Destroy SessionScoped CDI beans during Shiro logout

 

The problem is that the session scoped beans are not destroyed before the session-timeout is reached.

Therefore I have two questions regarding the following logout procedure:

  • Is this the right way to use shiro logout (see logout() below)
  • What would be the proper way to destroy the CDI session-scoped beans during logout.

    • page.xhtml: 

    <p:commandLink ajax="false" actionListener="#{myOtherBean.logout}" />

    beans: 

    @Named
@SessionScoped
public class mySessionBean implements Serializable {
}

@Named
@SessionScoped
public class myOtherBean extends Observable implements Serializable {
    @Inject
    private Subject subject;

    public void logout(){

      subject.logout();

// this line throws the exception
FacesContext.getCurrentInstance().getExternalContext().invalidateSession();

      FacesContext.getCurrentInstance().getExternalContext()
            .redirect(servlet.getContextPath() + "/logout");
    }
}

    shiro.ini: 

    [main]
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
securityManager.sessionManager.sessionDAO = $sessionDAO
....
logout=org.apache.shiro.web.filter.authc.LogoutFilter
logout.redirectUrl = /login.xhtml

....
[urls]
/logout = logout

    Exception:

    The following exception is thrown when I call FacesContext.getCurrentInstance().getExternalContext().invalidateSession(); 

     java.lang.IllegalStateException:
 org.apache.shiro.session.UnknownSessionException:
 There is no session with id [e5939658-c033-4e67-984f-23cadfbc06fb]

    Additional information: I am running Wildfly 8.2.0.Final.

    Thanks.

    这是我在我的项目中使用的代码,可能是因为你的bean是SessionScoped,而我的ViewScoped是? 

    @Named
@ViewScoped
public class Authenticator implements Serializable {

    public void logout() {
        SecurityUtils.getSubject().logout();
        FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
        FacesContext.getCurrentInstance().getExternalContext().redirect(LOGIN_URL);
    }
}
    链接地址: http://www.djcxy.com/p/49120.html

    上一篇: 可以使用可空类型作为通用参数?

    下一篇: 在Shiro注销期间销毁SessionScoped CDI bean