You do not need to return the same instance but you do need to return
an instance of the same class. Swarm does not keep your original
logincontext anywhere, rather it keeps some sort of hash around.
logging off with a new instance of the same class will produce the
same hash. For that purpose most logincontexts have 2 constructors:
one with arguments, so the user can be authenticated. and a no-arg
constructor you can use when logging off.
Maurice
On Mon, Jun 30, 2008 at 4:29 PM, David R Robison
<[EMAIL PROTECTED]> wrote:
> Thanks for the quick reply. In the code, do I need to keep around my
> original LoginContext and return it with getLogoffContext() call or does it
> not matter what Login Context I send to logoff? If so, is the current
> LogonContext saved somewhere in wicket already?
> Thanks, David
>
> Maurice Marrink wrote:
>>
>> You have to realize that both swarm and acegi keep a copy of the
>> logged in user. So you have to logoff at 2 places.
>> You could use a logoff page but imo it would be better to do the
>> logging off in the link itself. Something like:
>> Link logoff = new Link("logoff")
>> {
>>
>> private static final long serialVersionUID = 1L;
>>
>> public void onClick()
>> {
>> WaspSession waspSession =
>> ((WaspSession)getSession());
>> if (waspSession.logoff(getLogoffContext()))
>> {
>>
>> SecurityContextHolder.getContext().setAuthentication(null);
>> // homepage is not allowed anymore
>> so we end up at the loginpage
>>
>> setResponsePage(Application.get().getHomePage());
>>
>> }
>> else
>> error("A problem occured during the
>> logoff process, please try
>> again or contact support");
>> }
>> };
>> add(logoff);
>>
>> By placing this link on your basepage all pages extending from
>> basepage will have a logoff button.
>>
>> Maurice
>> On Mon, Jun 30, 2008 at 4:10 PM, David R Robison
>> <[EMAIL PROTECTED]> wrote:
>>
>>>
>>> I am using Swarm with Acegi integration. Authentication and authorization
>>> work fine, but I am having trouble logging out. I use a link to a Logout
>>> class that implements the following code to log the user out.
>>> public class LoggedOutPage extends SecureWebPage {
>>> private static final long serialVersionUID = 1L;
>>>
>>> /**
>>> * Constructor.
>>> */
>>> public LoggedOutPage() {
>>> super();
>>> logout();
>>> setResponsePage(MainPage.class);
>>> }
>>> /**
>>> * log the user out.
>>> */
>>> public void logout() {
>>> SecurityContextHolder.getContext().setAuthentication(null);
>>> WebRequest webRequest = (WebRequest)getRequest();
>>> webRequest.getHttpServletRequest().getSession().invalidate();
>>> }
>>> }
>>>
>>> However, when I am redirected to the MainPage.class, the user is not
>>> asked
>>> to login again and the class throws a null pointer error when it tries to
>>> access the logged in user. Am I doing something wrong?
>>> Thanks, David
>>>
>>> --
>>>
>>> David R Robison
>>> Open Roads Consulting, Inc.
>>> 708 S. Battlefield Blvd., Chesapeake, VA 23322
>>> phone: (757) 546-3401
>>> e-mail: [EMAIL PROTECTED]
>>> web: http://openroadsconsulting.com
>>> blog: http://therobe.blogspot.com
>>> book: http://www.xulonpress.com/book_detail.php?id=2579
>>>
>>> This e-mail communication (including any attachments) may contain
>>> confidential and/or privileged material intended solely for the
>>> individual
>>> or entity to which it is addressed. If you are not the intended
>>> recipient,
>>> you should immediately stop reading this message and delete it from all
>>> computers that it resides on. Any unauthorized reading, distribution,
>>> copying or other use of this communication (or its attachments) is
>>> strictly
>>> prohibited. If you have received this communication in error, please
>>> notify
>>> us immediately.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
> --
>
> David R Robison
> Open Roads Consulting, Inc.
> 708 S. Battlefield Blvd., Chesapeake, VA 23322
> phone: (757) 546-3401
> e-mail: [EMAIL PROTECTED]
> web: http://openroadsconsulting.com
> blog: http://therobe.blogspot.com
> book: http://www.xulonpress.com/book_detail.php?id=2579
>
> This e-mail communication (including any attachments) may contain
> confidential and/or privileged material intended solely for the individual
> or entity to which it is addressed. If you are not the intended recipient,
> you should immediately stop reading this message and delete it from all
> computers that it resides on. Any unauthorized reading, distribution,
> copying or other use of this communication (or its attachments) is strictly
> prohibited. If you have received this communication in error, please notify
> us immediately.
>
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
