Announcement Announcement Module
Collapse
No announcement yet.
Logout Filter Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Logout Filter

    Im trying to use the logout filter with a simple test rig i have up and runnning but I am not configuring it correctly. I have added a call to the logoutFilter in the filterChainProxy;

    Code:
    <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
    		<property name="filterInvocationDefinitionSource">
    			<value>
    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				PATTERN_TYPE_APACHE_ANT
    				/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
    			</value>
    		</property>
    	</bean>
    I have defined the logoutFilter bean as follows;

    Code:
    <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
    		<constructor-arg value="/index.jsp"/> <!-- URL redirected to after logout -->
    		<constructor-arg>
    			<list>				
    				<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
    			</list>
    		</constructor-arg>
    	</bean>
    and I am using this filter in my jsp as such;

    Code:
    <p><a href="../j_acegi_logout">Logout</a>
    However when I load my web page, my container tells me that the page defined at the specified URL is not available.

    Code:
    HTTP Status 404 - /springweb/
    
    type Status report
    
    message /springweb/
    
    description The requested resource (/springweb/) is not available.
    Apache Tomcat/5.5.12
    Why is this? What am I missing?

  • #2
    Hi

    first replace the filterInvocationDefinitionSource property of filterChainProxy bean from what you have into :

    /**=httpSessionContextIntegrationFilter,authenticat ionProcessingFilter,logoutFilter,securityContextHo lderAwareRequestFilter,rememberMeProcessingFilter, anonymousProcessingFilter,exceptionTranslationFilt er,filterInvocationInterceptor

    notice that in your setting you have put the logoutFilter before authenticationProcessingFilter .

    second besure that you have put the /index.jsp outside your WEB-INF folder

    third what is this /springweb/ ? is this the name of your main dispatcher servlet? if yes then what is the exact url of your logout link? It should be something like:

    <a href="/msc/j_acegi_logout"> where msc is the name of your dispatcher servlet.

    If your provide more log from Acegi it could help more.
    in your log4j.properties file put this line:
    log4j.category.org.acegisecurity=DEBUG and carefully analyse what ever it says. Most of the cases using the Acegi log you can find your mistake.

    Comment


    • #3
      Sorry I made a mistake when I gave you the filterProxyChain bean definition. The one I gave you was from another project. This is the one for the project I was referring to;

      Code:
      <bean id="filterChainProxy"
      		class="org.acegisecurity.util.FilterChainProxy">
      		<property name="filterInvocationDefinitionSource">
      			<value>
      				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
      				PATTERN_TYPE_APACHE_ANT
      				/**=httpSessionContextIntegrationFilter,formAuthenticationProcessingFilter,logoutFilter,exceptionTranslationFilter,filterSecurityInterceptor
      			</value>
      		</property>
      	</bean>
      springweb is the application context. The dispatcher servlet is simply called "dispatcher-servlet.xml"

      Comment


      • #5
        Originally posted by [email protected] View Post
        what is the exact url of your logout link?
        It should be

        Code:
        <a href="/dispatcher/j_acegi_logout">

        Comment


        • #6
          If your provide more log from Acegi it could help more.
          in your log4j.properties file put this line:
          log4j.category.org.acegisecurity=DEBUG and carefully analyse what ever it says. Most of the cases using the Acegi log you can find your mistake.
          This is good advice...

          Comment


          • #7
            have the same problem and in spite of here are tons of acegi logout threads, nobody was able to help me... is it so complicate to logout???

            By the way, i put in the log4j-line in my log4j.properties and nothing happends.. acegi said nothing.. whyever.

            here are all my acegi-files. i hope that anybody can solve this problem in a way that in future everybody who has this problem (and it seems that this are many people) can solve it easely...

            acegi-security.xml
            Code:
            	<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
            		<property name="filterInvocationDefinitionSource">
            			<value>	
            				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
            				PATTERN_TYPE_APACHE_ANT
            				/**=httpSessionContextIntegrationFilter,logoutFilter,formAuthenticationProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
            			</value>
            		</property>
            	</bean>
            
            	<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
            		<constructor-arg value="/index.htm"/>
            		<constructor-arg>
            			<list>
            				<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
            			</list>
            		</constructor-arg>
            		<property name="filterProcessesUrl" value="/j_acegi_logout"/>
            	</bean>
            And my acegi-logout-link...

            Code:
            <core:url value='/j_acegi_logout'/>

            Comment


            • #8
              There is an example of the logoutFilter in the sample tutorial that ships with Acegi, I'd have a look at that first. It's path points to the root of the web app.

              Comment


              • #9
                I had the same problem with the logout giving me a "resource not found error" and I resolved it as follows:
                in web.xml:
                <filter-mapping>
                <filter-name>Acegi Filter Chain Proxy</filter-name>
                <url-pattern>/j_acegi_logout</url-pattern>
                </filter-mapping>

                In applicationContext.xml:
                <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
                <constructor-arg value="/index.jsp"/>
                <!-- URL redirected to after logout -->
                <constructor-arg>
                <list>
                <bean class="org.acegisecurity.ui.logout.SecurityContext LogoutHandler"/>
                </list>
                </constructor-arg>
                </bean>

                on my jsp page:
                <a href='<c:url value="j_acegi_logout"/>'><fmt:message key="user.logout"/></a>

                not that the url does not contain the trailing "/". This was my main problem.

                Hope this helps everyone else.

                Comment

                Working...
                X