About Logout

**richardsang2004** · Jan 12th, 2005, 10:40 AM

I am using what you suggested in the post that to set the securecontext to null for logout. It works however, when I try to use the url again after log off, I get a nulll pointer exception. Here is what I was doing. I use the ContextHolder.getContext() to get the current secureContext. Then from there I call getAuthentication() to get a hand on the current Authentication object. There is a problem at this point. After I set the Context to null during the logout, I tried to reaccess the URL, Acegi did not stop me access it rather it passed the securety check and went directly to the URL, and caused a null pointer exception.
I wonder what is the other way to do logout.

**Ben Alex** · Jan 14th, 2005, 03:49 PM

Without really knowing your configuration and the URL you're mentioning, it's hard to offer specific suggestions.

The best way to clear the context is:

Code:

ContextHolder.setContext&#40;null&#41;;

This must happen after your HttpSessionIntegrationFilter copies the Authentication from HttpSession to ContextHolder, but before it copies the Authentication (which is then null) from ContextHolder back to HttpSession.

Your alternative is to simply invalidate the HttpSession. See the Contacts sample's logoff.jsp.

Thread: About Logout

Thread Tools

Display

Hybrid View

About Logout

Similar Threads

HOWTO: Acegi Logout

CAS logout

ACEGI 0.8.2 + CAS 3.0: Global logout and user refresh

logout method

why page not found when rel-login after logout?

Posting Permissions