HI
I am using WL6.1 and have implemented formbased authentication. my problem
is that i have a logout button on each page that is supposed to logout the
user and bring back the login page. I tried using session.invalidate()...this somehow seems to be futile ..as the user is not actually logged off and still is able to access the secure pages. whats the common technique used for this?
I have seen several posts for similar logout problem...but havent been able to find a good solution!
thanks
Sri
-
logging out of Form based authentication (1 messages)
- Posted by: sriram chandra
- Posted on: August 05 2004 01:55 EDT
Threaded Messages (1)
- My implementation on JBoss by Zhidao Xu on August 06 2004 04:13 EDT
-
My implementation on JBoss[ Go to top ]
- Posted by: Zhidao Xu
- Posted on: August 06 2004 04:13 EDT
- in response to sriram chandra
I am using JBoss, and suffered same problem and my solution is calling EJB method. I must ask server to clean subject of user.
public void logout(String userName) {
java.util.ArrayList servers = MBeanServerFactory.findMBeanServer(null);
MBeanServer server = (MBeanServer) servers.get(0);
Object[] params = {"myOwnApplicationName", new org.jboss.security.SimplePrincipal(userName)};
String[] signature = {"java.lang.String","java.security.Principal"};
try{
ObjectName jaasMgr = new ObjectName("jboss.security:service=JaasSecurityManager");
server.invoke(jaasMgr, "flushAuthenticationCache", params, signature);
} catch (Exception e){
e.printStackTrace();
throw new EJBException(e);
}
}