I understand about JAAS authentication, and I have used form based authentication being submitted to the j_security_check url, my question is, by doing this is it possible to provide a button on the web UI to allow the user to logout?
I have configured JAAS completely declaratively, therefore I do not have runtime access to the LoginContext or LoginModule objects, I login with some web.xml configuration and the j_security_check url.
Is there a standard url to allow the user to logout via a similar url as I have used to login? For example: j_logout or something similar?
does anyone have any ideas about how to logout with declaritive JAAS via the container?
I appreciate any help.
Joined: Jan 24, 2002
There is no special url to do the logout. There is however an alternative and that is by invalidation the http session (HttpSession.invalidate()). This will force the application server in invalidating the server managed jaas subject.