Don'tPush OzoneLayer and Shiro logout problem.

Hi all!

We are trying to integrate out vaading application with the Don’t Push OzoneLayer add-on, but we are having some troubles using the add-on in conjuntion with Apache Shiro. My environment is as follows:

Tomcat 7.0.32
Apache Shiro 1.2.1
Vaadin 6.8.4
Don’tPush OzoneLayer 1.0.1

All seems to work ok except in one thing. When the shiro logout process is performed, the session is invalidated as expected and just after that a message that says something like:

Ooops…

Connection to server appears to be broken. This may be due to a temporary network problem or the server has gone is offline or very busy. The connection may return automatically or you may try to reconnect/restart your app.

shows up.

Previously, when in the web.xml file the servlet com.vaadin.terminal.gwt.server.ApplicationServlet were configured, the logout process works without issues. Now the servlet were replaced with org.vaadin.dontpush.server.DontPushOzoneServlet. The logout process still works (the user is successfully loged out) but the above dialog shows up.

This is my web.xml:

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
	id="WebApp_ID" version="3.0">

	<display-name>G4S Server - Sistema Central GasPAR</display-name>

	<!-- The filter-name matches name of a 'shiroFilter' bean inside applicationContext.xml -->
	<filter>
		<filter-name>shiroFilter</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
		<async-supported>true</async-supported>
		<init-param>
			<param-name>targetFilterLifecycle</param-name>
			<param-value>true</param-value>
		</init-param>
	</filter>


	<!-- Make sure any request you want accessible to Shiro is filtered. /* 
		catches all -->
	<!-- requests. Usually this filter mapping is defined first (before all 
		others) to -->
	<!-- ensure that Shiro works in subsequent filters in the filter chain: -->
	<filter-mapping>
		<filter-name>shiroFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>


	<!-- Spring context loader -->
	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>

	<!-- Spring web request listener: makes the current web request available 
		in a private ThreadLocal -->
	<listener>
		<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
	</listener>

	<context-param>
		<description>Vaadin production mode</description>
		<param-name>productionMode</param-name>
		<param-value>false</param-value>
	</context-param>

	<servlet>
		<servlet-name>G4SServer</servlet-name>
		<servlet-class>org.vaadin.dontpush.server.DontPushOzoneServlet</servlet-class>
		<init-param>
			<description>G4SServer Application</description>
			<param-name>application</param-name>
			<param-value>mx.ssf.sicom.scgaspar.web.main.SCGasparWebApplication</param-value>
		</init-param>
		<init-param>
			<description>Application widgetset</description>
			<param-name>widgetset</param-name>
			<param-value>mx.ssf.sicom.scgaspar.web.main.G4SWitgetset</param-value>
		</init-param>
		<async-supported>true</async-supported>
	</servlet>

	<servlet>
		<description>AtmosphereServlet</description>
		<servlet-name>AtmosphereServlet</servlet-name>
		<servlet-class>org.atmosphere.cpr.AtmosphereServlet</servlet-class>
		<init-param>
			<!-- prevent deadlocks -->
			<param-name>org.atmosphere.disableOnStateEvent</param-name>
			<param-value>true</param-value>
		</init-param>
		<init-param>
			<param-name>org.atmosphere.useWebSocket</param-name>
			<param-value>false</param-value>
		</init-param>
		<load-on-startup>1</load-on-startup>
		<!--Uncomment if you want to use Servlet 3.0 Async Support -->
		<async-supported>true</async-supported>
	</servlet>
	<servlet-mapping>
		<servlet-name>AtmosphereServlet</servlet-name>
		<url-pattern>/UIDL/*</url-pattern>
	</servlet-mapping>

	<servlet-mapping>
		<servlet-name>G4SServer</servlet-name>
		<url-pattern>/*</url-pattern>
	</servlet-mapping>

</web-app>

Really I don’t know what approach to follow to solve this. I don’t know if this behaviour is the expected one or if I need to configure something else or something. I appreciate any help in this.

Thank you very much for your time!

Did you ever figure this out? I’m having the exact same problem, and this was the first search result that appeared on Google.

Thanks.

Found this in the Subject javadoc:

 * <h3>Web Environment Warning</h3>
 * Calling this method in web environments will usually remove any associated session cookie as part of
 * session invalidation.  Because cookies are part of the HTTP header, and headers can only be set before the
 * response body (html, image, etc) is sent, this method in web environments must be called before <em>any</em>
 * content has been rendered.
 * <p/>
 * The typical approach most applications use in this scenario is to redirect the user to a different
 * location (e.g. home page) immediately after calling this method.  This is an effect of the HTTP protocol
 * itself and not a reflection of Shiro's implementation.

I have a close() which I’ve tried placing immediately before and after the subject.logout(), no luck. I see in my logs that I’m logged out.

I’ve tried using the HttpServletRequestListener, thinking I could clear the cookie manually. The request cookies are always null when this method is hit, so I’m guessing the Shiro filter is stripping it out.

Not sure what to try next, or if this just isn’t possible. Comet and Shiro integration are two features I really want in a web framework, and Lift has me quite spoiled in that regard.

Thanks.

Hi,

The parameter passed to HttpServletRequestListener is a fake in OzoneLayer as the actual request and especially cookies are not necessary available e.g. with websockets and some servers.

I think the best shot would be to checkout the ozonelayer sources, add a relevant hooks there and build your own custom version of it. If you end up having something that might be useful for others, please share a patch on the project page.

cheers,
matti