3:21 a.m.
After a logout, roles are not cleared
-------------------------------------
Key: JBSEAM-2239
URL: http://jira.jboss.com/jira/browse/JBSEAM-2239
Project: JBoss Seam
Issue Type: Bug
Affects Versions: 2.0.0.GA
Reporter: Adam Warski
After logging out, using a link:
<s:link action="#{identity.logout}" value="Logout"
rendered="#{identity.loggedIn}" />
the roles are not cleared, that is, when the response page is rednered,
#{s:hasRole('admin')} is still true (assuming the user that was logged in had the
role :) ).
Everything is ok if you add a view="xxx.xhtml" parameter to s:link, however I
think it should work without it, too, so that users can logout and stay on the page they
were last viewing, if authorization permits them to.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
3:25 a.m.
New subject: [jbossseam-issues] [JBoss JIRA] Updated: (JBSEAM-2239) After a logout, roles are not cleared
[ http://jira.jboss.com/jira/browse/JBSEAM-2239?page=all ]
Adam Warski updated JBSEAM-2239:
--------------------------------
Attachment: seam_test_security.tar.gz
The app demonstrates the issue. It is generated with seam-gen and has only two
modifications:
* in menu.xml, the logout link is changed
* the main page is changed to display the value of #{s:hasRole('admin')}
To reproduce, login and then click logout.
When, after logging out, the view is rendered, the user is not already logged in, but the
check still displays "true"
After a logout, roles are not cleared
-------------------------------------
Key: JBSEAM-2239
URL: http://jira.jboss.com/jira/browse/JBSEAM-2239
Project: JBoss Seam
Issue Type: Bug
Affects Versions: 2.0.0.GA
Reporter: Adam Warski
Attachments: seam_test_security.tar.gz
After logging out, using a link:
<s:link action="#{identity.logout}" value="Logout"
rendered="#{identity.loggedIn}" />
the roles are not cleared, that is, when the response page is rednered,
#{s:hasRole('admin')} is still true (assuming the user that was logged in had the
role :) ).
Everything is ok if you add a view="xxx.xhtml" parameter to s:link, however I
think it should work without it, too, so that users can logout and stay on the page they
were last viewing, if authorization permits them to.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
5 a.m.
New subject: [jbossseam-issues] [JBoss JIRA] Closed: (JBSEAM-2239) After a logout, roles are not cleared
[ http://jira.jboss.com/jira/browse/JBSEAM-2239?page=all ]
Shane Bryzak closed JBSEAM-2239.
--------------------------------
Fix Version/s: 2.0.1.GA
Resolution: Done
Assignee: Shane Bryzak
The subject, and the security context are now explicitly cleared when Identity.logout() is
invoked. Thanks for the test case.
After a logout, roles are not cleared
-------------------------------------
Key: JBSEAM-2239
URL: http://jira.jboss.com/jira/browse/JBSEAM-2239
Project: JBoss Seam
Issue Type: Bug
Affects Versions: 2.0.0.GA
Reporter: Adam Warski
Assigned To: Shane Bryzak
Fix For: 2.0.1.GA
Attachments: seam_test_security.tar.gz
After logging out, using a link:
<s:link action="#{identity.logout}" value="Logout"
rendered="#{identity.loggedIn}" />
the roles are not cleared, that is, when the response page is rednered,
#{s:hasRole('admin')} is still true (assuming the user that was logged in had the
role :) ).
Everything is ok if you add a view="xxx.xhtml" parameter to s:link, however I
think it should work without it, too, so that users can logout and stay on the page they
were last viewing, if authorization permits them to.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
6268
days inactive
6268
days old
2 comments
2 participants
participants (2)
-
Adam Warski (JIRA) -
Shane Bryzak (JIRA)