GeeCON Prague 2014*
The moose likes Servlets and the fly likes apache authentication with tomcat Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Servlets
Bookmark "apache authentication with tomcat" Watch "apache authentication with tomcat" New topic
Author

apache authentication with tomcat

Peter Guillebaud
Ranch Hand

Joined: Jul 11, 2001
Posts: 57
I am having difficulty with a logout page. Once the user is logged in with the Header "authorization" set to a username and password string, I can't seem to set this to null (so that they are logged out).
Invalidating the session does not help as the UserPrincipal object in the Header persists.
Any ideas warmly accepted!
String auth = request.getHeader("authorization");
if (auth == null)
{
out.print ( "you are not currently logged in...<br>");
}
else
{
%>you are logged in <br>
request.toString():<%=request.toString()%><br>
session object:<%=request.getSession (false)%><br>
userPrincipal:<%=request.getUserPrincipal()%><br>

<%
//invalidate session - UserPrincipal will still be there
session.invalidate ();
%>

request.toString():<%=request.toString()%><br>
Session object:<%=request.getSession (false)%><br>
getUserPrincipal:<%=request.getUserPrincipal()%><br>

<%}%>



Bill Siggelkow
Ranch Hand

Joined: Jun 27, 2001
Posts: 57
I had a similar problem using Weblogic. You are correct, even if you invalidate the session, the request still holds the UserPrincipal. What I did was simply redirect back to my logon page after invalidating the session ... the redirect creates a *new* request which will not have the UserPrincipal in the header.


Bill Siggelkow
Jade Cove Solutions
 
GeeCON Prague 2014
 
subject: apache authentication with tomcat