You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by da...@apache.org on 2016/07/05 06:54:58 UTC
[5/8] isis git commit: ISIS-1434: changes the order in which the
Shiro session is invalidated,
to perform before Wicket viewer completes its own invalidation.
ISIS-1434: changes the order in which the Shiro session is invalidated, to perform before Wicket viewer completes its own invalidation.
The original implementation worked on jetty but not as a war file under Tomcat.
Project: http://git-wip-us.apache.org/repos/asf/isis/repo
Commit: http://git-wip-us.apache.org/repos/asf/isis/commit/0d906485
Tree: http://git-wip-us.apache.org/repos/asf/isis/tree/0d906485
Diff: http://git-wip-us.apache.org/repos/asf/isis/diff/0d906485
Branch: refs/heads/master
Commit: 0d906485127c41771d85e15783c0869313a27eea
Parents: 2f67917
Author: Dan Haywood <da...@haywood-associates.co.uk>
Authored: Tue Jul 5 07:38:34 2016 +0100
Committer: Dan Haywood <da...@haywood-associates.co.uk>
Committed: Tue Jul 5 07:38:34 2016 +0100
----------------------------------------------------------------------
.../wicket/AuthenticatedWebSessionForIsis.java | 28 +++++++++++++++++---
1 file changed, 24 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/isis/blob/0d906485/core/viewer-wicket-impl/src/main/java/org/apache/isis/viewer/wicket/viewer/integration/wicket/AuthenticatedWebSessionForIsis.java
----------------------------------------------------------------------
diff --git a/core/viewer-wicket-impl/src/main/java/org/apache/isis/viewer/wicket/viewer/integration/wicket/AuthenticatedWebSessionForIsis.java b/core/viewer-wicket-impl/src/main/java/org/apache/isis/viewer/wicket/viewer/integration/wicket/AuthenticatedWebSessionForIsis.java
index 16e4454..60750f0 100644
--- a/core/viewer-wicket-impl/src/main/java/org/apache/isis/viewer/wicket/viewer/integration/wicket/AuthenticatedWebSessionForIsis.java
+++ b/core/viewer-wicket-impl/src/main/java/org/apache/isis/viewer/wicket/viewer/integration/wicket/AuthenticatedWebSessionForIsis.java
@@ -81,6 +81,30 @@ public class AuthenticatedWebSessionForIsis extends AuthenticatedWebSession impl
}
@Override
+ public void invalidateNow() {
+
+ // similar code in Restful Objects viewer (UserResourceServerside#logout)
+ // this needs to be done here because Wicket will expire the HTTP session
+ // while the Shiro authenticator uses the session to obtain the details of the principals for it to logout
+ //
+ // org.apache.catalina.session.StandardSession.getAttribute(StandardSession.java:1195)
+ // org.apache.catalina.session.StandardSessionFacade.getAttribute(StandardSessionFacade.java:108)
+ // org.apache.shiro.web.session.HttpServletSession.getAttribute(HttpServletSession.java:146)
+ // org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)
+ // org.apache.shiro.subject.support.DelegatingSubject.getRunAsPrincipalsStack(DelegatingSubject.java:469)
+ // org.apache.shiro.subject.support.DelegatingSubject.getPrincipals(DelegatingSubject.java:153)
+ // org.apache.shiro.mgt.DefaultSecurityManager.logout(DefaultSecurityManager.java:547)
+ // org.apache.shiro.subject.support.DelegatingSubject.logout(DelegatingSubject.java:363)
+ // org.apache.isis.security.shiro.ShiroAuthenticatorOrAuthorizor.logout(ShiroAuthenticatorOrAuthorizor.java:179)
+ // org.apache.isis.core.runtime.authentication.standard.AuthenticationManagerStandard.closeSession(AuthenticationManagerStandard.java:141)
+
+ getAuthenticationManager().closeSession(authenticationSession);
+ getIsisSessionFactory().closeSession();
+
+ super.invalidateNow();
+ }
+
+ @Override
public void onInvalidate() {
super.onInvalidate();
@@ -93,10 +117,6 @@ public class AuthenticatedWebSessionForIsis extends AuthenticatedWebSession impl
userName = authenticationSession.getUserName();
}
- // similar code in Restful Objects viewer (UserResourceServerside#logout)
- getAuthenticationManager().closeSession(authenticationSession);
- getIsisSessionFactory().closeSession();
-
log(SessionLoggingService.Type.LOGOUT, userName, causedBy);
}