Re: tapestry-spring-security-2.1.0 logout issue

Wed, 12 Aug 2009 05:43:36 -0700 

Dear Norman, dear Robin,

I can confirm this issue as well as the workaround Norman proposed. I also got 
the same exception which Norman already mentioned and adding a tapestry session 
invalidate call like this :

 @OnEvent(component = "logout")
 public void doLogout() {
        request.getSession(false).invalidate(); 
        logoutService.logout();
 }

solved the issue for me as well. Hence +1 for invalidating tapestry session by 
default ...

with best regards 

Andreas

-------- Original-Nachricht --------
> Datum: Tue, 11 Aug 2009 11:46:53 -0400
> Von: Norman Franke <nor...@myasd.com>
> An: "Tapestry users" <users@tapestry.apache.org>
> Betreff: Re: tapestry-spring-security-2.1.0 logout issue

> The JavaDoc on org.apache.tapestry5.service.Request states that  
> "getSession(false)" should return NULL if the session is invalidated.  
> This is not happening, it returns the invalidated session.
> 
> I think this is because tapestry-spring-security is using the  
> HttpServletRequest and thus the HttpSession instead of the Tapestry  
> Sesssion in LogoutServiceImpl. Invalidating the HttpSession does NOT  
> invalidate the Tapestry session causing all sorts of issues. If I  
> invalidate the Tapestry session first, then call  
> logoutService.logout() it seems to work.
> 
> Can this be fixed in tapestry-spring-service?
> 
> Norman Franke
> Answering Service for Directors, Inc.
> www.myasd.com
> 
> 
> 
> On Aug 10, 2009, at 6:58 PM, Norman Franke wrote:
> 
> > When I try to logout via tapestry-spring-security-2.1.0 (as in the  
> > example, logoutService.logout() in my event handler for the logout  
> > link), I get this error all the time:
> >
> > How can I logout without error and go back to the main page?
> > java.lang.IllegalStateException: setAttribute: Session already  
> > invalidated
> >      
> > org 
> > .apache 
> > .catalina.session.StandardSession.setAttribute(StandardSession.java: 
> > 1291)
> >      
> > org 
> > .apache 
> > .catalina.session.StandardSession.setAttribute(StandardSession.java: 
> > 1256)
> >      
> > org 
> > .apache 
> > .catalina 
> > .session 
> > .StandardSessionFacade.setAttribute(StandardSessionFacade.java:130)
> >      
> > org 
> > .apache 
> > .tapestry5 
> > .internal.services.SessionImpl.restoreDirtyObjects(SessionImpl.java: 
> > 129)
> >      
> > org 
> > .apache 
> > .tapestry5 
> > .internal 
> > .services 
> > .RestoreDirtySessionObjects 
> > .requestDidComplete(RestoreDirtySessionObjects.java:38)
> >      
> > org 
> > .apache 
> > .tapestry5 
> > .internal 
> > .services 
> > .EndOfRequestEventHubImpl.fire(EndOfRequestEventHubImpl.java:40)
> >      
> > $ 
> > EndOfRequestEventHub_1230686f209 
> > .fire($EndOfRequestEventHub_1230686f209.java)
> >     org.apache.tapestry5.services.TapestryModule 
> > $4.service(TapestryModule.java:782)
> >     $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java)
> >     org.apache.tapestry5.services.TapestryModule 
> > $3.service(TapestryModule.java:767)
> >     $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java)
> >      
> > org 
> > .apache 
> > .tapestry5 
> > .internal.services.StaticFilesFilter.service(StaticFilesFilter.java: 
> > 85)
> >     $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java)
> >     org.apache.tapestry5.internal.services.CheckForUpdatesFilter 
> > $2.invoke(CheckForUpdatesFilter.java:90)
> >     org.apache.tapestry5.internal.services.CheckForUpdatesFilter 
> > $2.invoke(CheckForUpdatesFilter.java:81)
> >      
> > org 
> > .apache 
> > .tapestry5 
> > .ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java: 
> > 85)
> >      
> > org 
> > .apache 
> > .tapestry5 
> > .internal 
> > .services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java: 
> > 103)
