Invalidating session causes exception

[vaadin-kim]

Implementing a logout functionality properly requires invalidating the user's session upon a logout event. This way, we guarantee that any potential user resources bound to a session are not accidentally leaked to the next user.

Vaadin's wiki recommends invalidating the session and then redirecting the user to a login page.

VaadinService.getCurrentRequest().getWrappedSession().invalidate();
// Redirect to avoid keeping the removed UI open in the browser
getUI().getPage().setLocation(getLogoutPageLocation());

The second line causes an exception:

java.lang.IllegalStateException: Current VaadinSession is not open
    at org.vaadin.spring.internal.VaadinUIScope$VaadinSessionBeanStoreRetrievalStrategy.getVaadinSession(VaadinUIScope.java:115)
    at org.vaadin.spring.internal.VaadinUIScope$VaadinSessionBeanStoreRetrievalStrategy.getUIStore(VaadinUIScope.java:121)
    at org.vaadin.spring.internal.VaadinUIScope$VaadinSessionBeanStoreRetrievalStrategy.getBeanStore(VaadinUIScope.java:148)
    at org.vaadin.spring.internal.VaadinUIScope.getBeanStore(VaadinUIScope.java:94)
    at org.vaadin.spring.internal.VaadinUIScope.get(VaadinUIScope.java:70)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:336)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
....

[LukaszByczynski]

With following code:

public void logout() {
   getPage.setLocation("http://www.google.com");
   push();

   // Close the VaadinServiceSession
   getSession.close();

   // Invalidate underlying session instead if login info is stored there
   VaadinService.getCurrentRequest.getWrappedSession.invalidate();
}

I put this code into UI class and it's works correctly.

[gjrtimmer]

Logout and redirecting the user to the login page is now handle by the springSecurityFilterChain.

Fixed #149