Re: tapestry-spring-security-2.1.0 logout issue
Michael added the logout handler I was suggesting, and a 2.1.1-SNAPSHOT release is available from http://www.localhost.nu/java/mvn-snapshot/ -- regards, Robin - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: tapestry-spring-security-2.1.0 logout issue
On Aug 12, 2009, at 1:04 PM, Michael Gerzabek wrote: Norman Franke schrieb: The demo/sample app did work fine, but my non-trivial app fails unless I add the explicit session.invalidate() call in my event handler. I have no super classes, but I do use a layout component. It's rather trivial, providing a menu and two-column layout. Nothing fancy. However, putting the event handler either in the layout component or in my start page both cause the error. I was just thinking the layout component changes how T5 processes the request, perhaps. The stack trace is displayed in the web browser as a Tomcat exception, not a nice Tapestry exception. Ok. That means you get the exception when the page already is redirected. Can you confirm that? The URL appears to be before the redirect, it's /myapp/ start.layout.logout Is that what you were asking? Norman Franke Answering Service for Directors, Inc. www.myasd.com
Re: tapestry-spring-security-2.1.0 logout issue
Norman Franke schrieb:
The demo/sample app did work fine, but my non-trivial app fails unless
I add the explicit session.invalidate() call in my event handler. I
have no super classes, but I do use a layout component. It's rather
trivial, providing a menu and two-column layout. Nothing fancy.
However, putting the event handler either in the layout component or
in my start page both cause the error. I was just thinking the layout
component changes how T5 processes the request, perhaps.
The stack trace is displayed in the web browser as a Tomcat exception,
not a nice Tapestry exception.
Ok. That means you get the exception when the page already is
redirected. Can you confirm that?
/M
Norman Franke
Answering Service for Directors, Inc.
www.myasd.com
On Aug 12, 2009, at 11:51 AM, Michael Gerzabek wrote:
So. What does this mean?
Did the sample work for you - I mean without getting an exception?
And if yes, what project layout (Layout components, super classes,
etc.) do you use that gives the exception you mention? Where does the
stacktrace exactly come from?
Michael
Norman Franke schrieb:
I didn't when I ran the demo. Maybe one needs a layout component?
Norman Franke
Answering Service for Directors, Inc.
www.myasd.com
On Aug 12, 2009, at 4:07 AM, Michael Gerzabek wrote:
Why do I not get the exception?
I'm testing with tapestry-spring-security-sample application at [1].
Michael
[1] http://www.localhost.nu/svn/public/tapestry-spring-security-sample
Norman Franke schrieb:
On Aug 11, 2009, at 5:20 PM, Robin Helgelin wrote:
On Tue, Aug 11, 2009 at 17:46, Norman Franke
wrote:
The JavaDoc on org.apache.tapestry5.service.Request states that
"getSession(false)" should return NULL if the session is
invalidated. This
is not happening, it returns the invalidated session.
I think this is because tapestry-spring-security is using the
HttpServletRequest and thus the HttpSession instead of the
Tapestry Sesssion
in LogoutServiceImpl. Invalidating the HttpSession does NOT
invalidate the
Tapestry session causing all sorts of issues. If I invalidate
the Tapestry
session first, then call logoutService.logout() it seems to work.
Can this be fixed in tapestry-spring-service?
Sure, if we can work out the proper way to solve this. If I
understand
you, the logoutService invalidates the HttpSession, which makes
Tapestry session throw an exception?
Currently the LogoutService logs out the following two cases:
public static void contributeLogoutService(
final OrderedConfiguration cfg,
@InjectService("RememberMeLogoutHandler")
final LogoutHandler rememberMeLogoutHandler) {
cfg.add("securityContextLogoutHandler",
new SecurityContextLogoutHandler());
cfg.add("rememberMeLogoutHandler", rememberMeLogoutHandler);
}
My guess is that one probably should add a tapestry logout handler,
which should invalidate the tapestry session?, but I'm not sure
whether this should be default or up to the user. But if the
LogoutService is unusable without the tapestry logout handler I
guess
it's of use be default :)
--
regards,
Robin
I think it should be the default, since one is using it with
Tapestry, after all, and invalidating the HttpSession really does
confuse Tapestry, making logoutService rather useless.
Norman Franke
Answering Service for Directors, Inc.
www.myasd.com
-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
Re: tapestry-spring-security-2.1.0 logout issue
The demo/sample app did work fine, but my non-trivial app fails unless
I add the explicit session.invalidate() call in my event handler. I
have no super classes, but I do use a layout component. It's rather
trivial, providing a menu and two-column layout. Nothing fancy.
However, putting the event handler either in the layout component or
in my start page both cause the error. I was just thinking the layout
component changes how T5 processes the request, perhaps.
The stack trace is displayed in the web browser as a Tomcat exception,
not a nice Tapestry exception.
Norman Franke
Answering Service for Directors, Inc.
www.myasd.com
On Aug 12, 2009, at 11:51 AM, Michael Gerzabek wrote:
So. What does this mean?
Did the sample work for you - I mean without getting an exception?
And if yes, what project layout (Layout components, super classes,
etc.) do you use that gives the exception you mention? Where does
the stacktrace exactly come from?
Michael
Norman Franke schrieb:
I didn't when I ran the demo. Maybe one needs a layout component?
Norman Franke
Answering Service for Directors, Inc.
www.myasd.com
On Aug 12, 2009, at 4:07 AM, Michael Gerzabek wrote:
Why do I not get the exception?
I'm testing with tapestry-spring-security-sample application at [1].
Michael
[1] http://www.localhost.nu/svn/public/tapestry-spring-security-sample
Norman Franke schrieb:
On Aug 11, 2009, at 5:20 PM, Robin Helgelin wrote:
On Tue, Aug 11, 2009 at 17:46, Norman Franke
wrote:
The JavaDoc on org.apache.tapestry5.service.Request states that
"getSession(false)" should return NULL if the session is
invalidated. This
is not happening, it returns the invalidated session.
I think this is because tapestry-spring-security is using the
HttpServletRequest and thus the HttpSession instead of the
Tapestry Sesssion
in LogoutServiceImpl. Invalidating the HttpSession does NOT
invalidate the
Tapestry session causing all sorts of issues. If I invalidate
the Tapestry
session first, then call logoutService.logout() it seems to work.
Can this be fixed in tapestry-spring-service?
Sure, if we can work out the proper way to solve this. If I
understand
you, the logoutService invalidates the HttpSession, which makes
Tapestry session throw an exception?
Currently the LogoutService logs out the following two cases:
public static void contributeLogoutService(
final OrderedConfiguration cfg,
@InjectService("RememberMeLogoutHandler")
final LogoutHandler rememberMeLogoutHandler) {
cfg.add("securityContextLogoutHandler",
new SecurityContextLogoutHandler());
cfg.add("rememberMeLogoutHandler", rememberMeLogoutHandler);
}
My guess is that one probably should add a tapestry logout
handler,
which should invalidate the tapestry session?, but I'm not sure
whether this should be default or up to the user. But if the
LogoutService is unusable without the tapestry logout handler I
guess
it's of use be default :)
--
regards,
Robin
I think it should be the default, since one is using it with
Tapestry, after all, and invalidating the HttpSession really does
confuse Tapestry, making logoutService rather useless.
Norman Franke
Answering Service for Directors, Inc.
www.myasd.com
-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
Re: tapestry-spring-security-2.1.0 logout issue
So. What does this mean?
Did the sample work for you - I mean without getting an exception?
And if yes, what project layout (Layout components, super classes, etc.)
do you use that gives the exception you mention? Where does the
stacktrace exactly come from?
Michael
Norman Franke schrieb:
I didn't when I ran the demo. Maybe one needs a layout component?
