I want to have a normal logout from my p:commandButton:
I have in my backend bean this function:
public void logout() {
SecurityUtils.getSubject().logout();
SavedRequest savedRequest = WebUtils.getAndClearSavedRequest(Faces.getRequest());
if (savedRequest == null) {
Faces.redirect("/common/login.jsf");
} else {
Faces.redirect(savedRequest.getRequestUrl());
}
}
But I got this:
Caused by: org.apache.shiro.session.UnknownSessionException: There is no session with id [b4a41562-0d9e-4fc9-9d9d-ef7724d8efad]
Any idea how I can solve that?
I´m using also Omnifaces library.
Any idea what is wrong?
I´m using:
Shiro 1.7.0 and Omnifaces 3.10.1
Shiro's Subject.logout() essentially clears the session (session.invalidate()). If the session has already been cleared, you wouldn't be able to clear it again.
If you are using Shiro's Logout Filter you do NOT need to make an additional call to logout().
Related
I have a website—utilizing Visualize.js—that has a simple login/logout feature. Everytime I login I call the authenicateUser() function and logout destroySession(). When I try login and then logout and then login again, when I try to render my existing reports I get this thrown error:
HTTP Status 401 - Full authentication is required to access this resource
The functions authenicateUser() and destroySession() are shown below:
function authenticateUser () {
var myConfig = {
auth : {
name : "superuser",
password : "superuser"
}
};
visualize.config( myConfig );
}
function destroySession() {
visualize( function ( v ) {
// Logout form JRS and finish the session.
v.logout().done( function () {
} );
} )
}
I would like to point out that when I first login my account this error is not thrown and renders the reports perfectly.
Why is this happening after logout and then login again?
This seemed to have worked for me. So I called visualize.config( config ) first so that I can store common configuration, to share them between visualize calls and then called the login method so that I can perform authentification with provided auth object. My reference: http://community.jaspersoft.com/wiki/visualizejs-api-notes-and-samples-v56
visualize.config( config );
visualize( function ( v ) {
v.login( config );
} );
This solution was not in their documentation though, but I put them piece by piece to finally solve the problem.
The documentation contained solution to this problem although it is not very explicit. See sample code and sample link from documentation link
visualize.config({
auth: {
name: "superuser",
password: "superuser"
}
});
Share common config between 'visualize' calls
Just a note:
Actually when you login you need to logout at some appropriate event. This depends on your application requirement e.g. if you are embedding reports within an existing web application, it seems more appropriate to link it existing application login/lougut
I am trying to build a server-to-server auth flow using the Facebook PHP SDK and no Javascript, as outlined here. So far, I have successfully created a LoginUrl that lets the User sign in with Facebook, then redirect back to my App and check the state parameter for CSFR protection.
My Problem is, that I can't seem to get the API-call working that should swap my Auth Code for an access token. I pillaged every similar problem anyone else that Google was able to find had encountered for possible solutions.
Yet the end result was always the same: no access token, no error message that I could evaluate.
Researching the topic yielded the following advice, which I tested:
The URL specified in the App Settings must be a parent folder of $appUrl.
use curl to make the request instead of the SDK function api()
I've been at this for 2 days straight now and really could use some help.
<?php
require '../inc/php-sdk/src/facebook.php';
// Setting some config vars
$appId = 'MY_APP_ID';
$secret = 'MY_APP_SECRET';
$appUrl = 'https://MY_DOMAIN/appFolder';
$fbconfig = array('appId'=>$appId, 'secret'=>$secret);
$facebook = new Facebook($fbconfig);
// Log User in with Facebook and come back with Auth Code if not yet done
if(!(isset($_SESSION['login']))){
$_SESSION['login']=1;
header('Location: '.$facebook->getLoginUrl());
}
// process Callback from Facebook User Login
if($_SESSION['login']===1) {
/* CSFR Protection: getLoginUrl() generates a state string and stores it
in "$_SESSION['fb_'.$fbconfig['appId'].'_state']". This checks if it matches the state
obtained via $_GET['state']*/
if (isset($_SESSION['fb_'.$fbconfig['appId'].'_state'])&&isset($_GET['state'])){
// Good Case
if ($_SESSION['fb_'.$fbconfig['appId'].'_state']===$_GET['state']) {
$_SESSION['login']=2;
}
else {
unset($_SESSION['login']);
echo 'You may be a victim of CSFR Attacks. Try logging in again.';
}
}
}
// State check O.K., swap Code for Token now
if($_SESSION['login']===2) {
$path = '/oauth/access_token';
$api_params = array (
'client_id'=>$appId,
'redirect_uri'=>$appUrl,
'client_secret'=>$secret,
'code'=>$_GET['code']
);
$access_token = $facebook->api($path, 'GET', $api_params);
var_dump($access_token);
}
The easiest way I found to do this is to extend the Facebook class and expose the protected getAccessTokenFromCode() method:
<?php
class MyFacebook extends Facebook {
/** If you simply want to get the token, use this method */
public function getAccessTokenFromCode($code, $redirectUri = null)
{
return parent::getAccessTokenFromCode($code, $redirectUri);
}
/** If you would like to get and set (and extend), use this method instead */
public function setAccessTokenFromCode($code)
{
$token = parent::getAccessTokenFromCode($code);
if (empty($token)) {
return false;
}
$this->setAccessToken($token);
if (!$this->setExtendedAccessToken()) {
return false;
}
return $this->getAccessToken();
}
}
I also included a variation on the convenience method I use to set the access token, since I don't actually need a public "get" method in my own code.
I'm using CakePHP 2.3.1 and this plugin: https://github.com/webtechnick/CakePHP-Facebook-Plugin to implement a facebook authentication. I followed this screen cast http://tv.cakephp.org/video/webtechnick/2011/01/12/nick_baker_--_facebook_integration_with_cakephp but it doesn't work, I can't receive the Facebook user information. I mean $this->Connect->user() always return null.
First make sure your user as granted access to your app. Then make a call to retrieve personal details through the api(/me) => $this->Connect->user()
Personally, I use this
public function beforeFilter(){
if($this->Connect->FB->getUser() != 0){
$this->set('facebookUser', $this->Connect->user());
}
Initiating ConnectComponent will populate (or not) the Auth Session. If no id is to be found, redirect user to a login dialog.
Call this method from beforefilter..and save the post data received in some variable like fb_data here.
protected function _valdiateFbRequest() {
if (!isset($this->request->data['signed_request'])) {
// not a valid request from fb
// throw exception or handle however you want
return;
}
$this->signedRequest = $this->request->data['signed_request'];
$this->fb_data=$this->Connect->registrationData(); //save fb data
unset($this->request->data['signed_request']);
if (empty($this->request->data)) {
$this->Security->csrfCheck = false;
}
// validate the request
}
I'm using Symfony 2.1 for a project & I'm using FOSFacebook bundle integrated with FOSUser bundle. when the user logs into my application no information is retrieved! i mean this line goes in exception :
namespace Acmes\UserBundle\Security\User\Provider;
class FacebookProvider implements UserProviderInterface {
//...
public function loadUserByUsername($username) {
//...
try {
$fbdata = $this->facebook->api('/me');
} catch (FacebookApiException $e) {
$fbdata = null;
}
//...
}
}
when the user logs in, the button change to 'logout' but i get the error :
"The user is not authenticated on facebook"
which means that $fbdata is null & no info has returned back from facebook application.
any solution? thanks!:)
I faced the same problem as yours.
Something must go wrong during your installation process of fosuserbundle and fosfacebook bundle.
Double check your settings with the following tutorial.
https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Resources/doc/index.md
I am new to grails and spring security plugin core , but i am facing a problem of
ERROR GrailsExceptionResolver - a different object with the same identifier value was already associated with the session: [nayax.SecUserSecRole#nayax.SecUserSecRole : null]
my code is :
NayaxUser populateDataFromJson(def user) {
//todo: HANDLE CASES OF CREATING ROLES FOR USER AND REAUTHENTICATE THEM
println "#### In FUNCTION ####"
Facebook existingProfile = Facebook.findByFid(user.id)
if (existingProfile) {
println "### User already present in the database ####"
existingProfile.setUser(existingProfile.user)
//todo: CREATE ROLE AND REAUTHENTICATE USER
SecRole secRole1 = SecRole.findByAuthority(SecRoleConstants.ROLE_USER)
SecUserSecRole.create(existingProfile.user, secRole1)
//todo: REAUTHENTICATE USER
springSecurityService.reauthenticate(existingProfile.user.username)
existingProfile.user.merge()
return existingProfile.user
}
else {
Facebook facebookObj = new Facebook(fid: user.id, lastLogin: new Date(), creationDate: new Date()).save(flush: true)
NayaxUser nayaxUser = new NayaxUser(facebookUrl: user.link, fullName: user.name, facebook: facebookObj, username: user.email, password: springSecurityService.encodePassword("pleaseChangeMe"), enabled: true)
if (nayaxUser.save(flush: true)) {
println "### WORK DONE , saved user and save the user in session ###"
facebookObj.setUser(nayaxUser)
//todo: CREATE ROLE AND REAUTHENTICATE USER
SecRole secRole = SecRole.findByAuthority(SecRoleConstants.ROLE_USER)
SecUserSecRole.create(nayaxUser, secRole)
//todo: REAUTHENTICATE USER
springSecurityService.reauthenticate(nayaxUser.username)
nayaxUser.merge()
return nayaxUser
}
else {
println "### ERROR IN VALIDATING DATA So NOT SETTING THE USER IN SESSION ####"
nayaxUser.errors.allErrors.each { error ->
println("### ERROR IS ${error} ####")
}
return nayaxUser
}
}
}
Actually , when i am loggin in from the facebook button and then logging out from my implementation and then logging back again quicky then there is an exception but after logging out i refresh the page a few times the problem disappears. I think something is wrong with my facebook logout implementation or is there something in the code ???
Any suggestions are welcome..
Try to use facebook javascript api for logout before call your logout controller to clear session and etc e.g:
if facebook user exists
logout facebook user with fb js api
js redirect to logout controller
else
redirect user to logout controller
This logic should be applied in the frontend of your application assuming that if there isn't facebook user, user will be redirected directly to the logout controller.
I have problems with facebook logout with java and php api from the fb application but in that way I overcome those problems.