aspose file tools*
The moose likes Servlets and the fly likes problem in logout procedure Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "problem in logout procedure" Watch "problem in logout procedure" New topic
Author

problem in logout procedure

toukhir mujawar
Ranch Hand

Joined: Oct 11, 2006
Posts: 70
hi friends....

i have a problem in writing code for logout...

i have written..

session.invalidate();

and now redirected to the Login page for Re-login...

but when i type in the userID and password it givrs error msg like...

http error 408: request timed out..

it is because of the direct reference to the login form from the protected area...

i am using the tomcat server for authenticaion..

please help me how should i incvalidate the authentication...and how to get new session for new login...


Regards
Toukhir Mujawar
Sreeraj G Harilal
Ranch Hand

Joined: Apr 19, 2006
Posts: 310
Please put the complete code here


SCJP 5.0<br />SCWCD 1.4<br />Preparing for <b>SCEA</b>.<br /><b>"I prefer an interesting vice to a virtue that bores."</b>
toukhir mujawar
Ranch Hand

Joined: Oct 11, 2006
Posts: 70
hi...

i have never written a code for Logout before this...

i dont know how to write it...

thats why i just invalidated the session...

i have done nothing else...

if you have some idea about how to write code for Logout then please help me...
Deepak Singh
Greenhorn

Joined: Dec 13, 2006
Posts: 6
please,put entire codes here so that question will be clear.
toukhir mujawar
Ranch Hand

Joined: Oct 11, 2006
Posts: 70
friends i dont have any code as such.....

please tell me how to write a code for logout....
Sreeraj G Harilal
Ranch Hand

Joined: Apr 19, 2006
Posts: 310
First you write a code for login
toukhir mujawar
Ranch Hand

Joined: Oct 11, 2006
Posts: 70
man i have written the code for Login...

infact i have done the authentication from the Tomcat server using the tomcatusers.xml file that is file based realm...

so once i get into the protected area i cant move back to Login page...

thats why the error is occuring...


but let me know how can i invalidate the authentication?

and come out of the protected area...

i cant give direct reference to Login page from the protected area...


please help me....
Sreeraj G Harilal
Ranch Hand

Joined: Apr 19, 2006
Posts: 310
If you want to invalidate the session then write the code like this
session.invalidate();

session = any session object
Sreeraj G Harilal
Ranch Hand

Joined: Apr 19, 2006
Posts: 310
Here i am giving you a sample code to login and logout from the session.
Here i am using a Map of users for login.
But i don't know how to invalidate a session that is new. (isNew() returns true). But i will find out the problem and send to you in the next reply.

Here is the code :-

index.html


login.jsp


MyServlets.LoginServlet



MyServlets.ShowMovieServlet


MyServlets.LogoutServlet


web.xml
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60992
    
  65

"Sreeraj G H",

There aren't many rules that you need to worry about here on the Ranch, but one that we take very seriously regards the use of proper names. Please take a look at the JavaRanch Naming Policy and adjust your display name to match it.

In particular, your display name must be a first and a last name separated by a space character, and must not be obviously fictitious.

Thanks!
bear
JavaRanch Sheriff


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
toukhir mujawar
Ranch Hand

Joined: Oct 11, 2006
Posts: 70
i have used Tomcats authentication....

Code For Login Page..............

<%@ page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@page session="false"%>

<html>
<head>
<title></title>
</head>
<body style="background-color:rgb(214,231,255);">
<form name="Login" action="j_security_check" method="post">
<table width="980" height="543" border="0" cellpadding="0" cellspacing="0" class='box'>
<tr>

<td align="center"><table width="575" border="0" cellpadding="0" cellspacing="0" bordercolor="#D6E7FF">
<tr>
<td colspan='2' align="center"><table border="1" align=center cellpadding="0" cellspacing="0" bordercolor="#FF9900" frame="box" class=box>
<tr><td>Enter the User Name</td><td><input type="text" name="j_username" maxlength='4'></td></tr>
<tr><td>Enter the Password</td><td><input type="password" name="j_password"></td></tr>
<tr><td colspan='2' align=center><input type="reset" value="Clear">            <input type="submit" value="Login"></td></tr>
</table>
<p> </p></td>
<td> </td>
</tr>
</table> </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</table>
</form>
</body>
</html>




Code for Logout.............


public void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {response.setContentType(CONTENT_TYPE);
HttpSession session = request.getSession();

session.invalidate();

RequestDispatcher rd= request.getRequestDispatcher("/Login.jsp");
rd.forward(request,response);
}




Web.xml contents...........