Norman Franke
Answering Service for Directors, Inc.
www.myasd.com
On Aug 12, 2009, at 4:07 AM, Michael Gerzabek wrote:
Why do I not get the exception?
I'm testing with tapestry-spring-security-sample application at [1].
Michael
[1] http://www.localhost.nu/svn/public/tapestry-spring-security-sample
Norman Franke schrieb:
On Aug 11, 2009, at 5:20 PM, Robin Helgelin wrote:
On Tue, Aug 11, 2009 at 17:46, Norman Franke wrote:
The JavaDoc on org.apache.tapestry5.service.Request states that
"getSession(false)" should return NULL if the session is
invalidated. This
is not happening, it returns the invalidated session.
I think this is because tapestry-spring-security is using the
HttpServletRequest and thus the HttpSession instead of the
Tapestry Sesssion
in LogoutServiceImpl. Invalidating the HttpSession does NOT
invalidate the
Tapestry session causing all sorts of issues. If I invalidate the
Tapestry
session first, then call logoutService.logout() it seems to work.
Can this be fixed in tapestry-spring-service?
Sure, if we can work out the proper way to solve this. If I understand
you, the logoutService invalidates the HttpSession, which makes
Tapestry session throw an exception?
Currently the LogoutService logs out the following two cases:
public static void contributeLogoutService(
final OrderedConfiguration cfg,
@InjectService("RememberMeLogoutHandler")
final LogoutHandler rememberMeLogoutHandler) {
cfg.add("securityContextLogoutHandler",
new SecurityContextLogoutHandler());
cfg.add("rememberMeLogoutHandler", rememberMeLogoutHandler);
}
My guess is that one probably should add a tapestry logout handler,
which should invalidate the tapestry session?, but I'm not sure
whether this should be default or up to the user. But if the
LogoutService is unusable without the tapestry logout handler I guess
it's of use be default :)
--
regards,
Robin
I think it should be the default, since one is using it with
Tapestry, after all, and invalidating the HttpSession really does
confuse Tapestry, making logoutService rather useless.
Norman Franke
Answering Service for Directors, Inc.
www.myasd.com
-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
Re: tapestry-spring-security-2.1.0 logout issue
I didn't when I ran the demo. Maybe one needs a layout component?
Norman Franke
Answering Service for Directors, Inc.
www.myasd.com
On Aug 12, 2009, at 4:07 AM, Michael Gerzabek wrote:
Why do I not get the exception?
I'm testing with tapestry-spring-security-sample application at [1].
Michael
[1] http://www.localhost.nu/svn/public/tapestry-spring-security-sample
Norman Franke schrieb:
On Aug 11, 2009, at 5:20 PM, Robin Helgelin wrote:
On Tue, Aug 11, 2009 at 17:46, Norman Franke
wrote:
The JavaDoc on org.apache.tapestry5.service.Request states that
"getSession(false)" should return NULL if the session is
invalidated. This
is not happening, it returns the invalidated session.
I think this is because tapestry-spring-security is using the
HttpServletRequest and thus the HttpSession instead of the
Tapestry Sesssion
in LogoutServiceImpl. Invalidating the HttpSession does NOT
invalidate the
Tapestry session causing all sorts of issues. If I invalidate the
Tapestry
session first, then call logoutService.logout() it seems to work.
Can this be fixed in tapestry-spring-service?
Sure, if we can work out the proper way to solve this. If I
understand
you, the logoutService invalidates the HttpSession, which makes
Tapestry session throw an exception?
