You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by "Alessio Stalla (JIRA)" <ji...@apache.org> on 2014/09/15 16:45:33 UTC
[jira] [Commented] (JSPWIKI-643) Logout does not work with Tomcat
SingleSignOn
[ https://issues.apache.org/jira/browse/JSPWIKI-643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14133963#comment-14133963 ]
Alessio Stalla commented on JSPWIKI-643:
----------------------------------------
I stumbled upon this issue as well - just letting you know that if you happen to run on a Servlet 3.x container (Tomcat since version 7) there's a standard way to solve the problem, that is to call request.logout().
As a quick hack I did it in Logout.jsp to avoid rebuilding the wiki from source, but ideally the authentication manager could check for the presence of the logout method and call it via reflection if available (to avoid a hard dependency on version 3+ of the Servlet API).
> Logout does not work with Tomcat SingleSignOn
> ---------------------------------------------
>
> Key: JSPWIKI-643
> URL: https://issues.apache.org/jira/browse/JSPWIKI-643
> Project: JSPWiki
> Issue Type: Bug
> Components: Authentication & Authorization
> Affects Versions: 2.8.3
> Environment: Container managed security
> Tomcat with SingleSignOn Valve
> Reporter: Jürgen Weber
>
> JSPWiki's logout button does not work with container managed security and Tomcat's SingleSignOn Valve.
> To reproduce:
> Have common users for JSPWiki and another web application B
> Access B and trigger container managed security, log in.
> B is active, user is logged in.
> Access JSPWiki, JSPWiki shows the User logged into B. OK.
> Click JSPWiki's log out button. Nothing happens, user stays authenticated.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)