在Shiro注销期间销毁SessionScoped CDI bean

时间:2015-08-05 14:01:17

标签: java session wildfly wildfly-8 shiro

问题是会话范围bean在达到会话超时之前不会被销毁。

因此,我对以下注销程序有两个问题:

  1. 这是使用shiro注销的正确方法(请参阅下面的logout())
  2. 在注销期间销毁CDI会话范围bean的正确方法是什么。
  3. page.xhtml:

    <p:commandLink ajax="false" actionListener="#{myOtherBean.logout}" />
    

    豆:

    @Named
    @SessionScoped
    public class mySessionBean implements Serializable {
    }
    
    @Named
    @SessionScoped
    public class myOtherBean extends Observable implements Serializable {
        @Inject
        private Subject subject;
    
        public void logout(){
    
          subject.logout();
    
    // this line throws the exception
    FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
    
          FacesContext.getCurrentInstance().getExternalContext()
                .redirect(servlet.getContextPath() + "/logout");
        }
    }
    

    shiro.ini:

    [main]
    sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
    securityManager.sessionManager = $sessionManager
    sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
    securityManager.sessionManager.sessionDAO = $sessionDAO
    ....
    logout=org.apache.shiro.web.filter.authc.LogoutFilter
    logout.redirectUrl = /login.xhtml
    
    ....
    [urls]
    /logout = logout
    

    例外:

    当我致电FacesContext.getCurrentInstance().getExternalContext().invalidateSession();

    时,会抛出以下异常
     java.lang.IllegalStateException:
     org.apache.shiro.session.UnknownSessionException:
     There is no session with id [e5939658-c033-4e67-984f-23cadfbc06fb]
    

    其他信息:我正在运行Wildfly 8.2.0.Final。

    感谢。

1 个答案:

答案 0 :(得分:0)

以下是我在我的项目中使用的代码,这可能是因为你的bean是SessionScoped而且我的是ViewScoped?:

@Named
@ViewScoped
public class Authenticator implements Serializable {

    public void logout() {
        SecurityUtils.getSubject().logout();
        FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
        FacesContext.getCurrentInstance().getExternalContext().redirect(LOGIN_URL);
    }
}