Hi,
I have sent pull request for the fix. (Please find the attached diff).
[1] https://github.com/wso2-dev/carbon4-kernel/pull/102
Thanks,
Nipuni
On Mon, Sep 15, 2014 at 11:50 AM, Nipuni Perera <nip...@wso2.com> wrote:
> Hi,
>
> *problem:*
> I am working on issue[1]. After configuring local transport according to
> [2], I could get following log message when login,
>
> INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} -
> 'admin@carbon.super [-1234]' logged in at [2014-09-15 10:50:32,218+0530]
> from IP address <ip-address>
>
> But no log message received when log out. Also the user does not logout
> properly. This will make other users to login from the console.
>
> *Root cause: *
> When debugging I could notice that implementation for authenticator object
> read from CarbonUILoginUtil.java (line 234) is different after configuring
> local transport. They are BasicAuthUIAuthenticator.java [4] and
> DefaultCarbonAuthenticator.java [5]. Therefore authenticator.
> unauthenticate(request); will execute two different implementations.
>
> According to [4], unauthenticate(request) method is not implemented (line
> 154 of [4]) in BasicAuthUIAuthenticator.java. Therefore the log out
> request does not direct to logout() method of
> AuthenticationAdminClient.java.
>
> *Suggested solution:*
>
> I could add the same implementation for unauthenticate(request) to[4] as
> in DefaultCarbonAuthenticator.java (line 137 of [5]) and could get a
> valid log message when log out.
>
> INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} -
> 'admin@carbon.super [-1234]' logged in at [2014-09-15 10:50:32,218+0530]
> from IP address 10.100.5.86
> INFO {org.wso2.carbon.core.services.authentication.AuthenticationAdmin} -
> 'admin@carbon.super [-1234]' logged out at [2014-09-15 10:50:35,0821]
>
> But DefaultCarbonAuthenticator.java [5] extends BasicAuthUIAuthenticator.java
> [4] and I can remove implementation for unauthenticate(request) method
> from DefaultCarbonAuthenticator.java if I add the same implementation to
> BasicAuthUIAuthenticator.java.
> (I can remove unauthenticate(request) implementation from
> DefaultCarbonAuthenticator.java
> only if there is no other class that overrides this method.). Is this
> solution acceptable?
>
> [1] https://wso2.org/jira/browse/CARBON-14947 - User does not log out
> properly when Local Transport is configured
> [2] https://docs.wso2.com/display/ESB470/Local+Transport
> [3]
> https://github.com/wso2-dev/carbon4-kernel/blob/master/core/org.wso2.carbon.ui/src/main/java/org/wso2/carbon/ui/CarbonUILoginUtil.java
> [4]
> https://github.com/wso2-dev/carbon4-kernel/blob/master/core/org.wso2.carbon.ui/src/main/java/org/wso2/carbon/ui/BasicAuthUIAuthenticator.java
> [5]
> https://github.com/wso2-dev/carbon4-kernel/blob/master/core/org.wso2.carbon.ui/src/main/java/org/wso2/carbon/ui/DefaultCarbonAuthenticator.java
>
> Thanks,
> Nipuni
> --
> Nipuni Perera
> Software Engineer; WSO2 Inc.; http://wso2.com
> Email: nip...@wso2.com
> Git hub profile: https://github.com/nipuni
> Mobile: +94 (71) 5626680
>
>
--
Nipuni Perera
Software Engineer; WSO2 Inc.; http://wso2.com
Email: nip...@wso2.com
Git hub profile: https://github.com/nipuni
Mobile: +94 (71) 5626680
<http://wso2.com>
diff --git
a/core/org.wso2.carbon.ui/src/main/java/org/wso2/carbon/ui/BasicAuthUIAuthenticator.java
b/core/org.wso2.carbon.ui/src/main/java/org/wso2/carbon/ui/BasicAuthUIAuthenticator.java
index 53a2842..c4db106 100644
---
a/core/org.wso2.carbon.ui/src/main/java/org/wso2/carbon/ui/BasicAuthUIAuthenticator.java
+++
b/core/org.wso2.carbon.ui/src/main/java/org/wso2/carbon/ui/BasicAuthUIAuthenticator.java
@@ -2,15 +2,20 @@ package org.wso2.carbon.ui;
import java.util.Map;
+import javax.servlet.ServletContext;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
import org.apache.axis2.AxisFault;
import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
import org.wso2.carbon.CarbonConstants;
+import org.wso2.carbon.authenticator.proxy.AuthenticationAdminClient;
import org.wso2.carbon.core.common.AuthenticationException;
import org.wso2.carbon.ui.util.CarbonUIAuthenticationUtil;
import org.wso2.carbon.utils.CarbonUtils;
+import org.wso2.carbon.utils.ServerConstants;
import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
public class BasicAuthUIAuthenticator extends AbstractCarbonUIAuthenticator {
@@ -152,8 +157,32 @@ public class BasicAuthUIAuthenticator extends
AbstractCarbonUIAuthenticator {
@Override
public void unauthenticate(Object object) throws Exception {
- // TODO Auto-generated method stub
+ try {
+ getAuthenticationAdminCient(((HttpServletRequest)
object)).logout();
+ } catch (Exception ignored) {
+ String msg = "Configuration context is null.";
+ log.error(msg);
+ throw new Exception(msg);
+ }
+
+ }
+
+ protected AuthenticationAdminClient
getAuthenticationAdminCient(HttpServletRequest request)
+ throws AxisFault {
+ HttpSession session = request.getSession();
+ ServletContext servletContext = session.getServletContext();
+ String backendServerURL = request.getParameter("backendURL");
+ if (backendServerURL == null) {
+ backendServerURL = CarbonUIUtil.getServerURL(servletContext,
request.getSession());
+ }
+ session.setAttribute(CarbonConstants.SERVER_URL, backendServerURL);
+
+ ConfigurationContext configContext = (ConfigurationContext)
servletContext
+ .getAttribute(CarbonConstants.CONFIGURATION_CONTEXT);
+
+ String cookie = (String)
session.getAttribute(ServerConstants.ADMIN_SERVICE_AUTH_TOKEN);
+ return new AuthenticationAdminClient(configContext, backendServerURL,
cookie, session, true);
}
@Override
diff --git
a/core/org.wso2.carbon.ui/src/main/java/org/wso2/carbon/ui/DefaultCarbonAuthenticator.java
b/core/org.wso2.carbon.ui/src/main/java/org/wso2/carbon/ui/DefaultCarbonAuthenticator.java
index c84bb83..1b57642 100644
---
a/core/org.wso2.carbon.ui/src/main/java/org/wso2/carbon/ui/DefaultCarbonAuthenticator.java
+++
b/core/org.wso2.carbon.ui/src/main/java/org/wso2/carbon/ui/DefaultCarbonAuthenticator.java
@@ -135,13 +135,7 @@ public class DefaultCarbonAuthenticator extends
BasicAuthUIAuthenticator {
*
*/
public void unauthenticate(Object object) throws Exception {
- try {
- getAuthenticationAdminCient(((HttpServletRequest)
object)).logout();
- } catch (Exception ignored) {
- String msg = "Configuration context is null.";
- log.error(msg);
- throw new Exception(msg);
- }
+ super.unauthenticate(object);
}
/**
@@ -151,29 +145,6 @@ public class DefaultCarbonAuthenticator extends
BasicAuthUIAuthenticator {
return AUTHENTICATOR_NAME;
}
- /**
- *
- * @param request
- * @return
- * @throws AxisFault
- */
- private AuthenticationAdminClient
getAuthenticationAdminCient(HttpServletRequest request)
- throws AxisFault {
- HttpSession session = request.getSession();
- ServletContext servletContext = session.getServletContext();
- String backendServerURL = request.getParameter("backendURL");
- if (backendServerURL == null) {
- backendServerURL = CarbonUIUtil.getServerURL(servletContext,
request.getSession());
- }
- session.setAttribute(CarbonConstants.SERVER_URL, backendServerURL);
-
- ConfigurationContext configContext = (ConfigurationContext)
servletContext
- .getAttribute(CarbonConstants.CONFIGURATION_CONTEXT);
-
- String cookie = (String)
session.getAttribute(ServerConstants.ADMIN_SERVICE_AUTH_TOKEN);
-
- return new AuthenticationAdminClient(configContext, backendServerURL,
cookie, session, true);
- }
@SuppressWarnings("rawtypes")
@Override
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
