Announcement Announcement Module
No announcement yet.
About Logout Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • About Logout

    I am using what you suggested in the post that to set the securecontext to null for logout. It works however, when I try to use the url again after log off, I get a nulll pointer exception. Here is what I was doing. I use the ContextHolder.getContext() to get the current secureContext. Then from there I call getAuthentication() to get a hand on the current Authentication object. There is a problem at this point. After I set the Context to null during the logout, I tried to reaccess the URL, Acegi did not stop me access it rather it passed the securety check and went directly to the URL, and caused a null pointer exception.
    I wonder what is the other way to do logout.

  • #2
    Without really knowing your configuration and the URL you're mentioning, it's hard to offer specific suggestions.

    The best way to clear the context is:

    This must happen after your HttpSessionIntegrationFilter copies the Authentication from HttpSession to ContextHolder, but before it copies the Authentication (which is then null) from ContextHolder back to HttpSession.

    Your alternative is to simply invalidate the HttpSession. See the Contacts sample's logoff.jsp.