search

lemonzone2010 / javamelody

Automatically exported from code.google.com/p/javamelody
0 stars 0 forks source link

Add logout button that close current session #275

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What is the expected output? What do you see instead?
On line "Actualiser PDF Aide en ligne Application Desktop  Choix de la période 
:  Jour Semaine Mois Année Tout Personnalisée", please add the possibility to 
add a logoutButton.

For exemple:
Add a parameter "logout_parameter"
In Parameters add
static String getLogoutURL() {
 return Boolean.parseBoolean(Parameters.getParameter(Parameter.LOGOUT_URL));
}

In HtmlCoreReport.writeRefreshAndPeriodLinks add
  String logoutURL = Parameters.getLogoutURL();
  if(logoutURL !=null) {
    writeln(separator);
    write("<a href='"+logoutURL  +"' title='#logout#'>");
    write("<img src='?resource=logout.png' alt='#Logout#'/> #Logout#</a>");
  }

I think that this enhancement will be used by everybody who use a secured 
javamelody for close the current session.

I use spring security, so i will call j_spring_security_logout

Thanks for your help.

Original issue reported on code.google.com by lastm...@yahoo.fr on 4 Jan 2013 at 3:03

GoogleCodeExporter commented 9 years ago 
If this enhancement is ever added, I think that it should not call a 
parameterized "logoutURL", but it should call an action like 
"httpRequest.getSession().invalidate()".
This is simpler: no parameter added and no dependency on specific URL like 
"j_spring_security_logout". And the result is probably the same.

And this logout "button" has no reason to be displayed when 
httpRequest.getSession(false) returns null.

Original comment by evernat@free.fr on 4 Jan 2013 at 4:37

GoogleCodeExporter commented 9 years ago 
I agree that httpRequest.getSession().invalidate() is better than nothing.

Spring security provide a logout URL because we can add many handler on the 
logout action.
For example, on logout, we add a redirection to the login page.
So just "close the session" prevent this redirection.

So i prefer to parametrize the exit URL.

Original comment by lastm...@yahoo.fr on 7 Jan 2013 at 10:27

GoogleCodeExporter commented 9 years ago 
A logout action, with session.invalidate(), is now added in the menu in the 
floating menu on the right of the main report, if there is a http session 
(revision 3859, for the next release 1.52).
So I think that this issue is fixed.

After logging out the http://localhost:8080/monitoring is called again. I 
suppose that when there is no http session anymore to display the monitoring 
page, then a redirect to the login page could happen.

Original comment by evernat@free.fr on 29 Jul 2014 at 7:48