Remove inherited thread local from RAP

author Mathieu Baudier <mbaudier@argeo.org>

Mon, 9 Jul 2012 14:00:00 +0000 (14:00 +0000)

committer Mathieu Baudier <mbaudier@argeo.org>

Mon, 9 Jul 2012 14:00:00 +0000 (14:00 +0000)
author Mathieu Baudier <mbaudier@argeo.org>
Mon, 9 Jul 2012 14:00:00 +0000 (14:00 +0000)
committer Mathieu Baudier <mbaudier@argeo.org>
Mon, 9 Jul 2012 14:00:00 +0000 (14:00 +0000)
diff --git a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java

index 10dced4b3e44be80502c4750277988b424025a23..2339716874598d0d142b9431ba91e7a45afbdc8f 100644 (file)
--- a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java
+++ b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java
@@ -140,7 +140,7 @@ public class SecureEntryPoint implements IEntryPoint {
                                         return new Integer(result);
                                 }
                         });
-                       logout(loginContext, username);
+                       //logout(loginContext, username);
                 } finally {
                         display.dispose();
                 }
@@ -194,6 +194,11 @@ public class SecureEntryPoint implements IEntryPoint {
  
         protected void logout(ILoginContext secureContext, String username) {
                 try {
+                       HttpServletRequest httpRequest = RWT.getRequest();
+                       HttpSession httpSession = httpRequest.getSession();
+                       httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY, null);
+                       RWT.getRequest().getSession().setMaxInactiveInterval(1);
+                       SecurityContextHolder.clearContext();
                         secureContext.logout();
                         log.info("Logged out " + (username != null ? username : "")
                                         + " (THREAD=" + Thread.currentThread().getId() + ")");
diff --git a/server/modules/org.argeo.server.rap.webapp/WEB-INF/security-filters.xml b/server/modules/org.argeo.server.rap.webapp/WEB-INF/security-filters.xml

index a4f0aeb9ada93f0a513b9daec425905f3990e2d8..cfe148bd6cfccb75c656ae5c9d093a73fbae394f 100644 (file)
--- a/server/modules/org.argeo.server.rap.webapp/WEB-INF/security-filters.xml
+++ b/server/modules/org.argeo.server.rap.webapp/WEB-INF/security-filters.xml
@@ -12,7 +12,7 @@
                                 filters="session,basic,rememberMe,exception,interceptor" />
                         <sec:filter-chain pattern="/basicauth"
                                 filters="session,basic,exception,interceptor" />
-                       <sec:filter-chain pattern="/node" filters="session" />
+                       <sec:filter-chain pattern="/node" filters="session,exception,interceptor" />
                         <sec:filter-chain pattern="/public"
                                 filters="session,anonymous,exception,interceptorPublic" />
                         <sec:filter-chain pattern="/j_spring_security_logout"
author	Mathieu Baudier <mbaudier@argeo.org>
	Mon, 9 Jul 2012 14:00:00 +0000 (14:00 +0000)
committer	Mathieu Baudier <mbaudier@argeo.org>
	Mon, 9 Jul 2012 14:00:00 +0000 (14:00 +0000)
security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java		patch \| blob \| history
server/modules/org.argeo.server.rap.webapp/WEB-INF/security-filters.xml		patch \| blob \| history