> >     $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java)
> >     $RequestHandler_1230686f221.service($RequestHandler_1230686f221.java)
> >     org.apache.tapestry5.services.TapestryModule 
> > $HttpServletRequestHandlerTerminator.service(TapestryModule.java:197)
> >      
> > org 
> > .apache.tapestry5.internal.gzip.GZipFilter.service(GZipFilter.java:53)
> >      
> > $ 
> > HttpServletRequestHandler_1230686f223 
> > .service($HttpServletRequestHandler_1230686f223.java)
> >      
> > org 
> > .apache 
> > .tapestry5 
> > .internal 
> > .services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
> >      
> > $ 
> > HttpServletRequestFilter_1230686f220 
> > .service($HttpServletRequestFilter_1230686f220.java)
> >      
> > $ 
> > HttpServletRequestHandler_1230686f223 
> > .service($HttpServletRequestHandler_1230686f223.java)
> >      
> > nu 
> > .localhost 
> > .tapestry5 
> > .springsecurity.services.internal.HttpServletRequestFilterWrapper 
> > $1.doFilter(HttpServletRequestFilterWrapper.java:56)
> >
>       
> org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke 
> > (FilterSecurityInterceptor.java:109)
> >
>       
> org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter 
> > (FilterSecurityInterceptor.java:83)
> >      
> > nu 
> > .localhost 
> > .tapestry5 
> > .springsecurity 
> > .services 
> > .internal 
> > .HttpServletRequestFilterWrapper 
> > .service(HttpServletRequestFilterWrapper.java:52)
> >      
> > $ 
> > HttpServletRequestFilter_1230686f21d 
> > .service($HttpServletRequestFilter_1230686f21d.java)
> >      
> > $ 
> > HttpServletRequestHandler_1230686f223 
> > .service($HttpServletRequestHandler_1230686f223.java)
> >      
> > nu 
> > .localhost 
> > .tapestry5 
> > .springsecurity.services.internal.HttpServletRequestFilterWrapper 
> > $1.doFilter(HttpServletRequestFilterWrapper.java:56)
> >      
> > nu 
> > .localhost 
> > .tapestry5 
> > .springsecurity 
> > .services 
> > .internal 
> > .SpringSecurityExceptionTranslationFilter 
> > .doFilterHttp(SpringSecurityExceptionTranslationFilter.java:100)
> >      
> > org 
> > .springframework 
> > .security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java: 
> > 53)
> >      
> > nu 
> > .localhost 
> > .tapestry5 
> > .springsecurity 
> > .services 
> > .internal 
> > .HttpServletRequestFilterWrapper 
> > .service(HttpServletRequestFilterWrapper.java:52)
> >      
> > $ 
> > HttpServletRequestHandler_1230686f223 
> > .service($HttpServletRequestHandler_1230686f223.java)
> >      
> > nu 
> > .localhost 
> > .tapestry5 
> > .springsecurity.services.internal.HttpServletRequestFilterWrapper 
> > $1.doFilter(HttpServletRequestFilterWrapper.java:56)
> >      
> > org 
> > .springframework 
> > .security 
> > .providers 
> > .anonymous 
> > .AnonymousProcessingFilter 
> > .doFilterHttp(AnonymousProcessingFilter.java:105)
> >      
> > org 
> > .springframework 
> > .security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java: 
> > 53)
> >      
> > nu 
> > .localhost 
> > .tapestry5 
> > .springsecurity 
> > .services 
> > .internal 
> > .HttpServletRequestFilterWrapper 
> > .service(HttpServletRequestFilterWrapper.java:52)
> >      
> > $ 
> > HttpServletRequestFilter_1230686f21c 
> > .service($HttpServletRequestFilter_1230686f21c.java)
> >      
> > $ 
> > HttpServletRequestHandler_1230686f223 
> > .service($HttpServletRequestHandler_1230686f223.java)
> >      
> > nu 
> > .localhost 
> > .tapestry5 
> > .springsecurity.services.internal.HttpServletRequestFilterWrapper 
> > $1.doFilter(HttpServletRequestFilterWrapper.java:56)
> >      
> > org 
> > .springframework 
> > .security 
> > .wrapper 
> > .SecurityContextHolderAwareRequestFilter 
> > .doFilterHttp(SecurityContextHolderAwareRequestFilter.java:91)
> >      
> > org 
> > .springframework 
> > .security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java: 
> > 53)
> >      
> > nu 
> > .localhost 
> > .tapestry5 
> > .springsecurity 
> > .services 
> > .internal 
> > .HttpServletRequestFilterWrapper 
> > .service(HttpServletRequestFilterWrapper.java:52)
> >      
> > $ 
> > HttpServletRequestFilter_1230686f21b 
> > .service($HttpServletRequestFilter_1230686f21b.java)
> >      
> > $ 
> > HttpServletRequestHandler_1230686f223 
> > .service($HttpServletRequestHandler_1230686f223.java)
> >      
> > nu 
> > .localhost 
> > .tapestry5 
> > .springsecurity.services.internal.HttpServletRequestFilterWrapper 
> > $1.doFilter(HttpServletRequestFilterWrapper.java:56)
> >      
> > org 
> > .springframework 
> > .security 
> > .ui 
> > .rememberme 
> > .RememberMeProcessingFilter 
> > .doFilterHttp(RememberMeProcessingFilter.java:116)
> >      
> > org 
> > .springframework 
> > .security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java: 
> > 53)
> >      
> > nu 
> > .localhost 
> > .tapestry5 
> > .springsecurity 
> > .services 
> > .internal 
> > .HttpServletRequestFilterWrapper 
> > .service(HttpServletRequestFilterWrapper.java:52)
> >      
> > $ 
> > HttpServletRequestFilter_1230686f21a 
> > .service($HttpServletRequestFilter_1230686f21a.java)
> >      
> > $ 
> > HttpServletRequestHandler_1230686f223 
> > .service($HttpServletRequestHandler_1230686f223.java)
> >      
> > nu 
> > .localhost 
> > .tapestry5 
> > .springsecurity.services.internal.HttpServletRequestFilterWrapper 
> > $1.doFilter(HttpServletRequestFilterWrapper.java:56)
> >      
> > org 
> > .springframework 
> > .security 
> > .ui 
> > .AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java: 
> > 271)
> >      
> > org 
> > .springframework 
> > .security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java: 
> > 53)
> >      
> > nu 
> > .localhost 
> > .tapestry5 
> > .springsecurity 
> > .services 
> > .internal 
> > .HttpServletRequestFilterWrapper 
> > .service(HttpServletRequestFilterWrapper.java:52)
> >      
> > $ 
> > HttpServletRequestFilter_1230686f219 
> > .service($HttpServletRequestFilter_1230686f219.java)
> >      
> > $ 
> > HttpServletRequestHandler_1230686f223 
> > .service($HttpServletRequestHandler_1230686f223.java)
> >      
> > nu 
> > .localhost 
> > .tapestry5 
> > .springsecurity.services.internal.HttpServletRequestFilterWrapper 
> > $1.doFilter(HttpServletRequestFilterWrapper.java:56)
> >      
> > org 
> > .springframework 
> > .security 
> > .context 
> > .HttpSessionContextIntegrationFilter 
> > .doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
> >      
> > org 
> > .springframework 
> > .security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java: 
> > 53)
> >      
> > nu 
> > .localhost 
> > .tapestry5 
> > .springsecurity 
> > .services 
> > .internal 
> > .HttpServletRequestFilterWrapper 
> > .service(HttpServletRequestFilterWrapper.java:52)
> >      
> > $ 
> > HttpServletRequestFilter_1230686f218 
> > .service($HttpServletRequestFilter_1230686f218.java)
> >      
> > $ 
> > HttpServletRequestHandler_1230686f223 
> > .service($HttpServletRequestHandler_1230686f223.java)
> >     org.apache.tapestry5.services.TapestryModule 
> > $2.service(TapestryModule.java:726)
> >      
> > $ 
> > HttpServletRequestHandler_1230686f223 
> > .service($HttpServletRequestHandler_1230686f223.java)
> >      
> > $ 
> > HttpServletRequestHandler_1230686f217 
> > .service($HttpServletRequestHandler_1230686f217.java)
> >     org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:127)
> >
> >
> >
> > Norman Franke
> > Answering Service for Directors, Inc.
> > www.myasd.com
> >
> >
> >
> 

-- 
Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3 -
sicherer, schneller und einfacher! http://portal.gmx.net/de/go/chbrowser

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org

Reply via email to