Logout Filter

[jazman]

Im trying to use the logout filter with a simple test rig i have up and runnning but I am not configuring it correctly. I have added a call to the logoutFilter in the filterChainProxy;

Code:

<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
		<property name="filterInvocationDefinitionSource">
			<value>
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
				PATTERN_TYPE_APACHE_ANT
				/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
			</value>
		</property>
	</bean>

I have defined the logoutFilter bean as follows;

Code:

<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
		<constructor-arg value="/index.jsp"/> <!-- URL redirected to after logout -->
		<constructor-arg>
			<list>				
				<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
			</list>
		</constructor-arg>
	</bean>

and I am using this filter in my jsp as such;

Code:

<p><a href="../j_acegi_logout">Logout</a>

However when I load my web page, my container tells me that the page defined at the specified URL is not available.

Code:

HTTP Status 404 - /springweb/

type Status report

message /springweb/

description The requested resource (/springweb/) is not available.
Apache Tomcat/5.5.12

Why is this? What am I missing?

[acrolead@yahoo.com]

Hi

first replace the filterInvocationDefinitionSource property of filterChainProxy bean from what you have into :

/**=httpSessionContextIntegrationFilter,authenticat ionProcessingFilter,logoutFilter,securityContextHo lderAwareRequestFilter,rememberMeProcessingFilter, anonymousProcessingFilter,exceptionTranslationFilt er,filterInvocationInterceptor

notice that in your setting you have put the logoutFilter before authenticationProcessingFilter .

second besure that you have put the /index.jsp outside your WEB-INF folder

third what is this /springweb/ ? is this the name of your main dispatcher servlet? if yes then what is the exact url of your logout link? It should be something like:

<a href="/msc/j_acegi_logout"> where msc is the name of your dispatcher servlet.

If your provide more log from Acegi it could help more.
in your log4j.properties file put this line:
log4j.category.org.acegisecurity=DEBUG and carefully analyse what ever it says. Most of the cases using the Acegi log you can find your mistake.

[jazman]

Sorry I made a mistake when I gave you the filterProxyChain bean definition. The one I gave you was from another project. This is the one for the project I was referring to;

Code:

<bean id="filterChainProxy"
		class="org.acegisecurity.util.FilterChainProxy">
		<property name="filterInvocationDefinitionSource">
			<value>
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
				PATTERN_TYPE_APACHE_ANT
				/**=httpSessionContextIntegrationFilter,formAuthenticationProcessingFilter,logoutFilter,exceptionTranslationFilter,filterSecurityInterceptor
			</value>
		</property>
	</bean>

springweb is the application context. The dispatcher servlet is simply called "dispatcher-servlet.xml"

[acrolead@yahoo.com]

what is the exact url of your logout link?

[jazman]

what is the exact url of your logout link?

It should be

Code:

<a href="/dispatcher/j_acegi_logout">

[Luke Taylor]

If your provide more log from Acegi it could help more.
in your log4j.properties file put this line:
log4j.category.org.acegisecurity=DEBUG and carefully analyse what ever it says. Most of the cases using the Acegi log you can find your mistake.

This is good advice...

[Dosihris]

Î have the same problem and in spite of here are tons of acegi logout threads, nobody was able to help me... is it so complicate to logout???

By the way, i put in the log4j-line in my log4j.properties and nothing happends.. acegi said nothing.. whyever.

here are all my acegi-files. i hope that anybody can solve this problem in a way that in future everybody who has this problem (and it seems that this are many people) can solve it easely...

acegi-security.xml

Code:

	<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
		<property name="filterInvocationDefinitionSource">
			<value>	
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
				PATTERN_TYPE_APACHE_ANT
				/**=httpSessionContextIntegrationFilter,logoutFilter,formAuthenticationProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
			</value>
		</property>
	</bean>

	<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
		<constructor-arg value="/index.htm"/>
		<constructor-arg>
			<list>
				<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
			</list>
		</constructor-arg>
		<property name="filterProcessesUrl" value="/j_acegi_logout"/>
	</bean>

And my acegi-logout-link...

Code:

<core:url value='/j_acegi_logout'/>

[karldmoore]

There is an example of the logoutFilter in the sample tutorial that ships with Acegi, I'd have a look at that first. It's path points to the root of the web app.

[taniavn]

I had the same problem with the logout giving me a "resource not found error" and I resolved it as follows:
in web.xml:
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>/j_acegi_logout</url-pattern>
</filter-mapping>

In applicationContext.xml:
<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="/index.jsp"/>
<!-- URL redirected to after logout -->
<constructor-arg>
<list>
<bean class="org.acegisecurity.ui.logout.SecurityContext LogoutHandler"/>
</list>
</constructor-arg>
</bean>

on my jsp page:
<a href='<c:url value="j_acegi_logout"/>'><fmt:message key="user.logout"/></a>

not that the url does not contain the trailing "/". This was my main problem.

Hope this helps everyone else.