Tynamo
  1. Tynamo
  2. TYNAMO-155

Authorization cache is not cleared at logout

    Details

    • Type: Bug Bug
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: security-0.4.4
    • Fix Version/s: security-0.4.5
    • Component/s: security
    • Labels:
    • Environment:
      Tapestry 5.3.3
    • Number of attachments :
      0

      Description

      Method onLogout() in AuthorizingRealm is never called, because a proxy for org.tynamo.security.internal.ModularRealmAuthenticator is not passes instanceof condition in
      DefaultSecurityManager.logout(...):
      ...
      Authenticator authc = getAuthenticator();
      if (authc instanceof LogoutAware)

      { ((LogoutAware) authc).onLogout(principals); }

      ...

        Activity

        Hide
        Alejandro Scandroli added a comment -

        This is a plastic proxy issue
        The only workaround I could find is change the bind method to avoid the proxy creation:

        Index: src/main/java/org/tynamo/security/services/SecurityModule.java
        IDEA additional info:
        Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
        <+>UTF-8
        ===================================================================
        --- src/main/java/org/tynamo/security/services/SecurityModule.java	(revision 2372)
        +++ src/main/java/org/tynamo/security/services/SecurityModule.java	(revision )
        @@ -84,7 +84,7 @@
         	{
         
         		binder.bind(WebSecurityManager.class, TapestryRealmSecurityManager.class);
        -		binder.bind(Authenticator.class, ModularRealmAuthenticator.class);
        +		binder.bind(ModularRealmAuthenticator.class);
         		binder.bind(SubjectFactory.class, DefaultWebSubjectFactory.class);
         		binder.bind(RememberMeManager.class, CookieRememberMeManager.class);
         		binder.bind(HttpServletRequestFilter.class, SecurityConfiguration.class).withId("SecurityConfiguration");
        

        I don't know if this is an acceptable solution

        Show
        Alejandro Scandroli added a comment - This is a plastic proxy issue The only workaround I could find is change the bind method to avoid the proxy creation: Index: src/main/java/org/tynamo/security/services/SecurityModule.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- src/main/java/org/tynamo/security/services/SecurityModule.java (revision 2372) +++ src/main/java/org/tynamo/security/services/SecurityModule.java (revision ) @@ -84,7 +84,7 @@ { binder.bind(WebSecurityManager.class, TapestryRealmSecurityManager.class); - binder.bind(Authenticator.class, ModularRealmAuthenticator.class); + binder.bind(ModularRealmAuthenticator.class); binder.bind(SubjectFactory.class, DefaultWebSubjectFactory.class); binder.bind(RememberMeManager.class, CookieRememberMeManager.class); binder.bind(HttpServletRequestFilter.class, SecurityConfiguration.class).withId( "SecurityConfiguration" ); I don't know if this is an acceptable solution
        Hide
        Kalle Korhonen added a comment -

        I've run into similar issues. Agree that's the best workaround for now.

        Show
        Kalle Korhonen added a comment - I've run into similar issues. Agree that's the best workaround for now.
        Hide
        Kalle Korhonen added a comment -

        Should have implemented an integration test for it but didn't.

        Show
        Kalle Korhonen added a comment - Should have implemented an integration test for it but didn't.
        Hide
        Alejandro Scandroli added a comment -

        bulk closing issues that have been resolved for more than a year.

        Show
        Alejandro Scandroli added a comment - bulk closing issues that have been resolved for more than a year.

          People

          • Assignee:
            Kalle Korhonen
            Reporter:
            Vladimir Velikiy
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: