GeeCON Prague 2014*
The moose likes Security and the fly likes How to Logout and clear the user details in JAAS Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Engineering » Security
Bookmark "How to Logout and clear the user details in JAAS" Watch "How to Logout and clear the user details in JAAS" New topic
Author

How to Logout and clear the user details in JAAS

mahudees waran
Greenhorn

Joined: Dec 17, 2006
Posts: 28
Hai,
i am having a problem in logout using JAAS.I have the subject which is authenticated and it is is in authorized page of the subject.Now if i want to logout what should i do,even now i am calling the logout method manually in login page after checking like this
RdbmsLoginModule rd=new RdbmsLoginModule();
String remoteuser=request.getRemoteUser();
try
{
if(!remoteuser.equals(null))
{
rd.logout();
}
}
catch(Exception e)
{

}
now my logout method is called in my logout method
subject.getPrincipals().remove(rdbmsprincipal);

but even though now if i am printing
request.getUserPrincipal()
request.getRemoteUser()
after logout method is called it prints the principal and name of the last logged in user.now if i need to login as different user i was supposed to stop and restart the server again.How should i do for logout and clearing all the details of the user logged in.

Thanks in Advance,

Mahudees
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
In the logout process you generally invalidate the session.

Generally after successful authentication using JAAS , the subject is stored for further use.In that case HTTP session is a good choice for storing the authenticated subject in case of web applications.

So I think simply invalidating the session is enough.

[ July 31, 2007: Message edited by: Rahul Bhattacharjee ]

Rahul Bhattacharjee
LinkedIn - Blog
Michael Ku
Ranch Hand

Joined: Apr 20, 2002
Posts: 510
mahudees, I am interested in learning to write a login module to be used with declarative security in my web.xml file. Can you offer any guidance writing the module. I do not know which objects (Subject, Principal, etc) to create and how to populate them. I want to declare the roles in web.xml, use the web-resource-collection tags to allow access to certain parts of my web app via roles declared in the same web.xml

Would you please help?

Thank you
mahudees waran
Greenhorn

Joined: Dec 17, 2006
Posts: 28
Michael Ku ,
Actually i had too got the source from net for practicing and i had struglled to implement it.But after doing that i felt how easy it is.but the the way i found difficult was only untill i am able to execute my first example.i had implemented it in form based authentication to authenticate and latter upon i moved to jaas for authenticaion and authorization.untill now i am having a basic idea not much depth knowledge.moving my steps deepper in to it.


Mahudees
Michael Ku
Ranch Hand

Joined: Apr 20, 2002
Posts: 510
would you share the example that you used to get started

Thank you
 
Don't get me started about those stupid light bulbs.
 
subject: How to Logout and clear the user details in JAAS