JDeveloper : 220.127.116.11.0
JHeadstart : 18.104.22.168.26
I have created a basic ADF app using JHeadstart
- New application
- Add JHS_USERS entity/view object/AppModule to Model project
- Enable JHeadstart on view project
- Set "Authentication Type" = custom
- Set "Authorization Type" = custom
- Select Secure all Pages
- Select Authorize using group permissions
- Create JHeadstart definition for AppModule
What I want to achieve is to change the jhsAuthenticationFilter logoutDestinationURL parameter to an external web address. The problem is, the user is never being forwarded to this.
I put a breakpoint in the oracle.jheadstart.controller.jsf.AuthenticationFilter class at the point where it checks the request URL (line 223). I then followed this process ...
1. Run UIShell.jspx
2. Log in to the application
3. Click on the logout link
4. The requestURL is "/faces/security/pages/Logout.jspx" - as per the logoutURL parameter
5. As the user is logged in, the code moves to check if the requestURL ends with logoutURL (which it does)
6. session.invalidate(); is called
*7. The code below this call (line 263 onwards) never gets run - after the session.invalidate(), the AuthenticationFilter is immediately called again with the request of /faces/UIShell*
8. As the user is not logged in (session has been invalidated), user is forwarded to the loginUrl, the code to redirect the user to the logoutDestinationUrl is never run ?
Can you replicate this ? I can send the test case if you like.
Edited by: Brent Harlow on Jan 16, 2013 5:26 PM
This only fails to work when using IE9 - in Firefox and Chrome it's fine - I've had other issues with IE9 and the call to session.invalidate() - I'm guessing that something in combination with weblogic 10.3.5 and IE9 that is not working when you try and invalidate the session !
different Stephen here, but I was able to replicate your issue in JDev 22.214.171.124 with JHS 126.96.36.199. For me it was connected to how the logoutDestinationURL was formatted. If I used "www.cnn.com" I got the same behavior you're seeing. If I used "http://www.cnn.com" it redirected properly.
Thanks for the feedback but my problem is that with 188.8.131.52 something happens in the session.invalidate() that immediately terminates running the current filter code, the next call to the filter is back with the original URL rather than the logout one - regardless of what I put in the logoutDestinationURL parameter.
I cannot reproduce the issue with your testcase.
Both the JHeadstart AuthenticationFilter and the HMDAuthenticationFilter correctly redirect to http://www.hmdclinical.com/.
I am using the same versions as you: JDev 184.108.40.206 and JHeadstart 220.127.116.11.26.
Maybe it is a browser specific issue? I use Chrome 24.0.1312.52 m
Not sure if it helps track things down, but I re-ran my test case (JDev 18.104.22.168, JHS 22.214.171.124) and it worked across all three browsers, FF 15, Chrome 24 and IE 9.
Any chance it's a browser setting of some sort?
Stephen, can you send me an email at steven-dot-davelaar-at-oracle-dot-com? I want to ask you something which is unrelated to this thread.
Are you runinng IE in compatiblilty mode by any chance?