[Dev] User does not log out properly when Local Transport is configured

Sun, 14 Sep 2014 23:21:08 -0700 

Hi,

*problem:*
I am working on issue[1]. After configuring local transport according to
[2], I could get following log message when login,

INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} -
'admin@carbon.super [-1234]' logged in at [2014-09-15 10:50:32,218+0530]
from IP address <ip-address>

But no log message received when log out. Also the user does not logout
properly. This will make other users to login from the console.

*Root cause: *
When debugging I could notice that implementation for authenticator object
read from CarbonUILoginUtil.java (line 234) is different after configuring
local transport. They are BasicAuthUIAuthenticator.java [4] and
DefaultCarbonAuthenticator.java [5].  Therefore authenticator.unauthenticate
(request); will execute two different implementations.

According to [4], unauthenticate(request) method is not implemented (line
154 of [4]) in BasicAuthUIAuthenticator.java. Therefore the log out request
does not direct to logout() method of AuthenticationAdminClient.java.

*Suggested solution:*

I could add the same implementation  for unauthenticate(request) to[4] as
in DefaultCarbonAuthenticator.java (line 137 of [5]) and could get a valid
log message when log out.

INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} -
'admin@carbon.super [-1234]' logged in at [2014-09-15 10:50:32,218+0530]
from IP address 10.100.5.86
INFO {org.wso2.carbon.core.services.authentication.AuthenticationAdmin} -
'admin@carbon.super [-1234]' logged out at [2014-09-15 10:50:35,0821]

But DefaultCarbonAuthenticator.java [5] extends BasicAuthUIAuthenticator.java
[4] and I can remove implementation for unauthenticate(request) method
from DefaultCarbonAuthenticator.java
if I add the same implementation to BasicAuthUIAuthenticator.java. (I can
remove unauthenticate(request) implementation from
DefaultCarbonAuthenticator.java
only if there is no other class that overrides this method.). Is this
solution acceptable?

[1] https://wso2.org/jira/browse/CARBON-14947 - User does not log out
properly when Local Transport is configured
[2] https://docs.wso2.com/display/ESB470/Local+Transport
[3]
https://github.com/wso2-dev/carbon4-kernel/blob/master/core/org.wso2.carbon.ui/src/main/java/org/wso2/carbon/ui/CarbonUILoginUtil.java
[4]
https://github.com/wso2-dev/carbon4-kernel/blob/master/core/org.wso2.carbon.ui/src/main/java/org/wso2/carbon/ui/BasicAuthUIAuthenticator.java
[5]
https://github.com/wso2-dev/carbon4-kernel/blob/master/core/org.wso2.carbon.ui/src/main/java/org/wso2/carbon/ui/DefaultCarbonAuthenticator.java

Thanks,
Nipuni
-- 
Nipuni Perera
Software Engineer; WSO2 Inc.; http://wso2.com
Email: nip...@wso2.com
Git hub profile: https://github.com/nipuni
Mobile: +94 (71) 5626680

_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to