From 8066f865a8036416f09641e970eb507e567af3f5 Mon Sep 17 00:00:00 2001
From: Dancovich <danilo.viana@serpro.gov.br>
Date: Wed, 10 Jul 2013 11:15:11 -0300
Subject: [PATCH] Reparado bug no logout, método "logout" da classe "HttpServletRequest" não estava sendo chamado.

---
 impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/security/ServletAuthenticator.java | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/security/ServletAuthenticator.java b/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/security/ServletAuthenticator.java
index 34064a3..d09ae0c 100644
--- a/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/security/ServletAuthenticator.java
+++ b/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/security/ServletAuthenticator.java
@@ -58,8 +58,9 @@ public class ServletAuthenticator implements Authenticator {
 	@Override
 	public void authenticate() throws AuthenticationException {
 		try {
-			getRequest().login(getCredentials().getUsername(), getCredentials().getPassword());
-
+			if (this.getUser()==null){
+				getRequest().login(getCredentials().getUsername(), getCredentials().getPassword());
+			}
 		} catch (ServletException cause) {
 			throw new AuthenticationException(getBundle().getString("authentication-failed"), cause);
 		}
@@ -68,6 +69,11 @@ public class ServletAuthenticator implements Authenticator {
 	@Override
 	public void unAuthenticate() {
 		getCredentials().clear();
+		try {
+			getRequest().logout();
+		} catch (ServletException e) {
+			//Logout já havia sido efetuado
+		}
 		getRequest().getSession().invalidate();
 	}
 
--
libgit2 0.21.2