Currently the LogoutService logs out the following two cases:
public static void contributeLogoutService(
final OrderedConfiguration cfg,
@InjectService("RememberMeLogoutHandler")
final LogoutHandler rememberMeLogoutHandler) {
cfg.add("securityContextLogoutHandler",
new SecurityContextLogoutHandler());
cfg.add("rememberMeLogoutHandler", rememberMeLogoutHandler);
}
My guess is that one probably should add a tapestry logout handler,
which should invalidate the tapestry session?, but I'm not sure
whether this should be default or up to the user. But if the
LogoutService is unusable without the tapestry logout handler I
guess
it's of use be default :)
--
regards,
Robin
I think it should be the default, since one is using it with
Tapestry, after all, and invalidating the HttpSession really does
confuse Tapestry, making logoutService rather useless.
Norman Franke
Answering Service for Directors, Inc.
www.myasd.com
-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
Re: tapestry-spring-security-2.1.0 logout issue
Dear Norman, dear Robin,
I can confirm this issue as well as the workaround Norman proposed. I also got
the same exception which Norman already mentioned and adding a tapestry session
invalidate call like this :
@OnEvent(component = "logout")
public void doLogout() {
request.getSession(false).invalidate();
logoutService.logout();
}
solved the issue for me as well. Hence +1 for invalidating tapestry session by
default ...
with best regards
Andreas
Original-Nachricht
> Datum: Tue, 11 Aug 2009 11:46:53 -0400
> Von: Norman Franke
> An: "Tapestry users"
> Betreff: Re: tapestry-spring-security-2.1.0 logout issue
> The JavaDoc on org.apache.tapestry5.service.Request states that
> "getSession(false)" should return NULL if the session is invalidated.
> This is not happening, it returns the invalidated session.
>
> I think this is because tapestry-spring-security is using the
> HttpServletRequest and thus the HttpSession instead of the Tapestry
> Sesssion in LogoutServiceImpl. Invalidating the HttpSession does NOT
> invalidate the Tapestry session causing all sorts of issues. If I
> invalidate the Tapestry session first, then call
> logoutService.logout() it seems to work.
>
> Can this be fixed in tapestry-spring-service?
>
> Norman Franke
> Answering Service for Directors, Inc.
> www.myasd.com
>
>
>
> On Aug 10, 2009, at 6:58 PM, Norman Franke wrote:
>
> > When I try to logout via tapestry-spring-security-2.1.0 (as in the
> > example, logoutService.logout() in my event handler for the logout
> > link), I get this error all the time:
> >
> > How can I logout without error and go back to the main page?
> > java.lang.IllegalStateException: setAttribute: Session already
> > invalidated
> >
> > org
> > .apache
> > .catalina.session.StandardSession.setAttribute(StandardSession.java:
> > 1291)
> >
> > org
> > .apache
> > .catalina.session.StandardSession.setAttribute(StandardSession.java:
> > 1256)
> >
> > org
> > .apache
> > .catalina
> > .session
> > .StandardSessionFacade.setAttribute(StandardSessionFacade.java:130)
> >
> > org
> > .apache
> > .tapestry5
> > .internal.services.SessionImpl.restoreDirtyObjects(SessionImpl.java:
> > 129)
> >
> > org
> > .apache
> > .tapestry5
> > .internal
> > .services
> > .RestoreDirtySessionObjects
> > .requestDidComplete(RestoreDirtySessionObjects.java:38)
> >
> > org
> > .apache
> > .tapestry5
> > .internal
> > .services
> > .EndOfRequestEventHubImpl.fire(EndOfRequestEventHubImpl.java:40)
> >
> > $
> > EndOfRequestEventHub_1230686f209
> > .fire($EndOfRequestEventHub_1230686f209.java)
> > org.apache.tapestry5.services.TapestryModule
> > $4.service(TapestryModule.java:782)
> > $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java)
> > org.apache.tapestry5.services.TapestryModule
> > $3.service(TapestryModule.java:767)
> > $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java)
> >
> > org
> > .apache
> > .tapestry5
> > .internal.services.StaticFilesFilter.service(StaticFilesFilter.java:
> > 85)
> > $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java)
> > org.apache.tapestry5.internal.services.CheckForUpdatesFilter
> > $2.invoke(CheckForUpdatesFilter.java:90)
> > org.apache.tapestry5.internal.services.CheckForUpdatesFilter
> > $2.invoke(CheckForUpdatesFilter.java:81)
> >
> > org
> > .apache
> > .tapestry5
> > .ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java:
> > 85)
> >
> > org
> > .apache
> > .tapestry5
> > .internal
> > .services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java:
> > 103)
> > $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java)
> > $RequestHandler_1230686f221.service($RequestHandler_1230686f221.java)
> > org.apache.tapestry5.services.TapestryModule
> > $HttpServletRequestHandlerTerminator.service(TapestryModule.java:197)
> >
> > org
> > .apache.tapestry5.internal.gzip.GZipFilter.service(GZipFilter.java:53)
> >
> > $
> > HttpServletRequestHandler_1230686f223
> > .service($HttpServletRequestHandler_1230686f223.java)
> >
> > org
>
Re: tapestry-spring-security-2.1.0 logout issue
Why do I not get the exception?
I'm testing with tapestry-spring-security-sample application at [1].
Michael
[1] http://www.localhost.nu/svn/public/tapestry-spring-security-sample
Norman Franke schrieb:
On Aug 11, 2009, at 5:20 PM, Robin Helgelin wrote:
On Tue, Aug 11, 2009 at 17:46, Norman Franke wrote:
The JavaDoc on org.apache.tapestry5.service.Request states that
"getSession(false)" should return NULL if the session is
invalidated. This
is not happening, it returns the invalidated session.
I think this is because tapestry-spring-security is using the
HttpServletRequest and thus the HttpSession instead of the Tapestry
Sesssion
in LogoutServiceImpl. Invalidating the HttpSession does NOT
invalidate the
Tapestry session causing all sorts of issues. If I invalidate the
Tapestry
session first, then call logoutService.logout() it seems to work.
Can this be fixed in tapestry-spring-service?
Sure, if we can work out the proper way to solve this. If I understand
you, the logoutService invalidates the HttpSession, which makes
Tapestry session throw an exception?
Currently the LogoutService logs out the following two cases:
public static void contributeLogoutService(
final OrderedConfiguration cfg,
@InjectService("RememberMeLogoutHandler")
final LogoutHandler rememberMeLogoutHandler) {
cfg.add("securityContextLogoutHandler",
new SecurityContextLogoutHandler());
cfg.add("rememberMeLogoutHandler", rememberMeLogoutHandler);
}
My guess is that one probably should add a tapestry logout handler,
which should invalidate the tapestry session?, but I'm not sure
whether this should be default or up to the user. But if the
LogoutService is unusable without the tapestry logout handler I guess
it's of use be default :)
--
regards,
Robin
I think it should be the default, since one is using it with Tapestry,
after all, and invalidating the HttpSession really does confuse
Tapestry, making logoutService rather useless.
Norman Franke
Answering Service for Directors, Inc.
www.myasd.com
-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
Re: tapestry-spring-security-2.1.0 logout issue
On Aug 11, 2009, at 5:20 PM, Robin Helgelin wrote:
On Tue, Aug 11, 2009 at 17:46, Norman Franke wrote:
The JavaDoc on org.apache.tapestry5.service.Request states that
"getSession(false)" should return NULL if the session is
invalidated. This
is not happening, it returns the invalidated session.
I think this is because tapestry-spring-security is using the
HttpServletRequest and thus the HttpSession instead of the Tapestry
Sesssion
in LogoutServiceImpl. Invalidating the HttpSession does NOT
invalidate the
Tapestry session causing all sorts of issues. If I invalidate the
Tapestry
session first, then call logoutService.logout() it seems to work.
Can this be fixed in tapestry-spring-service?
Sure, if we can work out the proper way to solve this. If I understand
you, the logoutService invalidates the HttpSession, which makes
Tapestry session throw an exception?
Currently the LogoutService logs out the following two cases:
public static void contributeLogoutService(
final OrderedConfiguration cfg,
@InjectService("RememberMeLogoutHandler")
final LogoutHandler rememberMeLogoutHandler) {
cfg.add("securityContextLogoutHandler",
new SecurityContextLogoutHandler());
cfg.add("rememberMeLogoutHandler", rememberMeLogoutHandler);
}
My guess is that one probably should add a tapestry logout handler,
which should invalidate the tapestry session?, but I'm not sure
whether this should be default or up to the user. But if the
LogoutService is unusable without the tapestry logout handler I guess
it's of use be default :)
--
regards,
Robin
I think it should be the default, since one is using it with Tapestry,
after all, and invalidating the HttpSession really does confuse
Tapestry, making logoutService rather useless.
Norman Franke
Answering Service for Directors, Inc.
www.myasd.com
Re: tapestry-spring-security-2.1.0 logout issue
On Tue, Aug 11, 2009 at 17:46, Norman Franke wrote:
> The JavaDoc on org.apache.tapestry5.service.Request states that
> "getSession(false)" should return NULL if the session is invalidated. This
> is not happening, it returns the invalidated session.
>
> I think this is because tapestry-spring-security is using the
> HttpServletRequest and thus the HttpSession instead of the Tapestry Sesssion
> in LogoutServiceImpl. Invalidating the HttpSession does NOT invalidate the
> Tapestry session causing all sorts of issues. If I invalidate the Tapestry
> session first, then call logoutService.logout() it seems to work.
>
> Can this be fixed in tapestry-spring-service?
Sure, if we can work out the proper way to solve this. If I understand
you, the logoutService invalidates the HttpSession, which makes
Tapestry session throw an exception?
Currently the LogoutService logs out the following two cases:
public static void contributeLogoutService(
final OrderedConfiguration cfg,
@InjectService("RememberMeLogoutHandler")
final LogoutHandler rememberMeLogoutHandler) {
cfg.add("securityContextLogoutHandler",
new SecurityContextLogoutHandler());
cfg.add("rememberMeLogoutHandler", rememberMeLogoutHandler);
}
My guess is that one probably should add a tapestry logout handler,
which should invalidate the tapestry session?, but I'm not sure
whether this should be default or up to the user. But if the
LogoutService is unusable without the tapestry logout handler I guess
it's of use be default :)
--
regards,
Robin
-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
Re: tapestry-spring-security-2.1.0 logout issue
The JavaDoc on org.apache.tapestry5.service.Request states that "getSession(false)" should return NULL if the session is invalidated. This is not happening, it returns the invalidated session. I think this is because tapestry-spring-security is using the HttpServletRequest and thus the HttpSession instead of the Tapestry Sesssion in LogoutServiceImpl. Invalidating the HttpSession does NOT invalidate the Tapestry session causing all sorts of issues. If I invalidate the Tapestry session first, then call logoutService.logout() it seems to work. Can this be fixed in tapestry-spring-service? Norman Franke Answering Service for Directors, Inc. www.myasd.com On Aug 10, 2009, at 6:58 PM, Norman Franke wrote: When I try to logout via tapestry-spring-security-2.1.0 (as in the example, logoutService.logout() in my event handler for the logout link), I get this error all the time: How can I logout without error and go back to the main page? java.lang.IllegalStateException: setAttribute: Session already invalidated org .apache .catalina.session.StandardSession.setAttribute(StandardSession.java: 1291) org .apache .catalina.session.StandardSession.setAttribute(StandardSession.java: 1256) org .apache .catalina .session .StandardSessionFacade.setAttribute(StandardSessionFacade.java:130) org .apache .tapestry5 .internal.services.SessionImpl.restoreDirtyObjects(SessionImpl.java: 129) org .apache .tapestry5 .internal .services .RestoreDirtySessionObjects .requestDidComplete(RestoreDirtySessionObjects.java:38) org .apache .tapestry5 .internal .services .EndOfRequestEventHubImpl.fire(EndOfRequestEventHubImpl.java:40) $ EndOfRequestEventHub_1230686f209 .fire($EndOfRequestEventHub_1230686f209.java) org.apache.tapestry5.services.TapestryModule $4.service(TapestryModule.java:782) $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java) org.apache.tapestry5.services.TapestryModule $3.service(TapestryModule.java:767) $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java) org .apache .tapestry5 .internal.services.StaticFilesFilter.service(StaticFilesFilter.java: 85) $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java) org.apache.tapestry5.internal.services.CheckForUpdatesFilter $2.invoke(CheckForUpdatesFilter.java:90) org.apache.tapestry5.internal.services.CheckForUpdatesFilter $2.invoke(CheckForUpdatesFilter.java:81) org .apache .tapestry5 .ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java: 85) org .apache .tapestry5 .internal .services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java: 103) $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java) $RequestHandler_1230686f221.service($RequestHandler_1230686f221.java) org.apache.tapestry5.services.TapestryModule $HttpServletRequestHandlerTerminator.service(TapestryModule.java:197) org .apache.tapestry5.internal.gzip.GZipFilter.service(GZipFilter.java:53) $ HttpServletRequestHandler_1230686f223 .service($HttpServletRequestHandler_1230686f223.java) org .apache .tapestry5 .internal .services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62) $ HttpServletRequestFilter_1230686f220 .service($HttpServletRequestFilter_1230686f220.java) $ HttpServletRequestHandler_1230686f223 .service($HttpServletRequestHandler_1230686f223.java) nu .localhost .tapestry5 .springsecurity.services.internal.HttpServletRequestFilterWrapper $1.doFilter(HttpServletRequestFilterWrapper.java:56) org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke (FilterSecurityInterceptor.java:109) org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter (FilterSecurityInterceptor.java:83) nu .localhost .tapestry5 .springsecurity .services .internal .HttpServletRequestFilterWrapper .service(HttpServletRequestFilterWrapper.java:52) $ HttpServletRequestFilter_1230686f21d .service($HttpServletRequestFilter_1230686f21d.java) $ HttpServletRequestHandler_1230686f223 .service($HttpServletRequestHandler_1230686f223.java) nu .localhost .tapestry5 .springsecurity.services.internal.HttpServletRequestFilterWrapper $1.doFilter(HttpServletRequestFilterWrapper.java:56) nu .localhost .tapestry5 .springsecurity .services .internal .SpringSecurityExceptionTranslationFilter .doFilterHttp(SpringSecurityExceptionTranslationFilter.java:100) org .springframework .security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java: 53) nu .localhost .tapestry5 .springsecurity .services .internal .HttpServletRequestFilterWrapper .service(HttpServletRequestFilterWrapper.java:52) $ HttpServletRequestHandler_1230686f223 .service($HttpServletRequestHandler_1230686f223.java) nu .localhost .tapestry5 .springsecurity.services.internal.HttpServletRequestFilterWrapper $1.doFilter(HttpSe
tapestry-spring-security-2.1.0 logout issue
When I try to logout via tapestry-spring-security-2.1.0 (as in the example, logoutService.logout() in my event handler for the logout link), I get this error all the time: How can I logout without error and go back to the main page? java.lang.IllegalStateException: setAttribute: Session already invalidated org .apache .catalina.session.StandardSession.setAttribute(StandardSession.java: 1291) org .apache .catalina.session.StandardSession.setAttribute(StandardSession.java: 1256) org .apache .catalina .session.StandardSessionFacade.setAttribute(StandardSessionFacade.java: 130) org .apache .tapestry5 .internal.services.SessionImpl.restoreDirtyObjects(SessionImpl.java:129) org .apache .tapestry5 .internal .services .RestoreDirtySessionObjects .requestDidComplete(RestoreDirtySessionObjects.java:38) org .apache .tapestry5 .internal .services.EndOfRequestEventHubImpl.fire(EndOfRequestEventHubImpl.java: 40) $ EndOfRequestEventHub_1230686f209 .fire($EndOfRequestEventHub_1230686f209.java) org.apache.tapestry5.services.TapestryModule $4.service(TapestryModule.java:782) $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java) org.apache.tapestry5.services.TapestryModule $3.service(TapestryModule.java:767) $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java) org .apache .tapestry5 .internal.services.StaticFilesFilter.service(StaticFilesFilter.java:85) $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java) org.apache.tapestry5.internal.services.CheckForUpdatesFilter $2.invoke(CheckForUpdatesFilter.java:90) org.apache.tapestry5.internal.services.CheckForUpdatesFilter $2.invoke(CheckForUpdatesFilter.java:81) org .apache .tapestry5 .ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java:85) org .apache .tapestry5 .internal .services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java:103) $RequestHandler_1230686f22e.service($RequestHandler_1230686f22e.java) $RequestHandler_1230686f221.service($RequestHandler_1230686f221.java) org.apache.tapestry5.services.TapestryModule $HttpServletRequestHandlerTerminator.service(TapestryModule.java:197) org.apache.tapestry5.internal.gzip.GZipFilter.service(GZipFilter.java: 53) $ HttpServletRequestHandler_1230686f223 .service($HttpServletRequestHandler_1230686f223.java) org .apache .tapestry5 .internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java: 62) $ HttpServletRequestFilter_1230686f220 .service($HttpServletRequestFilter_1230686f220.java) $ HttpServletRequestHandler_1230686f223 .service($HttpServletRequestHandler_1230686f223.java) nu .localhost .tapestry5 .springsecurity.services.internal.HttpServletRequestFilterWrapper $1.doFilter(HttpServletRequestFilterWrapper.java:56) org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke (FilterSecurityInterceptor.java:109) org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter (FilterSecurityInterceptor.java:83) nu .localhost .tapestry5 .springsecurity .services .internal .HttpServletRequestFilterWrapper .service(HttpServletRequestFilterWrapper.java:52) $ HttpServletRequestFilter_1230686f21d .service($HttpServletRequestFilter_1230686f21d.java) $ HttpServletRequestHandler_1230686f223 .service($HttpServletRequestHandler_1230686f223.java) nu .localhost .tapestry5 .springsecurity.services.internal.HttpServletRequestFilterWrapper $1.doFilter(HttpServletRequestFilterWrapper.java:56) nu .localhost .tapestry5 .springsecurity .services .internal .SpringSecurityExceptionTranslationFilter .doFilterHttp(SpringSecurityExceptionTranslationFilter.java:100) org .springframework .security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) nu .localhost .tapestry5 .springsecurity .services .internal .HttpServletRequestFilterWrapper .service(HttpServletRequestFilterWrapper.java:52) $ HttpServletRequestHandler_1230686f223 .service($HttpServletRequestHandler_1230686f223.java) nu .localhost .tapestry5 .springsecurity.services.internal.HttpServletRequestFilterWrapper $1.doFilter(HttpServletRequestFilterWrapper.java:56) org .springframework .security .providers .anonymous .AnonymousProcessingFilter.doFilterHttp(AnonymousProcessingFilter.java: 105) org .springframework .security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) nu .localhost .tapestry5 .springsecurity .services .internal .HttpServletRequestFilterWrapper .service(HttpServletRequestFilterWrapper.java:52) $ HttpServletRequestFilter_1230686f21c .service($HttpServletRequestFilter_1230686f21c.java) $ HttpServletRequestHandler_1230686f223 .service($HttpServletRequestHandler_1230686f223.java) nu .localhost .tapestry5 .springsecurity.services.internal.HttpServletRequestFilterWrapper $1.doFilter(HttpServletR
