You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Eduard Neuwirt <ed...@googlemail.com> on 2011/04/15 21:56:25 UTC
currentUser.logout problem
Hello,
I wrote very simple vaadin application, which consists of simple Login
and Logout buttons.
Login code:
UsernamePasswordToken token = new
UsernamePasswordToken("test", "test");
token.setRememberMe(true);
currentUser.login(token);
Logout code:
currentUser.logout();
getMainWindow().getApplication().close();
the following error occurs after some login/logouts:
Caused by: java.lang.NullPointerException
at
org.apache.catalina.connector.Request.setAttribute(Request.java:1530)
at
org.apache.catalina.connector.RequestFacade.setAttribute(RequestFacade.java:543)
at
javax.servlet.ServletRequestWrapper.setAttribute(ServletRequestWrapper.java:239)
at
org.apache.shiro.web.mgt.DefaultWebSecurityManager.removeRequestIdentity(DefaultWebSecurityManager.java:189)
at
org.apache.shiro.web.mgt.DefaultWebSecurityManager.beforeLogout(DefaultWebSecurityManager.java:181)
at
org.apache.shiro.mgt.DefaultSecurityManager.logout(DefaultSecurityManager.java:504)
at
org.apache.shiro.subject.support.DelegatingSubject.logout(DelegatingSubject.java:323)
Any idea ?
Re: currentUser.logout problem
Posted by Eduard Neuwirt <ed...@googlemail.com>.
Thanks,
it works. Great. Your suggestion is the corect way for solution.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/currentUser-logout-problem-tp6277499p6281543.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: currentUser.logout problem
Posted by Les Hazlewood <lh...@apache.org>.
Hi Eduard,
You're using a Vaadin application, which saves its UI component state
in the http session. In a web environment, the Subject instance is
expected to be constructed and destroyed with every request.
Are any of your Vaadin components saving the Subject instance as a
class attribute? If so, this will cause problems because the the
Subject instance saved may not be the same subject instance
corresponding to the current request. Calling
SecurityUtils.getSubject() is the safest way to acquire a Subject in a
web application.
If you don't want to do this, and instead want to use the Subject
instance as a saved class attribute, the Subject instance would need
to be a lightweight serializable proxy that would call
SecurityUtils.getSubject().XXX for each of the Subject interface
implementation methods.
Does this make sense? Might this be what is happening in your application?
Regards,
Les
On Sun, Apr 17, 2011 at 11:12 AM, Eduard Neuwirt
<ed...@googlemail.com> wrote:
> Found this:
> http://shiro-user.582556.n2.nabble.com/There-is-something-wrong-Integrating-zkoss-with-shiro-td3773207.html
>
> Is it the same situation ?
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/currentUser-logout-problem-tp6277499p6281466.html
> Sent from the Shiro User mailing list archive at Nabble.com.
Re: currentUser.logout problem
Posted by Eduard Neuwirt <ed...@googlemail.com>.
Found this:
http://shiro-user.582556.n2.nabble.com/There-is-something-wrong-Integrating-zkoss-with-shiro-td3773207.html
Is it the same situation ?
--
View this message in context: http://shiro-user.582556.n2.nabble.com/currentUser-logout-problem-tp6277499p6281466.html
Sent from the Shiro User mailing list archive at Nabble.com.