-
Logout problem
When logging out using the logout filter I'm getting an IllegalStateException.
Code:
2006-11-14 12:36:17,522 126916 DEBUG [btpool0-4] org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices (TokenBasedRememberMeServices.java:215) - Cancelling cookie for reason: Logout of user admin
2006-11-14 12:36:17,523 126917 DEBUG [btpool0-4] org.acegisecurity.ui.session.HttpSessionEventPublisher (HttpSessionEventPublisher.java:113) - Publishing event: org.acegisecurity.ui.session.HttpSessionDestroyedEvent[source=org.mortbay.jetty.servlet.HashSessionManager$Session:78pof58m7ihok@18817368]
:WARN: /etg-webapp/j_acegi_logout:
java.lang.IllegalStateException
at org.mortbay.jetty.servlet.AbstractSessionManager$Session.setAttribute(AbstractSessionManager.java:855)
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:243)
at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274)
at org.acegisecurity.securechannel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:138)
at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274)
at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:148)
Looking at the exception, it's Jetty that is throwing the IllegalStateException. Diving into the Jetty code, it seems to be because the logout filter gets hit, the session gets invalidated, and then the httpSessionContextIntegrationFilter finishes its processing which tries to make sure the security context is set in the session. But when it does that it only does a check to see if the httpSession it is passed is null, not if it's valid. So, Jetty throws an IllegalStateException because we're trying to modify a session that has been invalidated. I'm not an expert on the servlet spec so I don't know if this is the right thing for Jetty to do or what. Has anyone else run into this problem?
Thanks,
Rich
-
I have experienced this same problem. I entered a bug in JIRA for it (SEC-394), so hopefully we can get a fix.
-
-
bug is fixed
i had the same problem, but the bug was already fixed.
If you still use jetty_6_ in your pom like this:
Code:
<plugin>
<groupId>org.mortbay.jetty</groupId>
<artifactId>maven-jetty6-plugin</artifactId>
</plugin>
change the artifact id to get the bugfixed version (they dropped the numer "6"
Code:
<plugin>
<groupId>org.mortbay.jetty</groupId>
<artifactId>maven-jetty-plugin</artifactId>
</plugin>
the goal has changed to from to don't forget to run or clean up your project before you fire up the new jetty version.
