| Logout Action [message #110902] |
Thu, 30 October 2008 12:54  |
Eclipse User |
|
|
|
Hi,
I'm trying to create an Action to logout of our application, and believe I
am having difficulties with session management. We hosting our
application from Tomcat using "form" based authentication. At the moment
the action is redirecting and invalidating the session:
public void run() {
final HttpSession session = RWT.getSessionStore().getHttpSession();
final HttpServletRequest request = RWT.getRequest();
final HttpServletResponse response = RWT.getResponse();
if (PlatformUI.getWorkbench().close()) {
// Redirect the user to the login screen
try {
response.sendRedirect(request.getContextPath());
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
// Invalidate can not be called on the event processing thread...
new Thread() {
public void run() {
session.invalidate();
}
}.start();
}
}
When the action executes the application is redirected to our login page,
but it seems the RAP is still running, we get the following message
inserted into our login screen:
Could not evaluate javascript response:
SyntaxError: XML tag name mismatch (expected meta)
My question(s) are:
1) Is this the best/correct/prefered way to "logout" of a RAP application,
and
2) What can be done to eliminate to error message?
(It would be nice if there was a helper method in RWT do just do this....)
Thanks
-John
|
|
|
| Re: Logout Action [message #110934 is a reply to message #110902] |
Fri, 31 October 2008 04:18  |
| Eclipse User |
|
|
|
Hi John,
we use the following construct for the same purpose and it works pretty
well:
final String browserText =
MessageFormat.format("parent.window.location.href = \"{0}\";",
urlToLoginPage); //$NON-NLS-1$
// Destroy the session immediately if the user explicitly logs out.
// This automatically leads to Workbench.close (see ShutdownHandler in
// Workbench.java)
RWT.getRequest().getSession().setMaxInactiveInterval(1);
// Use a Phaselistener to write the redirect to the response. Using a
// Browser-Widget
// didn't work reliable, as a subsequent request from the browser ended
// in a new session
// on the server side. The server returned an empty response which lead
// to a
// "Request failed: Status code 0" error in the Browser.
final Display display = Display.getCurrent();
RWT.getLifeCycle().addPhaseListener(new PhaseListener(){
private static final long serialVersionUID = 1L;
public void afterPhase(PhaseEvent event){
// It is important to use afterPhase to let all other statements be
//parsed.
// Otherwise, disabling the exit dialog confirmation doesn't work.
if (display == Display.getCurrent()) {
try {
final HtmlResponseWriter writer =
ContextProvider.getStateInfo().getResponseWriter();
writer.write(browserText);
} catch (IOException e) {
e.printStackTrace();
} finally {
RWT.getLifeCycle().removePhaseListener(this);
}
}
}
public void beforePhase(PhaseEvent event){
}
public PhaseId getPhaseId(){
return PhaseId.RENDER;
}
});
Some kind of support for this use case by RAP would be really nice,
because this solution is really a hack...
Hope that helps,
Stefan.
John Lowe schrieb:
> Hi,
> I'm trying to create an Action to logout of our application, and believe
> I am having difficulties with session management. We hosting our
> application from Tomcat using "form" based authentication. At the moment
> the action is redirecting and invalidating the session:
>
> public void run() {
> final HttpSession session = RWT.getSessionStore().getHttpSession();
> final HttpServletRequest request = RWT.getRequest();
> final HttpServletResponse response = RWT.getResponse();
>
> if (PlatformUI.getWorkbench().close()) {
> // Redirect the user to the login screen
> try {
> response.sendRedirect(request.getContextPath());
> } catch (IOException e) {
> // TODO Auto-generated catch block
> e.printStackTrace();
> }
>
> // Invalidate can not be called on the event processing thread...
> new Thread() {
> public void run() {
> session.invalidate();
> }
> }.start();
> }
> }
>
> When the action executes the application is redirected to our login
> page, but it seems the RAP is still running, we get the following
> message inserted into our login screen:
>
> Could not evaluate javascript response:
>
> SyntaxError: XML tag name mismatch (expected meta)
>
> My question(s) are:
> 1) Is this the best/correct/prefered way to "logout" of a RAP
> application, and
> 2) What can be done to eliminate to error message?
>
> (It would be nice if there was a helper method in RWT do just do this....)
>
> Thanks
> -John
>
|
|
|
|
| Re: Logout Action [message #111155 is a reply to message #111029] |
Mon, 03 November 2008 07:07 |
| Eclipse User |
|
|
|
Hi John,
the difference propbably is, that we redirect to a special servlet
(outside of RAP) which provides the static login page. The session
invalidation then can happen asynchronously in the background (done by
servlet engine).
Stefan.
John Lowe schrieb:
> Stefan,
>
> Thanks for your reply, interesting idea. Unfortunately it didn't work
> for me. It doesn't log out of the application, the app is just
> reloaded. I tried some other things, like calling invalidate in a
> separate thread, and adding a delay after the setMaxInactiveInterval().
> Both result in the behavior I had before.
>
> I surprised no one else is having this issue, how to other people logout
> of their applications? I noticed some people don't use container
> managed authentication and implement the password facility around
> IEntryPoint. We would prefer not to do that.
>
> Thanks again,
> -John
>
|
|
|
|
| Re: Logout Action [message #1090104 is a reply to message #780656] |
Mon, 19 August 2013 14:12 |
| Eclipse User |
|
|
|
The version of Ronald used to work until the recent past. With newer versions of RAP I received occasiaonally "session already invalidated" errors.
Adding a timeout on the client side fixed the issue. This version worked with RAP2.0
void logout(){
RWT.getRequest().getSession().setMaxInactiveInterval(1);
String defaultUrl = MessageFormat.format(
"{0}://{1}:{2}{3}",
new Object[] { RWT.getRequest().getScheme(),
RWT.getRequest().getLocalName(),
Integer.toString(RWT.getRequest().getLocalPort()),
RWT.getRequest().getRequestURI() });
System.out.println("Default URL: " + defaultUrl);
String browserText = MessageFormat.format(
"parent.window.location.href = \"{0}\";", defaultUrl);
JavaScriptExecutor executor = RWT.getClient().getService( JavaScriptExecutor.class );
// make sure that the session is invalid before opening it again
executor.execute( "setTimeout('"+browserText+"',1000)" );
}
[Updated on: Mon, 19 August 2013 14:15] by Moderator |
|
|
Powered by
FUDForum. Page generated in 0.03285 seconds
Home