[jbossseam-issues] [JBoss JIRA] Closed: (JBSEAM-2239) After a logout, roles are not cleared
[ http://jira.jboss.com/jira/browse/JBSEAM-2239?page=all ]
Shane Bryzak closed JBSEAM-2239.
--------------------------------
Fix Version/s: 2.0.1.GA
Resolution: Done
Assignee: Shane Bryzak
The subject, and the security context are now explicitly cleared when Identity.logout() is
invoked. Thanks for the test case.
After a logout, roles are not cleared
-------------------------------------
Key: JBSEAM-2239
URL: http://jira.jboss.com/jira/browse/JBSEAM-2239
Project: JBoss Seam
Issue Type: Bug
Affects Versions: 2.0.0.GA
Reporter: Adam Warski
Assigned To: Shane Bryzak
Fix For: 2.0.1.GA
Attachments: seam_test_security.tar.gz
After logging out, using a link:
<s:link action="#{identity.logout}" value="Logout"
rendered="#{identity.loggedIn}" />
the roles are not cleared, that is, when the response page is rednered,
#{s:hasRole('admin')} is still true (assuming the user that was logged in had the
role :) ).
Everything is ok if you add a view="xxx.xhtml" parameter to s:link, however I
think it should work without it, too, so that users can logout and stay on the page they
were last viewing, if authorization permits them to.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira