Announcement Announcement Module
Collapse
No announcement yet.
Logout problem Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Logout problem

    When logging out using the logout filter I'm getting an IllegalStateException.

    Code:
    2006-11-14 12:36:17,522 126916 DEBUG [btpool0-4] org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices  (TokenBasedRememberMeServices.java:215) - Cancelling cookie for reason: Logout of user admin
    2006-11-14 12:36:17,523 126917 DEBUG [btpool0-4] org.acegisecurity.ui.session.HttpSessionEventPublisher  (HttpSessionEventPublisher.java:113) - Publishing event: org.acegisecurity.ui.session.HttpSessionDestroyedEvent[source=org.mortbay.jetty.servlet.HashSessionManager$Session:78pof58m7ihok@18817368]
    :WARN:  /etg-webapp/j_acegi_logout: 
    java.lang.IllegalStateException
            at org.mortbay.jetty.servlet.AbstractSessionManager$Session.setAttribute(AbstractSessionManager.java:855)
            at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:243)
            at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274)
            at org.acegisecurity.securechannel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:138)
            at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274)
            at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:148)
    Looking at the exception, it's Jetty that is throwing the IllegalStateException. Diving into the Jetty code, it seems to be because the logout filter gets hit, the session gets invalidated, and then the httpSessionContextIntegrationFilter finishes its processing which tries to make sure the security context is set in the session. But when it does that it only does a check to see if the httpSession it is passed is null, not if it's valid. So, Jetty throws an IllegalStateException because we're trying to modify a session that has been invalidated. I'm not an expert on the servlet spec so I don't know if this is the right thing for Jetty to do or what. Has anyone else run into this problem?

    Thanks,
    Rich

  • #2
    I have experienced this same problem. I entered a bug in JIRA for it (SEC-394), so hopefully we can get a fix.

    Comment


    • #3
      This is a bug in Jetty:

      http://jira.codehaus.org/browse/JETTY-144

      Comment


      • #4
        bug is fixed

        i had the same problem, but the bug was already fixed.

        If you still use jetty_6_ in your pom like this:
        Code:
        <plugin>
          <groupId>org.mortbay.jetty</groupId>
          <artifactId>maven-jetty6-plugin</artifactId>
        </plugin>
        change the artifact id to get the bugfixed version (they dropped the numer "6"

        Code:
        <plugin>
        <groupId>org.mortbay.jetty</groupId>
        <artifactId>maven-jetty-plugin</artifactId>
        </plugin>
        the goal has changed to from
        Code:
        mvn jetty6:run
        to
        Code:
        mvn jetty:run
        don't forget to run
        Code:
        mvn clean
        or clean up your project before you fire up the new jetty version.

        Comment

        Working...
        X