File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes HTTP authorization log out Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » Servlets
Reply locked New topic
Author

HTTP authorization log out

G Horie
Greenhorn

Joined: Feb 03, 2005
Posts: 10
Hi,

I'm new at using the HTTP request authorization header for user authentication, so please bear through this newbie question.

I know I can pop-up an authenticate window in a browser session with the following code snippet:

public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//...
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.setHeader("WWW-Authenticate", "BASIC realm=\"privileged-user\"");
//...
}

I also know how to parse to returning username and password to authenticate the request. So this is okay.

However, I do not know is how to log out of this authorized session without closing the browser. Well, that's not entirely true. I do seem to be able to log out by resending those two response headers, but I get a problem where the first authentication window that pops up won't accept an appropriate username and password. If I cancel the first request, then try to return to the site, the next authentication window responds as expected.

So I'm a little confused at what I'm doing wrong. Any suggestions?

Thanks,

- Greg.
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

This is actually a reasonable question - not as silly as it sounds.

We have an existing thread discussing this here.

Dave
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I hope you don't mind that I'm closing this thread to prevent duplicate conversations.

Dave
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: HTTP authorization log out