[jboss-user] [Installation, Configuration & DEPLOYMENT] - Re: IllegalStateException(s) on logout
Wolfgang Knauf
do-not-reply at jboss.com
Mon Mar 30 09:04:28 EDT 2009
Hi,
it seems that JBoss plugs in it's own Valve "org.jboss.web.tomcat.security.SecurityAssociationValve", which requires the Security Context. It seems this Valve is called after your own logout.
So maybe it helps to move your logout code after this valve (e.g. in a custom Valve)?
Hope this is no total nonsense, but this is far beyond my own security experiences, so I just can do some guessing ;-)
Maybe you should ask this question in the Security forum http://www.jboss.com/index.html?module=bb&op=viewforum&f=49
Wolfgang
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4221980#4221980
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4221980
More information about the jboss-user
mailing list