Github user sjcorbett commented on the pull request:
https://github.com/apache/incubator-brooklyn/pull/529#issuecomment-77142830
Thanks for pointing me at the at `originalRequest` in
`BrooklynPropertiesSecurityFilter`. My initial concern is invalid but there are
a few usability issues with the changes here:
* The `onClick` event is not fired when I right click the link and click
"Open link in a new tab", so I'm not logged out.
* Every so often - I haven't worked out the cause - clicking Logout
navigates me to the dashboard screen but doesn't actually log me out.
* Clicking logout normally makes it impossible to log back in without
refreshing the page. Each time I enter my username and password I'm immediately
logged out again. The log shows:
```
2015-03-04 10:55:33,823 INFO REST logging sam out of session
1xf18cj3jx94x59y5dt4kahdp
2015-03-04 10:55:47,359 INFO REST logging sam out of session
1tb4mq85kwddh199yigwsrwtrw
2015-03-04 10:55:52,173 INFO REST logging sam out of session
4afpbliikh5i1w29exmvrw534
```
* You can break logout on someone's web console by altering the logout
function to either do something different or nothing at all (i.e. open the
Javascript console and enter `logout = undefined`). It's broken until they
refresh, at least.
* Having the function in the global namespace means there's a chance it
will clash with another library that also defines `logout` globally. I'd
suggest moving the function to `brooklyn.js` or `brooklyn-util.js`, adding an
`id` to the anchor element and binding an `onClick` event there rather than
putting it on the element directly.
@nakomis and @aledsage up to you for the first few comments. The last two
should be fixed.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
