Examples of org.apache.shiro.subject.Subject.logout()

org.apache.shiro.subject.Subject.logout()
Logs out this Subject and invalidates and/or removes any associated entities, such as a {@link Session Session} and authorization data. After this method is called, the Subject isconsidered 'anonymous' and may continue to be used for another log-in if desired.
Web Environment Warning
Calling this method in web environments will usually remove any associated session cookie as part of session invalidation. Because cookies are part of the HTTP header, and headers can only be set before the response body (html, image, etc) is sent, this method in web environments must be called before any content has been rendered.
The typical approach most applications use in this scenario is to redirect the user to a different location (e.g. home page) immediately after calling this method. This is an effect of the HTTP protocol itself and not a reflection of Shiro's implementation.
Non-HTTP environments may of course use a logged-out subject for login again if desired.


            // Test whether user's role is authorized to perform functions in the permissions list
            authorizeUser(currentUser, exchange);
        } finally {
            if (policy.isAlwaysReauthenticate()) {
                currentUser.logout();
            }
        }
    }


    private void authenticateUser(Subject currentUser, ShiroSecurityToken securityToken) {

View Full Code Here

                
                    // Test whether user's role is authorized to perform functions in the permissions list  
                    authorizeUser(currentUser, exchange);
                } finally {
                    if (alwaysReauthenticate) {
                        currentUser.logout();
                        currentUser = null;
                    }
                }


            }

View Full Code Here

    @Override
    public void logoutCurrentUser(String token) {
        Subject s = SecurityUtils.getSubject();
        if (s != null) {
            logger.debug("Logout user: kill the Shiro Session");
            s.logout();
        } else {
            logger.debug("Logout user, subject not found in SecurityUtils");
        }
    }

View Full Code Here

        } else {
            fail( "Sorry, you aren't allowed to drive the 'eagle5' winnebago!" );
        }


        //all done - log out!
        currentUser.logout();
    }


}

View Full Code Here

  @DirectMethod
  public void signOut() {
    Subject subject = securitySystem.getSubject();


    if (subject != null) {
      subject.logout();
    }


    if (WebContextManager.isWebContextAttachedToCurrentThread()) {
      HttpSession session = WebContextManager.get().getRequest().getSession(false);
      if (session != null) {

View Full Code Here


      if (anonSession != null) {
        // clear the session
        this.getLogger().debug("Logging out the current anonymous user, to clear the session.");
        try {
          subject.logout();
        }
        catch (UnknownSessionException expectedException) {
          this.logger.trace(
              "Forced a logout with an Unknown Session so the current subject would get cleaned up.", e);
        }

View Full Code Here

      throws Exception
  {
    Subject subject = getSubject(request, response);


    if (subject != null) {
      subject.logout();
    }


    if (HttpServletRequest.class.isAssignableFrom(request.getClass())) {
      HttpSession session = ((HttpServletRequest) request).getSession(false);

View Full Code Here


      assertThat(principals.getPrimaryPrincipal().toString(), isIn(userManager.listUserIds()));
      assertThat(userManager.getAuthenticationRealmName(), isIn(principals.getRealmNames()));
    }
    finally {
      subject.logout();
    }
  }


  @Test
  public void testFindUserManagerNonDefaultRealm()

View Full Code Here


      assertThat(principals.getPrimaryPrincipal().toString(), isIn(userManager.listUserIds()));
      assertThat(userManager.getAuthenticationRealmName(), isIn(principals.getRealmNames()));
    }
    finally {
      subject.logout();
    }
  }


  @Test
  public void testGetUserStatusHandlesNull() {

View Full Code Here

      final PrincipalCollection principals = subject.getPrincipals();


      assertThat(helper().getUserStatus(principals), is(UserStatus.active));
    }
    finally {
      subject.logout();
    }
  }


  @Test
  public void testGetUserStatusNonDefaultRealm()

View Full Code Here

0 1 2 3 4 5 6 7

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.

Examples of org.apache.shiro.subject.Subject.logout()

Web Environment Warning