Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

problem in logout procedure

 
toukhir mujawar
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi friends....

i have a problem in writing code for logout...

i have written..

session.invalidate();

and now redirected to the Login page for Re-login...

but when i type in the userID and password it givrs error msg like...

http error 408: request timed out..

it is because of the direct reference to the login form from the protected area...

i am using the tomcat server for authenticaion..

please help me how should i incvalidate the authentication...and how to get new session for new login...


Regards
Toukhir Mujawar
 
Sreeraj G Harilal
Ranch Hand
Posts: 310
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please put the complete code here
 
toukhir mujawar
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi...

i have never written a code for Logout before this...

i dont know how to write it...

thats why i just invalidated the session...

i have done nothing else...

if you have some idea about how to write code for Logout then please help me...
 
Deepak Singh
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
please,put entire codes here so that question will be clear.
 
toukhir mujawar
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
friends i dont have any code as such.....

please tell me how to write a code for logout....
 
Sreeraj G Harilal
Ranch Hand
Posts: 310
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
First you write a code for login
 
toukhir mujawar
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
man i have written the code for Login...

infact i have done the authentication from the Tomcat server using the tomcatusers.xml file that is file based realm...

so once i get into the protected area i cant move back to Login page...

thats why the error is occuring...


but let me know how can i invalidate the authentication?

and come out of the protected area...

i cant give direct reference to Login page from the protected area...


please help me....
 
Sreeraj G Harilal
Ranch Hand
Posts: 310
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you want to invalidate the session then write the code like this
session.invalidate();

session = any session object
 
Sreeraj G Harilal
Ranch Hand
Posts: 310
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here i am giving you a sample code to login and logout from the session.
Here i am using a Map of users for login.
But i don't know how to invalidate a session that is new. (isNew() returns true). But i will find out the problem and send to you in the next reply.

Here is the code :-

index.html


login.jsp


MyServlets.LoginServlet



MyServlets.ShowMovieServlet


MyServlets.LogoutServlet


web.xml
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64843
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"Sreeraj G H",

There aren't many rules that you need to worry about here on the Ranch, but one that we take very seriously regards the use of proper names. Please take a look at the JavaRanch Naming Policy and adjust your display name to match it.

In particular, your display name must be a first and a last name separated by a space character, and must not be obviously fictitious.

Thanks!
bear
JavaRanch Sheriff
 
toukhir mujawar
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i have used Tomcats authentication....

Code For Login Page..............

<%@ page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@page session="false"%>

<html>
<head>
<title></title>
</head>
<body style="background-color:rgb(214,231,255);">
<form name="Login" action="j_security_check" method="post">
<table width="980" height="543" border="0" cellpadding="0" cellspacing="0" class='box'>
<tr>

<td align="center"><table width="575" border="0" cellpadding="0" cellspacing="0" bordercolor="#D6E7FF">
<tr>
<td colspan='2' align="center"><table border="1" align=center cellpadding="0" cellspacing="0" bordercolor="#FF9900" frame="box" class=box>
<tr><td>Enter the User Name</td><td><input type="text" name="j_username" maxlength='4'></td></tr>
<tr><td>Enter the Password</td><td><input type="password" name="j_password"></td></tr>
<tr><td colspan='2' align=center><input type="reset" value="Clear">            <input type="submit" value="Login"></td></tr>
</table>
<p> </p></td>
<td> </td>
</tr>
</table> </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</table>
</form>
</body>
</html>




Code for Logout.............


public void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {response.setContentType(CONTENT_TYPE);
HttpSession session = request.getSession();

session.invalidate();

RequestDispatcher rd= request.getRequestDispatcher("/Login.jsp");
rd.forward(request,response);
}




Web.xml contents...........


<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint><transport-guarantee>NONE</transport-guarantee></user-data-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<realm-name>DailyCollection Authentication</realm-name>
<form-login-config>
<form-login-page>/Login.jsp</form-login-page>
<form-error-page>/ErrorLogin.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>



please help me how to make the Logout work....
 
toukhir mujawar
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i have used Tomcats authentication....

Code For Login Page..............

<%@ page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@page session="false"%>

<html>
<head>
<title></title>
</head>
<body style="background-color:rgb(214,231,255);">
<form name="Login" action="j_security_check" method="post">
<table width="980" height="543" border="0" cellpadding="0" cellspacing="0" class='box'>
<tr>

<td align="center"><table width="575" border="0" cellpadding="0" cellspacing="0" bordercolor="#D6E7FF">
<tr>
<td colspan='2' align="center"><table border="1" align=center cellpadding="0" cellspacing="0" bordercolor="#FF9900" frame="box" class=box>
<tr><td>Enter the User Name</td><td><input type="text" name="j_username" maxlength='4'></td></tr>
<tr><td>Enter the Password</td><td><input type="password" name="j_password"></td></tr>
<tr><td colspan='2' align=center><input type="reset" value="Clear">            <input type="submit" value="Login"></td></tr>
</table>
<p> </p></td>
<td> </td>
</tr>
</table> </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</table>
</form>
</body>
</html>




Code for Logout.............


public void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {response.setContentType(CONTENT_TYPE);
HttpSession session = request.getSession();

session.invalidate();

RequestDispatcher rd= request.getRequestDispatcher("/Login.jsp");
rd.forward(request,response);
}




Web.xml contents...........


<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint><transport-guarantee>NONE</transport-guarantee></user-data-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<realm-name>DailyCollection Authentication</realm-name>
<form-login-config>
<form-login-page>/Login.jsp</form-login-page>
<form-error-page>/ErrorLogin.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>



please help me how to make the Logout work....
 
toukhir mujawar
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
how should i invalidate the authentication done through the Tomcat server through my Logout servlet...

please help me...
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The declaritive authentication mechanism that J2EE provides is resource level authentication , with which you can restrict resources (URL's) to only authenticated users and the authentication is declaritive.In case of tomcat releams will take care of the authentication and will not create any session.

For Authentication of an web application , I would suggest you to go for some session based solution.Create session on successful authentication and then go with your approach of invalidation after logout.
 
toukhir mujawar
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
even if i work according to your suggestion, the problem is still there because invalidating the session is not enough to Logout....

i should logout of the authenication that i have logged in....


how should i do that?
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by toukhir mujawar:
even if i work according to your suggestion, the problem is still there because invalidating the session is not enough to Logout....

i should logout of the authenication that i have logged in....


how should i do that?

My best shot..

Container's Authentication is request based , I do not think any state is maintained.Whenever you request for a resource , which is constrained , servers does a authentication and the request is populated with stuffs like usename and role for use in code (methods are there in HTTPServletRequest)
and after the response is sent , the request is destroyed so as the information about the authentication.

Please correct if wrong.

 
toukhir mujawar
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks a lot for your information...

i think you got the point...

can you please explain in some detail about your statement...

..after the response is sent , the request is destroyed so as the information about the authentication...

see i m new to servelets....

you can help me...

Regards
Toukhir Mujawar
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by toukhir mujawar:

can you please explain in some detail about your statement...

..after the response is sent , the request is destroyed so as the information about the authentication...



Whenever you ask for a secure resource , then the browser asks for user credentials.If authentication is successful then the request object is created and populated with the username and roles , those can be used from the code.
once the request and response objects are created then those are passed on to the resource ,for which the request came.After processing when the response buffer is flused ,both the objects are destroyed so as the authenticaion information.
 
toukhir mujawar
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks a lot for your support....

now i understood what you mean...


but the problem is when i do so in the Logout servlet and redirect to Login page using RequestDispatcher it shows Login page... but when i try to login a error message comes like.....

HTTP Status 400 - Invalid direct reference to form login page

--------------------------------------------------------------------------------

type Status report

message Invalid direct reference to form login page

description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).


--------------------------------------------------------------------------------

Apache Tomcat/5.5.6


can you suggest me what should i do?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic