Re: tapestry-spring-security-2.1.0 logout issue
Michael added the logout handler I was suggesting, and a 2.1.1-SNAPSHOT release is available from http://www.localhost.nu/java/mvn-snapshot/ -- regards, Robin - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: tapestry-spring-security-2.1.0 logout issue
On Aug 12, 2009, at 1:04 PM, Michael Gerzabek wrote: Norman Franke schrieb: The demo/sample app did work fine, but my non-trivial app fails unless I add the explicit session.invalidate() call in my event handler. I have no super classes, but I do use a layout component. It's rather trivial, providing a menu and two-column layout. Nothing fancy. However, putting the event handler either in the layout component or in my start page both cause the error. I was just thinking the layout component changes how T5 processes the request, perhaps. The stack trace is displayed in the web browser as a Tomcat exception, not a nice Tapestry exception. Ok. That means you get the exception when the page already is redirected. Can you confirm that? The URL appears to be before the redirect, it's /myapp/ start.layout.logout Is that what you were asking? Norman Franke Answering Service for Directors, Inc. www.myasd.com
Re: tapestry-spring-security-2.1.0 logout issue
Norman Franke schrieb: The demo/sample app did work fine, but my non-trivial app fails unless I add the explicit session.invalidate() call in my event handler. I have no super classes, but I do use a layout component. It's rather trivial, providing a menu and two-column layout. Nothing fancy. However, putting the event handler either in the layout component or in my start page both cause the error. I was just thinking the layout component changes how T5 processes the request, perhaps. The stack trace is displayed in the web browser as a Tomcat exception, not a nice Tapestry exception. Ok. That means you get the exception when the page already is redirected. Can you confirm that? /M Norman Franke Answering Service for Directors, Inc. www.myasd.com On Aug 12, 2009, at 11:51 AM, Michael Gerzabek wrote: So. What does this mean? Did the sample work for you - I mean without getting an exception? And if yes, what project layout (Layout components, super classes, etc.) do you use that gives the exception you mention? Where does the stacktrace exactly come from? Michael Norman Franke schrieb: I didn't when I ran the demo. Maybe one needs a layout component? Norman Franke Answering Service for Directors, Inc. www.myasd.com On Aug 12, 2009, at 4:07 AM, Michael Gerzabek wrote: Why do I not get the exception? I'm testing with tapestry-spring-security-sample application at [1]. Michael [1] http://www.localhost.nu/svn/public/tapestry-spring-security-sample Norman Franke schrieb: On Aug 11, 2009, at 5:20 PM, Robin Helgelin wrote: On Tue, Aug 11, 2009 at 17:46, Norman Franke wrote: The JavaDoc on org.apache.tapestry5.service.Request states that "getSession(false)" should return NULL if the session is invalidated. This is not happening, it returns the invalidated session. I think this is because tapestry-spring-security is using the HttpServletRequest and thus the HttpSession instead of the Tapestry Sesssion in LogoutServiceImpl. Invalidating the HttpSession does NOT invalidate the Tapestry session causing all sorts of issues. If I invalidate the Tapestry session first, then call logoutService.logout() it seems to work. Can this be fixed in tapestry-spring-service? Sure, if we can work out the proper way to solve this. If I understand you, the logoutService invalidates the HttpSession, which makes Tapestry session throw an exception? Currently the LogoutService logs out the following two cases: public static void contributeLogoutService( final OrderedConfiguration cfg, @InjectService("RememberMeLogoutHandler") final LogoutHandler rememberMeLogoutHandler) { cfg.add("securityContextLogoutHandler", new SecurityContextLogoutHandler()); cfg.add("rememberMeLogoutHandler", rememberMeLogoutHandler); } My guess is that one probably should add a tapestry logout handler, which should invalidate the tapestry session?, but I'm not sure whether this should be default or up to the user. But if the LogoutService is unusable without the tapestry logout handler I guess it's of use be default :) -- regards, Robin I think it should be the default, since one is using it with Tapestry, after all, and invalidating the HttpSession really does confuse Tapestry, making logoutService rather useless. Norman Franke Answering Service for Directors, Inc. www.myasd.com - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: tapestry-spring-security-2.1.0 logout issue
The demo/sample app did work fine, but my non-trivial app fails unless I add the explicit session.invalidate() call in my event handler. I have no super classes, but I do use a layout component. It's rather trivial, providing a menu and two-column layout. Nothing fancy. However, putting the event handler either in the layout component or in my start page both cause the error. I was just thinking the layout component changes how T5 processes the request, perhaps. The stack trace is displayed in the web browser as a Tomcat exception, not a nice Tapestry exception. Norman Franke Answering Service for Directors, Inc. www.myasd.com On Aug 12, 2009, at 11:51 AM, Michael Gerzabek wrote: So. What does this mean? Did the sample work for you - I mean without getting an exception? And if yes, what project layout (Layout components, super classes, etc.) do you use that gives the exception you mention? Where does the stacktrace exactly come from? Michael Norman Franke schrieb: I didn't when I ran the demo. Maybe one needs a layout component? Norman Franke Answering Service for Directors, Inc. www.myasd.com On Aug 12, 2009, at 4:07 AM, Michael Gerzabek wrote: Why do I not get the exception? I'm testing with tapestry-spring-security-sample application at [1]. Michael [1] http://www.localhost.nu/svn/public/tapestry-spring-security-sample Norman Franke schrieb: On Aug 11, 2009, at 5:20 PM, Robin Helgelin wrote: On Tue, Aug 11, 2009 at 17:46, Norman Franke wrote: The JavaDoc on org.apache.tapestry5.service.Request states that "getSession(false)" should return NULL if the session is invalidated. This is not happening, it returns the invalidated session. I think this is because tapestry-spring-security is using the HttpServletRequest and thus the HttpSession instead of the Tapestry Sesssion in LogoutServiceImpl. Invalidating the HttpSession does NOT invalidate the Tapestry session causing all sorts of issues. If I invalidate the Tapestry session first, then call logoutService.logout() it seems to work. Can this be fixed in tapestry-spring-service? Sure, if we can work out the proper way to solve this. If I understand you, the logoutService invalidates the HttpSession, which makes Tapestry session throw an exception? Currently the LogoutService logs out the following two cases: public static void contributeLogoutService( final OrderedConfiguration cfg, @InjectService("RememberMeLogoutHandler") final LogoutHandler rememberMeLogoutHandler) { cfg.add("securityContextLogoutHandler", new SecurityContextLogoutHandler()); cfg.add("rememberMeLogoutHandler", rememberMeLogoutHandler); } My guess is that one probably should add a tapestry logout handler, which should invalidate the tapestry session?, but I'm not sure whether this should be default or up to the user. But if the LogoutService is unusable without the tapestry logout handler I guess it's of use be default :) -- regards, Robin I think it should be the default, since one is using it with Tapestry, after all, and invalidating the HttpSession really does confuse Tapestry, making logoutService rather useless. Norman Franke Answering Service for Directors, Inc. www.myasd.com - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: tapestry-spring-security-2.1.0 logout issue
So. What does this mean? Did the sample work for you - I mean without getting an exception? And if yes, what project layout (Layout components, super classes, etc.) do you use that gives the exception you mention? Where does the stacktrace exactly come from? Michael Norman Franke schrieb: I didn't when I ran the demo. Maybe one needs a layout component? Norman Franke Answering Service for Directors, Inc. www.myasd.com On Aug 12, 2009, at 4:07 AM, Michael Gerzabek wrote: Why do I not get the exception? I'm testing with tapestry-spring-security-sample application at [1]. Michael [1] http://www.localhost.nu/svn/public/tapestry-spring-security-sample Norman Franke schrieb: On Aug 11, 2009, at 5:20 PM, Robin Helgelin wrote: On Tue, Aug 11, 2009 at 17:46, Norman Franke wrote: The JavaDoc on org.apache.tapestry5.service.Request states that "getSession(false)" should return NULL if the session is invalidated. This is not happening, it returns the invalidated session. I think this is because tapestry-spring-security is using the HttpServletRequest and thus the HttpSession instead of the Tapestry Sesssion in LogoutServiceImpl. Invalidating the HttpSession does NOT invalidate the Tapestry session causing all sorts of issues. If I invalidate the Tapestry session first, then call logoutService.logout() it seems to work. Can this be fixed in tapestry-spring-service? Sure, if we can work out the proper way to solve this. If I understand you, the logoutService invalidates the HttpSession, which makes Tapestry session throw an exception? Currently the LogoutService logs out the following two cases: public static void contributeLogoutService( final OrderedConfiguration cfg, @InjectService("RememberMeLogoutHandler") final LogoutHandler rememberMeLogoutHandler) { cfg.add("securityContextLogoutHandler", new SecurityContextLogoutHandler()); cfg.add("rememberMeLogoutHandler", rememberMeLogoutHandler); } My guess is that one probably should add a tapestry logout handler, which should invalidate the tapestry session?, but I'm not sure whether this should be default or up to the user. But if the LogoutService is unusable without the tapestry logout handler I guess it's of use be default :) -- regards, Robin I think it should be the default, since one is using it with Tapestry, after all, and invalidating the HttpSession really does confuse Tapestry, making logoutService rather useless. Norman Franke Answering Service for Directors, Inc. www.myasd.com - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: tapestry-spring-security-2.1.0 logout issue
I didn't when I ran the demo. Maybe one needs a layout component? Norman Franke Answering Service for Directors, Inc. www.myasd.com On Aug 12, 2009, at 4:07 AM, Michael Gerzabek wrote: Why do I not get the exception? I'm testing with tapestry-spring-security-sample application at [1]. Michael [1] http://www.localhost.nu/svn/public/tapestry-spring-security-sample Norman Franke schrieb: On Aug 11, 2009, at 5:20 PM, Robin Helgelin wrote: On Tue, Aug 11, 2009 at 17:46, Norman Franke wrote: The JavaDoc on org.apache.tapestry5.service.Request states that "getSession(false)" should return NULL if the session is invalidated. This is not happening, it returns the invalidated session. I think this is because tapestry-spring-security is using the HttpServletRequest and thus the HttpSession instead of the Tapestry Sesssion in LogoutServiceImpl. Invalidating the HttpSession does NOT invalidate the Tapestry session causing all sorts of issues. If I invalidate the Tapestry session first, then call logoutService.logout() it seems to work. Can this be fixed in tapestry-spring-service? Sure, if we can work out the proper way to solve this. If I understand you, the logoutService invalidates the HttpSession, which makes Tapestry session throw an exception? Currently the LogoutService logs out the following two cases: public static void contributeLogoutService( final OrderedConfiguration cfg, @InjectService("RememberMeLogoutHandler") final LogoutHandler rememberMeLogoutHandler) { cfg.add("securityContextLogoutHandler", new SecurityContextLogoutHandler()); cfg.add("rememberMeLogoutHandler", rememberMeLogoutHandler); } My guess is that one probably should add a tapestry logout handler, which should invalidate the tapestry session?, but I'm not sure whether this should be default or up to the user. But if the LogoutService is unusable without the tapestry logout handler I guess it's of use be default :) -- regards, Robin I think it should be the default, since one is using it with Tapestry, after all, and invalidating the HttpSession really does confuse Tapestry, making logoutService rather useless. Norman Franke Answering Service for Directors, Inc. www.myasd.com - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: tapestry-spring-security-2.1.0 logout issue
Dear Norman, dear Robin, I can confirm this issue as well as the workaround Norman proposed. I also got the same exception which Norman already mentioned and adding a tapestry session invalidate call like this : @OnEvent(component = "logout") public void doLogout() { request.getSession(false).invalidate(); logoutService.logout(); } solved the issue for me as well. Hence +1 for invalidating tapestry session by default ... with best regards Andreas Original-Nachricht > Datum: Tue, 11 Aug 2009 11:46:53 -0400 > Von: Norman Franke > An: "Tapestry users" > Betreff: Re: tapestry-spring-security-2.1.0 logout issue > The JavaDoc on org.apache.tapestry5.service.Request states that > "getSession(false)" should return NULL if the session is invalidated. > This is not happening, it returns the invalidated session. > > I think this is because tapestry-spring-security is using the > HttpServletRequest and thus the HttpSession instead of the Tapestry > Sesssion in LogoutServiceImpl. Invalidating the HttpSession does NOT > invalidate the Tapestry session causing all sorts of issues. If I > invalidate the Tapestry session first, then call > logoutService.logout() it seems to work. > > Can this be fixed in tapestry-spring-service? > > Norman Franke > Answering Service for Directors, Inc. > www.myasd.com > > > > On Aug 10, 2009, at 6:58 PM, Norman Franke wrote: > > > When I try to logout via tapestry-spring-security-2.1.0 (as in the > > example, logoutService.logout() in my event handler for the logout > > link), I get this error all the time: > > > > How can I logout without error and go back to the main page? > > java.lang.IllegalStateException: setAttribute: Session already > > invalidated > > > > org > > .apache > > .catalina.session.StandardSession.setAttribute(StandardSession.java: > > 1291) > > > > org > > .apache > > .catalina.session.StandardSession.setAttribute(StandardSession.java: > > 1256) > > > > org > > .apache > > .catalina > > .session > > .StandardSessionFacade.setAttribute(StandardSessionFacade.java:130) > > > > org > > .apache > > .tapestry5 > > .internal.services.SessionImpl.restoreDirtyObjects(SessionImpl.java: > > 129) > > > > org > > .apache > > .tapestry5 > > .internal > > .services > > .RestoreDirtySessionObjects > > .requestDidComplete(RestoreDirtySessionObjects.java:38) > > > > org > > .apache > > .tapestry5 > > .internal > > .services > > .EndOfRequestEventHubImpl.fire(EndOfRequestEventHubImpl.java:40) > > > > $ > > EndOfRequestEventHub_1230686f209 > > .fire($EndOfRequestEventHub_1230686f209.java) > > org.apache.tapestry5.services.TapestryModule > > $4.service(TapestryModule.java:782) > > $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java) > > org.apache.tapestry5.services.TapestryModule > > $3.service(TapestryModule.java:767) > > $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java) > > > > org > > .apache > > .tapestry5 > > .internal.services.StaticFilesFilter.service(StaticFilesFilter.java: > > 85) > > $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java) > > org.apache.tapestry5.internal.services.CheckForUpdatesFilter > > $2.invoke(CheckForUpdatesFilter.java:90) > > org.apache.tapestry5.internal.services.CheckForUpdatesFilter > > $2.invoke(CheckForUpdatesFilter.java:81) > > > > org > > .apache > > .tapestry5 > > .ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java: > > 85) > > > > org > > .apache > > .tapestry5 > > .internal > > .services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java: > > 103) > > $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java) > > $RequestHandler_1230686f221.service($RequestHandler_1230686f221.java) > > org.apache.tapestry5.services.TapestryModule > > $HttpServletRequestHandlerTerminator.service(TapestryModule.java:197) > > > > org > > .apache.tapestry5.internal.gzip.GZipFilter.service(GZipFilter.java:53) > > > > $ > > HttpServletRequestHandler_1230686f223 > > .service($HttpServletRequestHandler_1230686f223.java) > > > > org >
Re: tapestry-spring-security-2.1.0 logout issue
Why do I not get the exception? I'm testing with tapestry-spring-security-sample application at [1]. Michael [1] http://www.localhost.nu/svn/public/tapestry-spring-security-sample Norman Franke schrieb: On Aug 11, 2009, at 5:20 PM, Robin Helgelin wrote: On Tue, Aug 11, 2009 at 17:46, Norman Franke wrote: The JavaDoc on org.apache.tapestry5.service.Request states that "getSession(false)" should return NULL if the session is invalidated. This is not happening, it returns the invalidated session. I think this is because tapestry-spring-security is using the HttpServletRequest and thus the HttpSession instead of the Tapestry Sesssion in LogoutServiceImpl. Invalidating the HttpSession does NOT invalidate the Tapestry session causing all sorts of issues. If I invalidate the Tapestry session first, then call logoutService.logout() it seems to work. Can this be fixed in tapestry-spring-service? Sure, if we can work out the proper way to solve this. If I understand you, the logoutService invalidates the HttpSession, which makes Tapestry session throw an exception? Currently the LogoutService logs out the following two cases: public static void contributeLogoutService( final OrderedConfiguration cfg, @InjectService("RememberMeLogoutHandler") final LogoutHandler rememberMeLogoutHandler) { cfg.add("securityContextLogoutHandler", new SecurityContextLogoutHandler()); cfg.add("rememberMeLogoutHandler", rememberMeLogoutHandler); } My guess is that one probably should add a tapestry logout handler, which should invalidate the tapestry session?, but I'm not sure whether this should be default or up to the user. But if the LogoutService is unusable without the tapestry logout handler I guess it's of use be default :) -- regards, Robin I think it should be the default, since one is using it with Tapestry, after all, and invalidating the HttpSession really does confuse Tapestry, making logoutService rather useless. Norman Franke Answering Service for Directors, Inc. www.myasd.com - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: tapestry-spring-security-2.1.0 logout issue
On Aug 11, 2009, at 5:20 PM, Robin Helgelin wrote: On Tue, Aug 11, 2009 at 17:46, Norman Franke wrote: The JavaDoc on org.apache.tapestry5.service.Request states that "getSession(false)" should return NULL if the session is invalidated. This is not happening, it returns the invalidated session. I think this is because tapestry-spring-security is using the HttpServletRequest and thus the HttpSession instead of the Tapestry Sesssion in LogoutServiceImpl. Invalidating the HttpSession does NOT invalidate the Tapestry session causing all sorts of issues. If I invalidate the Tapestry session first, then call logoutService.logout() it seems to work. Can this be fixed in tapestry-spring-service? Sure, if we can work out the proper way to solve this. If I understand you, the logoutService invalidates the HttpSession, which makes Tapestry session throw an exception? Currently the LogoutService logs out the following two cases: public static void contributeLogoutService( final OrderedConfiguration cfg, @InjectService("RememberMeLogoutHandler") final LogoutHandler rememberMeLogoutHandler) { cfg.add("securityContextLogoutHandler", new SecurityContextLogoutHandler()); cfg.add("rememberMeLogoutHandler", rememberMeLogoutHandler); } My guess is that one probably should add a tapestry logout handler, which should invalidate the tapestry session?, but I'm not sure whether this should be default or up to the user. But if the LogoutService is unusable without the tapestry logout handler I guess it's of use be default :) -- regards, Robin I think it should be the default, since one is using it with Tapestry, after all, and invalidating the HttpSession really does confuse Tapestry, making logoutService rather useless. Norman Franke Answering Service for Directors, Inc. www.myasd.com
Re: tapestry-spring-security-2.1.0 logout issue
On Tue, Aug 11, 2009 at 17:46, Norman Franke wrote: > The JavaDoc on org.apache.tapestry5.service.Request states that > "getSession(false)" should return NULL if the session is invalidated. This > is not happening, it returns the invalidated session. > > I think this is because tapestry-spring-security is using the > HttpServletRequest and thus the HttpSession instead of the Tapestry Sesssion > in LogoutServiceImpl. Invalidating the HttpSession does NOT invalidate the > Tapestry session causing all sorts of issues. If I invalidate the Tapestry > session first, then call logoutService.logout() it seems to work. > > Can this be fixed in tapestry-spring-service? Sure, if we can work out the proper way to solve this. If I understand you, the logoutService invalidates the HttpSession, which makes Tapestry session throw an exception? Currently the LogoutService logs out the following two cases: public static void contributeLogoutService( final OrderedConfiguration cfg, @InjectService("RememberMeLogoutHandler") final LogoutHandler rememberMeLogoutHandler) { cfg.add("securityContextLogoutHandler", new SecurityContextLogoutHandler()); cfg.add("rememberMeLogoutHandler", rememberMeLogoutHandler); } My guess is that one probably should add a tapestry logout handler, which should invalidate the tapestry session?, but I'm not sure whether this should be default or up to the user. But if the LogoutService is unusable without the tapestry logout handler I guess it's of use be default :) -- regards, Robin - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: tapestry-spring-security-2.1.0 logout issue
The JavaDoc on org.apache.tapestry5.service.Request states that "getSession(false)" should return NULL if the session is invalidated. This is not happening, it returns the invalidated session. I think this is because tapestry-spring-security is using the HttpServletRequest and thus the HttpSession instead of the Tapestry Sesssion in LogoutServiceImpl. Invalidating the HttpSession does NOT invalidate the Tapestry session causing all sorts of issues. If I invalidate the Tapestry session first, then call logoutService.logout() it seems to work. Can this be fixed in tapestry-spring-service? Norman Franke Answering Service for Directors, Inc. www.myasd.com On Aug 10, 2009, at 6:58 PM, Norman Franke wrote: When I try to logout via tapestry-spring-security-2.1.0 (as in the example, logoutService.logout() in my event handler for the logout link), I get this error all the time: How can I logout without error and go back to the main page? java.lang.IllegalStateException: setAttribute: Session already invalidated org .apache .catalina.session.StandardSession.setAttribute(StandardSession.java: 1291) org .apache .catalina.session.StandardSession.setAttribute(StandardSession.java: 1256) org .apache .catalina .session .StandardSessionFacade.setAttribute(StandardSessionFacade.java:130) org .apache .tapestry5 .internal.services.SessionImpl.restoreDirtyObjects(SessionImpl.java: 129) org .apache .tapestry5 .internal .services .RestoreDirtySessionObjects .requestDidComplete(RestoreDirtySessionObjects.java:38) org .apache .tapestry5 .internal .services .EndOfRequestEventHubImpl.fire(EndOfRequestEventHubImpl.java:40) $ EndOfRequestEventHub_1230686f209 .fire($EndOfRequestEventHub_1230686f209.java) org.apache.tapestry5.services.TapestryModule $4.service(TapestryModule.java:782) $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java) org.apache.tapestry5.services.TapestryModule $3.service(TapestryModule.java:767) $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java) org .apache .tapestry5 .internal.services.StaticFilesFilter.service(StaticFilesFilter.java: 85) $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java) org.apache.tapestry5.internal.services.CheckForUpdatesFilter $2.invoke(CheckForUpdatesFilter.java:90) org.apache.tapestry5.internal.services.CheckForUpdatesFilter $2.invoke(CheckForUpdatesFilter.java:81) org .apache .tapestry5 .ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java: 85) org .apache .tapestry5 .internal .services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java: 103) $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java) $RequestHandler_1230686f221.service($RequestHandler_1230686f221.java) org.apache.tapestry5.services.TapestryModule $HttpServletRequestHandlerTerminator.service(TapestryModule.java:197) org .apache.tapestry5.internal.gzip.GZipFilter.service(GZipFilter.java:53) $ HttpServletRequestHandler_1230686f223 .service($HttpServletRequestHandler_1230686f223.java) org .apache .tapestry5 .internal .services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62) $ HttpServletRequestFilter_1230686f220 .service($HttpServletRequestFilter_1230686f220.java) $ HttpServletRequestHandler_1230686f223 .service($HttpServletRequestHandler_1230686f223.java) nu .localhost .tapestry5 .springsecurity.services.internal.HttpServletRequestFilterWrapper $1.doFilter(HttpServletRequestFilterWrapper.java:56) org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke (FilterSecurityInterceptor.java:109) org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter (FilterSecurityInterceptor.java:83) nu .localhost .tapestry5 .springsecurity .services .internal .HttpServletRequestFilterWrapper .service(HttpServletRequestFilterWrapper.java:52) $ HttpServletRequestFilter_1230686f21d .service($HttpServletRequestFilter_1230686f21d.java) $ HttpServletRequestHandler_1230686f223 .service($HttpServletRequestHandler_1230686f223.java) nu .localhost .tapestry5 .springsecurity.services.internal.HttpServletRequestFilterWrapper $1.doFilter(HttpServletRequestFilterWrapper.java:56) nu .localhost .tapestry5 .springsecurity .services .internal .SpringSecurityExceptionTranslationFilter .doFilterHttp(SpringSecurityExceptionTranslationFilter.java:100) org .springframework .security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java: 53) nu .localhost .tapestry5 .springsecurity .services .internal .HttpServletRequestFilterWrapper .service(HttpServletRequestFilterWrapper.java:52) $ HttpServletRequestHandler_1230686f223 .service($HttpServletRequestHandler_1230686f223.java) nu .localhost .tapestry5 .springsecurity.services.internal.HttpServletRequestFilterWrapper $1.doFilter(HttpSe
tapestry-spring-security-2.1.0 logout issue
When I try to logout via tapestry-spring-security-2.1.0 (as in the example, logoutService.logout() in my event handler for the logout link), I get this error all the time: How can I logout without error and go back to the main page? java.lang.IllegalStateException: setAttribute: Session already invalidated org .apache .catalina.session.StandardSession.setAttribute(StandardSession.java: 1291) org .apache .catalina.session.StandardSession.setAttribute(StandardSession.java: 1256) org .apache .catalina .session.StandardSessionFacade.setAttribute(StandardSessionFacade.java: 130) org .apache .tapestry5 .internal.services.SessionImpl.restoreDirtyObjects(SessionImpl.java:129) org .apache .tapestry5 .internal .services .RestoreDirtySessionObjects .requestDidComplete(RestoreDirtySessionObjects.java:38) org .apache .tapestry5 .internal .services.EndOfRequestEventHubImpl.fire(EndOfRequestEventHubImpl.java: 40) $ EndOfRequestEventHub_1230686f209 .fire($EndOfRequestEventHub_1230686f209.java) org.apache.tapestry5.services.TapestryModule $4.service(TapestryModule.java:782) $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java) org.apache.tapestry5.services.TapestryModule $3.service(TapestryModule.java:767) $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java) org .apache .tapestry5 .internal.services.StaticFilesFilter.service(StaticFilesFilter.java:85) $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java) org.apache.tapestry5.internal.services.CheckForUpdatesFilter $2.invoke(CheckForUpdatesFilter.java:90) org.apache.tapestry5.internal.services.CheckForUpdatesFilter $2.invoke(CheckForUpdatesFilter.java:81) org .apache .tapestry5 .ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java:85) org .apache .tapestry5 .internal .services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java:103) $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java) $RequestHandler_1230686f221.service($RequestHandler_1230686f221.java) org.apache.tapestry5.services.TapestryModule $HttpServletRequestHandlerTerminator.service(TapestryModule.java:197) org.apache.tapestry5.internal.gzip.GZipFilter.service(GZipFilter.java: 53) $ HttpServletRequestHandler_1230686f223 .service($HttpServletRequestHandler_1230686f223.java) org .apache .tapestry5 .internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java: 62) $ HttpServletRequestFilter_1230686f220 .service($HttpServletRequestFilter_1230686f220.java) $ HttpServletRequestHandler_1230686f223 .service($HttpServletRequestHandler_1230686f223.java) nu .localhost .tapestry5 .springsecurity.services.internal.HttpServletRequestFilterWrapper $1.doFilter(HttpServletRequestFilterWrapper.java:56) org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke (FilterSecurityInterceptor.java:109) org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter (FilterSecurityInterceptor.java:83) nu .localhost .tapestry5 .springsecurity .services .internal .HttpServletRequestFilterWrapper .service(HttpServletRequestFilterWrapper.java:52) $ HttpServletRequestFilter_1230686f21d .service($HttpServletRequestFilter_1230686f21d.java) $ HttpServletRequestHandler_1230686f223 .service($HttpServletRequestHandler_1230686f223.java) nu .localhost .tapestry5 .springsecurity.services.internal.HttpServletRequestFilterWrapper $1.doFilter(HttpServletRequestFilterWrapper.java:56) nu .localhost .tapestry5 .springsecurity .services .internal .SpringSecurityExceptionTranslationFilter .doFilterHttp(SpringSecurityExceptionTranslationFilter.java:100) org .springframework .security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) nu .localhost .tapestry5 .springsecurity .services .internal .HttpServletRequestFilterWrapper .service(HttpServletRequestFilterWrapper.java:52) $ HttpServletRequestHandler_1230686f223 .service($HttpServletRequestHandler_1230686f223.java) nu .localhost .tapestry5 .springsecurity.services.internal.HttpServletRequestFilterWrapper $1.doFilter(HttpServletRequestFilterWrapper.java:56) org .springframework .security .providers .anonymous .AnonymousProcessingFilter.doFilterHttp(AnonymousProcessingFilter.java: 105) org .springframework .security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) nu .localhost .tapestry5 .springsecurity .services .internal .HttpServletRequestFilterWrapper .service(HttpServletRequestFilterWrapper.java:52) $ HttpServletRequestFilter_1230686f21c .service($HttpServletRequestFilter_1230686f21c.java) $ HttpServletRequestHandler_1230686f223 .service($HttpServletRequestHandler_1230686f223.java) nu .localhost .tapestry5 .springsecurity.services.internal.HttpServletRequestFilterWrapper $1.doFilter(HttpServletR