[#TYNAMO-155] Authorization cache is not cleared at logout - jira.codehaus.org

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: security-0.4.4
Fix Version/s: security-0.4.5
Component/s: security
Labels:
- security
Environment:
Tapestry 5.3.3

Number of attachments :
0

Description

Method onLogout() in AuthorizingRealm is never called, because a proxy for org.tynamo.security.internal.ModularRealmAuthenticator is not passes instanceof condition in
DefaultSecurityManager.logout(...):
...
Authenticator authc = getAuthenticator();
if (authc instanceof LogoutAware)

{ ((LogoutAware) authc).onLogout(principals); }

...

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Alejandro Scandroli added a comment - 23/May/12 5:58 PM

This is a plastic proxy issue
The only workaround I could find is change the bind method to avoid the proxy creation:

Index: src/main/java/org/tynamo/security/services/SecurityModule.java
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- src/main/java/org/tynamo/security/services/SecurityModule.java	(revision 2372)
+++ src/main/java/org/tynamo/security/services/SecurityModule.java	(revision )
@@ -84,7 +84,7 @@
 	{
 
 		binder.bind(WebSecurityManager.class, TapestryRealmSecurityManager.class);
-		binder.bind(Authenticator.class, ModularRealmAuthenticator.class);
+		binder.bind(ModularRealmAuthenticator.class);
 		binder.bind(SubjectFactory.class, DefaultWebSubjectFactory.class);
 		binder.bind(RememberMeManager.class, CookieRememberMeManager.class);
 		binder.bind(HttpServletRequestFilter.class, SecurityConfiguration.class).withId("SecurityConfiguration");

I don't know if this is an acceptable solution

Show

Alejandro Scandroli added a comment - 23/May/12 5:58 PM This is a plastic proxy issue The only workaround I could find is change the bind method to avoid the proxy creation: Index: src/main/java/org/tynamo/security/services/SecurityModule.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- src/main/java/org/tynamo/security/services/SecurityModule.java (revision 2372) +++ src/main/java/org/tynamo/security/services/SecurityModule.java (revision ) @@ -84,7 +84,7 @@ { binder.bind(WebSecurityManager.class, TapestryRealmSecurityManager.class); - binder.bind(Authenticator.class, ModularRealmAuthenticator.class); + binder.bind(ModularRealmAuthenticator.class); binder.bind(SubjectFactory.class, DefaultWebSubjectFactory.class); binder.bind(RememberMeManager.class, CookieRememberMeManager.class); binder.bind(HttpServletRequestFilter.class, SecurityConfiguration.class).withId( "SecurityConfiguration" ); I don't know if this is an acceptable solution

Hide

Permalink

Kalle Korhonen added a comment - 25/May/12 4:19 PM

I've run into similar issues. Agree that's the best workaround for now.

Show

Kalle Korhonen added a comment - 25/May/12 4:19 PM I've run into similar issues. Agree that's the best workaround for now.

Hide

Permalink

Kalle Korhonen added a comment - 26/May/12 10:16 PM

Should have implemented an integration test for it but didn't.

Show

Kalle Korhonen added a comment - 26/May/12 10:16 PM Should have implemented an integration test for it but didn't.

Authorization cache is not cleared at logout

Details

Description

Activity

People

Dates