liferay: how to first force logout in autologin hook

StackOverflow https://stackoverflow.com/questions/4470130

  •  11-10-2019
  •  | 
  •  

Question

Apparantely liferay does not log the currently logged in user if you try to login again, and in fact even keeps the currently logged in user logged in. So I'm trying to force a logout.

I tried:

request.getSession().invalidate();

But that does not seem to work besides somehow breaking the login functionality.

I was wondering if anyone has any other idea how to force a logout.

Edit:

try {
            HttpSession session = request.getSession();

            EventsProcessorUtil.process(PropsKeys.LOGOUT_EVENTS_PRE,
                    PropsUtil.getArray(PropsKeys.LOGOUT_EVENTS_PRE), request, response);

            String domain = CookieKeys.getDomain(request);

            Cookie companyIdCookie = new Cookie(CookieKeys.COMPANY_ID,
                    StringPool.BLANK);

            if (Validator.isNotNull(domain)) {
                companyIdCookie.setDomain(domain);
            }

            companyIdCookie.setMaxAge(0);
            companyIdCookie.setPath(StringPool.SLASH);

            Cookie idCookie = new Cookie(CookieKeys.ID, StringPool.BLANK);

            if (Validator.isNotNull(domain)) {
                idCookie.setDomain(domain);
            }

            idCookie.setMaxAge(0);
            idCookie.setPath(StringPool.SLASH);

            Cookie passwordCookie = new Cookie(CookieKeys.PASSWORD,
                    StringPool.BLANK);

            if (Validator.isNotNull(domain)) {
                passwordCookie.setDomain(domain);
            }

            passwordCookie.setMaxAge(0);
            passwordCookie.setPath(StringPool.SLASH);

            CookieKeys.addCookie(request, response, companyIdCookie);
            CookieKeys.addCookie(request, response, idCookie);
            CookieKeys.addCookie(request, response, passwordCookie);

            try {
                session.invalidate();
            } catch (Exception e) {
            }

            EventsProcessorUtil.process(PropsKeys.LOGOUT_EVENTS_POST,
                    PropsUtil.getArray(PropsKeys.LOGOUT_EVENTS_POST), request, response);
        } catch (Exception e) {
            try {
                PortalUtil.sendError(e, request, response);
            } catch (IOException e1) {
                // TODO Auto-generated catch block
                e1.printStackTrace();
            } catch (ServletException e1) {
                // TODO Auto-generated catch block
                e1.printStackTrace();
            }
        }

Gives noclassdeffounderrors on cookiekeys/processorserviceutil/... depending on which I replace with a more base level. (like processorserviceutil with a processorserviceimpl and copy the function code from proeccesorserviceutil).

Was it helpful?

Solution

1) session.invalidate() only works if authentication is managed by the application server session, which it is not ;)

2) regardless of whether you use Community or Enterprise edition, you should have enough source code to achieve whatever you want

3) portal-ext.properties supports login chains as well as pre- and post-login hooks

4) Logout calls com.liferay.portal.action.LogoutAction which contains a bunch of logic but without spoiling the ending it should give you enough to shake the other Liferay authentication parts lose.

Hope this helps.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top