File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes JAAS logout question... Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "JAAS logout question..." Watch "JAAS logout question..." New topic

JAAS logout question...

James Turner
Ranch Hand

Joined: May 10, 2004
Posts: 194
Hi Guys,

I understand about JAAS authentication, and I have used form based authentication being submitted to the j_security_check url, my question is, by doing this is it possible to provide a button on the web UI to allow the user to logout?

I have configured JAAS completely declaratively, therefore I do not have runtime access to the LoginContext or LoginModule objects, I login with some web.xml configuration and the j_security_check url.

Is there a standard url to allow the user to logout via a similar url as I have used to login? For example: j_logout or something similar?

I hope you understand what I mean here...

Thank you for any help.

Best Regards,

James<br />SCJP 1.4 - 92%<br />SCJD - 93%<br />SCWCD 1.4 - 95%<br />SCBCD 1.3 - 100%<br />SCEA - 92%
James Turner
Ranch Hand

Joined: May 10, 2004
Posts: 194
does anyone have any ideas about how to logout with declaritive JAAS via the container?

I appreciate any help.

Kris Melotte

Joined: Jan 24, 2002
Posts: 17
There is no special url to do the logout.
There is however an alternative and that is by invalidation the http session (HttpSession.invalidate()). This will force the application server in invalidating the server managed jaas subject.

I agree. Here's the link:
subject: JAAS logout question...
It's not a secret anymore!