[jbossseam-issues] [JBoss JIRA] Updated: (JBSEAM-2239) After a logout, roles are not cleared

Adam Warski (JIRA) jira-events at lists.jboss.org
Mon Nov 12 04:25:44 EST 2007

     [ http://jira.jboss.com/jira/browse/JBSEAM-2239?page=all ]

Adam Warski updated JBSEAM-2239:

    Attachment: seam_test_security.tar.gz

The app demonstrates the issue. It is generated with seam-gen and has only two modifications:
* in menu.xml, the logout link is changed
* the main page is changed to display the value of #{s:hasRole('admin')}

To reproduce, login and then click logout.
When, after logging out, the view is rendered, the user is not already logged in, but the check still displays "true"

> After a logout, roles are not cleared
> -------------------------------------
>                 Key: JBSEAM-2239
>                 URL: http://jira.jboss.com/jira/browse/JBSEAM-2239
>             Project: JBoss Seam
>          Issue Type: Bug
>    Affects Versions: 2.0.0.GA
>            Reporter: Adam Warski
>         Attachments: seam_test_security.tar.gz
> After logging out, using a link:
> <s:link action="#{identity.logout}" value="Logout" rendered="#{identity.loggedIn}" />
> the roles are not cleared, that is, when the response page is rednered, #{s:hasRole('admin')} is still true (assuming the user that was logged in had the role :) ).
> Everything is ok if you add a view="xxx.xhtml" parameter to s:link, however I think it should work without it, too, so that users can logout and stay on the page they were last viewing, if authorization permits them to.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


More information about the seam-issues mailing list