cookie terminate = new Cookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY, null);
      terminate.setMaxAge(0);
      httpServletResponse.addCookie(terminate);
      However, by setting the cookie path to the original context path I could delete the cookie in Firefox, and thus the logout was successful:
      Code:
      Cookie terminate = new Cookie(TokenBasedRememberMeServices.ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY, null);
      terminate.setMaxAge(0);
      terminate.setPath( "/myinitialpath" );
      httpServletResponse.addCookie(terminate);
      Hope that helps!!

      Comment

      Working...
      X