logging out of Form based authentication

Discussions

Web tier: servlets, JSP, Web frameworks: logging out of Form based authentication

  1. logging out of Form based authentication (1 messages)

    HI
    I am using WL6.1 and have implemented formbased authentication. my problem
    is that i have a logout button on each page that is supposed to logout the
    user and bring back the login page. I tried using session.invalidate()...this somehow seems to be futile ..as the user is not actually logged off and still is able to access the secure pages. whats the common technique used for this?

    I have seen several posts for similar logout problem...but havent been able to find a good solution!
    thanks
    Sri
  2. My implementation on JBoss[ Go to top ]

    I am using JBoss, and suffered same problem and my solution is calling EJB method. I must ask server to clean subject of user.

        public void logout(String userName) {
            
            java.util.ArrayList servers = MBeanServerFactory.findMBeanServer(null);
            MBeanServer server = (MBeanServer) servers.get(0);
            Object[] params = {"myOwnApplicationName", new org.jboss.security.SimplePrincipal(userName)};
            String[] signature = {"java.lang.String","java.security.Principal"};
            try{
                ObjectName jaasMgr = new ObjectName("jboss.security:service=JaasSecurityManager");
                server.invoke(jaasMgr, "flushAuthenticationCache", params, signature);
            } catch (Exception e){
                e.printStackTrace();
                throw new EJBException(e);
            }
                    
        }