Improve and clean authentication. Reintroduce anonymous login context.

[lgpl/argeo-commons.git] / org.argeo.cms.ui / src / org / argeo / cms / util / LoginEntryPoint.java

diff --git a/org.argeo.cms.ui/src/org/argeo/cms/util/LoginEntryPoint.java b/org.argeo.cms.ui/src/org/argeo/cms/util/LoginEntryPoint.java
index 1f24da2f4327d3d9d27c550cd73aa059fafd390f..a8b52a5c29c91f861b727f7a775df1f1f5121e49 100644 (file)
--- a/org.argeo.cms.ui/src/org/argeo/cms/util/LoginEntryPoint.java
+++ b/org.argeo.cms.ui/src/org/argeo/cms/util/LoginEntryPoint.java
@@ -5,7 +5,6 @@ import java.util.Locale;
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
 import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 
 import org.argeo.cms.CmsException;
 import org.argeo.cms.auth.CurrentUser;
@@ -130,6 +129,7 @@ public class LoginEntryPoint implements EntryPoint, CmsView {
                if (loginContext == null)
                        throw new CmsException("Login context should not bet null");
                try {
+                       CurrentUser.logoutCmsSession(loginContext.getSubject());
                        loginContext.logout();
                } catch (LoginException e) {
                        throw new CmsException("Cannot log out", e);