Fix #176 Server does not delete sessions on logout Project: http://git-wip-us.apache.org/repos/asf/incubator-wave/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-wave/commit/55719984 Tree: http://git-wip-us.apache.org/repos/asf/incubator-wave/tree/55719984 Diff: http://git-wip-us.apache.org/repos/asf/incubator-wave/diff/55719984
Branch: refs/heads/swellrt Commit: 55719984b7be46a24a4e5bc92c2c314d6d67a179 Parents: a447ec9 Author: Pablo Ojanguren <[email protected]> Authored: Sat Sep 3 18:11:39 2016 +0200 Committer: Pablo Ojanguren <[email protected]> Committed: Wed Sep 7 10:52:15 2016 +0200 ---------------------------------------------------------------------- .../box/servlet/AuthenticationService.java | 40 ++++++++++---------- .../authentication/SessionManagerImpl.java | 5 +-- 2 files changed, 21 insertions(+), 24 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-wave/blob/55719984/wave/src/main/java/org/swellrt/server/box/servlet/AuthenticationService.java ---------------------------------------------------------------------- diff --git a/wave/src/main/java/org/swellrt/server/box/servlet/AuthenticationService.java b/wave/src/main/java/org/swellrt/server/box/servlet/AuthenticationService.java index f4c0201..14d0370 100644 --- a/wave/src/main/java/org/swellrt/server/box/servlet/AuthenticationService.java +++ b/wave/src/main/java/org/swellrt/server/box/servlet/AuthenticationService.java @@ -1,23 +1,5 @@ package org.swellrt.server.box.servlet; -import com.google.common.base.Preconditions; -import com.google.gson.JsonParseException; -import com.google.inject.Inject; -import com.google.inject.name.Named; -import com.typesafe.config.Config; - -import org.apache.commons.io.IOUtils; -import org.waveprotocol.box.server.authentication.HttpRequestBasedCallbackHandler; -import org.waveprotocol.box.server.authentication.ParticipantPrincipal; -import org.waveprotocol.box.server.authentication.SessionManager; -import org.waveprotocol.box.server.persistence.AccountStore; -import org.waveprotocol.box.server.persistence.PersistenceException; -import org.waveprotocol.box.server.util.RegistrationUtil; -import org.waveprotocol.wave.model.id.WaveIdentifiers; -import org.waveprotocol.wave.model.wave.InvalidParticipantAddress; -import org.waveprotocol.wave.model.wave.ParticipantId; -import org.waveprotocol.wave.util.logging.Log; - import java.io.IOException; import java.io.StringWriter; import java.io.UnsupportedEncodingException; @@ -39,6 +21,23 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import org.apache.commons.io.IOUtils; +import org.waveprotocol.box.server.authentication.HttpRequestBasedCallbackHandler; +import org.waveprotocol.box.server.authentication.ParticipantPrincipal; +import org.waveprotocol.box.server.authentication.SessionManager; +import org.waveprotocol.box.server.persistence.AccountStore; +import org.waveprotocol.box.server.persistence.PersistenceException; +import org.waveprotocol.box.server.util.RegistrationUtil; +import org.waveprotocol.wave.model.id.WaveIdentifiers; +import org.waveprotocol.wave.model.wave.InvalidParticipantAddress; +import org.waveprotocol.wave.model.wave.ParticipantId; +import org.waveprotocol.wave.util.logging.Log; + +import com.google.common.base.Preconditions; +import com.google.gson.JsonParseException; +import com.google.inject.Inject; +import com.typesafe.config.Config; + /** * A servlet for authenticating a user's password and giving them a token via a * cookie. @@ -233,7 +232,7 @@ public class AuthenticationService extends BaseService { } else if (!authData.isParsedField("id") || !authData.isParsedField("password")) { - // Don't throw error, close the current session if it exists + // Nothing to do here, close session later } else { sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, RC_MISSING_PARAMETER); return; @@ -252,8 +251,7 @@ public class AuthenticationService extends BaseService { if (context != null) context.logout(); } catch (LoginException e) { - // Logout failed. Absorb the error, since we're about to throw an - // illegal state exception anyway. + LOG.info("An error ocurred during logout request", e); } sendResponse(resp, new AuthenticationServiceData("SESSION_CLOSED")); http://git-wip-us.apache.org/repos/asf/incubator-wave/blob/55719984/wave/src/main/java/org/waveprotocol/box/server/authentication/SessionManagerImpl.java ---------------------------------------------------------------------- diff --git a/wave/src/main/java/org/waveprotocol/box/server/authentication/SessionManagerImpl.java b/wave/src/main/java/org/waveprotocol/box/server/authentication/SessionManagerImpl.java index 60541be..fe7622f 100644 --- a/wave/src/main/java/org/waveprotocol/box/server/authentication/SessionManagerImpl.java +++ b/wave/src/main/java/org/waveprotocol/box/server/authentication/SessionManagerImpl.java @@ -124,8 +124,6 @@ public final class SessionManagerImpl implements SessionManager { @Override public void logout(HttpSession session) { - if (session != null) { - String windowId = null; if (session instanceof HttpWindowSession) { HttpWindowSession wSession = (HttpWindowSession) session; @@ -138,7 +136,8 @@ public final class SessionManagerImpl implements SessionManager { session.removeAttribute(USER_FIELD + "_" + windowId); else session.removeAttribute(USER_FIELD); - } + + session.invalidate(); } @Override
