Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

apache authentication with tomcat

 
Peter Guillebaud
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am having difficulty with a logout page. Once the user is logged in with the Header "authorization" set to a username and password string, I can't seem to set this to null (so that they are logged out).
Invalidating the session does not help as the UserPrincipal object in the Header persists.
Any ideas warmly accepted!
String auth = request.getHeader("authorization");
if (auth == null)
{
out.print ( "you are not currently logged in...<br>");
}
else
{
%>you are logged in <br>
request.toString():<%=request.toString()%><br>
session object:<%=request.getSession (false)%><br>
userPrincipal:<%=request.getUserPrincipal()%><br>

<%
//invalidate session - UserPrincipal will still be there
session.invalidate ();
%>

request.toString():<%=request.toString()%><br>
Session object:<%=request.getSession (false)%><br>
getUserPrincipal:<%=request.getUserPrincipal()%><br>

<%}%>



 
Bill Siggelkow
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I had a similar problem using Weblogic. You are correct, even if you invalidate the session, the request still holds the UserPrincipal. What I did was simply redirect back to my logon page after invalidating the session ... the redirect creates a *new* request which will not have the UserPrincipal in the header.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic