I'm in the process of migrating my application from 22.214.171.124 to 126.96.36.199, and one thing I've noticed is the following error message in the weblogic logs when logging out of ADF Security:
<Error> <oracle.adf.share.http.HttpSessionScopeAdapter> <BEA-000000> <HttpSessionScopeAdapter: Request is in an invalid state. Could not access the request session.>
The logout still seems to work fine however. Currently I'm logging out with the following code (from here):
|ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();|
|ectx.redirect(ectx.getRequestContextPath() + "/adfAuthentication?logout=true&end_url=/faces/home");|
Every time I press logout, the above error happens 5 times in the logs.
I've also tried using the logout code from the 12c documentation and that produces the same error, but interestingly only produces that error 4 times.
Is there something extra or different that is supposed to be done to log out of ADF security in 12c? I can't imagine that getting an error repeatedly is what should be expected.
Correct, form based authentication, with a simple login form that submits to j_security_check.
I thought it might have been my custom filter servlet that was interfering, but after commenting that out the same behavior remained. With the filter still enabled, in the debugger I saw that the errors were generated after the logout method (invoked by a link) returned, and before the filter was invoked as part of rendering the next page request.
I can try creating a brand new application that wasn't migrated from 11g and enable ADF Security and see if the same thing happens.
I made a fresh ADF 12c application with just a ViewController project (and an empty Model project) with two JSF pages that each render a bounded taskflow as a region in the page.
I ran through the "Configure ADF Security" wizard, as outlined in the documentation, and the same problem remained. The error message didn't happen as many times each logout, but it was still generated at least once each time.
I gave that idea a try, and it was the same result as the very similar manual logout code given in the documentation I tried earlier: http://docs.oracle.com/middleware/1212/adf/ADFFD/adding_security.htm#ADFFD21669
The logout happens successfully, but that error message shows up in the logs at least once. Whenever I do a logout without going through the authentication servlet, the error is always logged exactly 1 time fewer. In my application I migrated from 11gR2 to 12c, the error would happen 4 times (5 through the servlet), and in the fresh sample 12c app I made earlier this week, it happens 1 time (2 through the servlet).
I should also add that all of this testing has just been done in the integrated weblogic 12c server that comes with JDeveloper 12c.
see also ADFEMG JIRA issue ADFEMG-191, "12c error : HttpSessionScopeAdapter : Request is in an invalid state"