<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint><transport-guarantee>NONE</transport-guarantee></user-data-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<realm-name>DailyCollection Authentication</realm-name>
<form-login-config>
<form-login-page>/Login.jsp</form-login-page>
<form-error-page>/ErrorLogin.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>



please help me how to make the Logout work....
toukhir mujawar
Ranch Hand

Joined: Oct 11, 2006
Posts: 70
i have used Tomcats authentication....

Code For Login Page..............

<%@ page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@page session="false"%>

<html>
<head>
<title></title>
</head>
<body style="background-color:rgb(214,231,255);">
<form name="Login" action="j_security_check" method="post">
<table width="980" height="543" border="0" cellpadding="0" cellspacing="0" class='box'>
<tr>

<td align="center"><table width="575" border="0" cellpadding="0" cellspacing="0" bordercolor="#D6E7FF">
<tr>
<td colspan='2' align="center"><table border="1" align=center cellpadding="0" cellspacing="0" bordercolor="#FF9900" frame="box" class=box>
<tr><td>Enter the User Name</td><td><input type="text" name="j_username" maxlength='4'></td></tr>
<tr><td>Enter the Password</td><td><input type="password" name="j_password"></td></tr>
<tr><td colspan='2' align=center><input type="reset" value="Clear">            <input type="submit" value="Login"></td></tr>
</table>
<p> </p></td>
<td> </td>
</tr>
</table> </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</table>
</form>
</body>
</html>




Code for Logout.............


public void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {response.setContentType(CONTENT_TYPE);
HttpSession session = request.getSession();

session.invalidate();

RequestDispatcher rd= request.getRequestDispatcher("/Login.jsp");
rd.forward(request,response);
}




Web.xml contents...........


<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint><transport-guarantee>NONE</transport-guarantee></user-data-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<realm-name>DailyCollection Authentication</realm-name>
<form-login-config>
<form-login-page>/Login.jsp</form-login-page>
<form-error-page>/ErrorLogin.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>



please help me how to make the Logout work....
toukhir mujawar
Ranch Hand

Joined: Oct 11, 2006
Posts: 70
how should i invalidate the authentication done through the Tomcat server through my Logout servlet...

please help me...
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
The declaritive authentication mechanism that J2EE provides is resource level authentication , with which you can restrict resources (URL's) to only authenticated users and the authentication is declaritive.In case of tomcat releams will take care of the authentication and will not create any session.

For Authentication of an web application , I would suggest you to go for some session based solution.Create session on successful authentication and then go with your approach of invalidation after logout.


Rahul Bhattacharjee
LinkedIn - Blog
toukhir mujawar
Ranch Hand

Joined: Oct 11, 2006
Posts: 70
even if i work according to your suggestion, the problem is still there because invalidating the session is not enough to Logout....

i should logout of the authenication that i have logged in....


how should i do that?
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
Originally posted by toukhir mujawar:
even if i work according to your suggestion, the problem is still there because invalidating the session is not enough to Logout....

i should logout of the authenication that i have logged in....


how should i do that?

My best shot..

Container's Authentication is request based , I do not think any state is maintained.Whenever you request for a resource , which is constrained , servers does a authentication and the request is populated with stuffs like usename and role for use in code (methods are there in HTTPServletRequest)
and after the response is sent , the request is destroyed so as the information about the authentication.

Please correct if wrong.

toukhir mujawar
Ranch Hand

Joined: Oct 11, 2006
Posts: 70
thanks a lot for your information...

i think you got the point...

can you please explain in some detail about your statement...

..after the response is sent , the request is destroyed so as the information about the authentication...

see i m new to servelets....

you can help me...

Regards
Toukhir Mujawar
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
Originally posted by toukhir mujawar:

can you please explain in some detail about your statement...

..after the response is sent , the request is destroyed so as the information about the authentication...



Whenever you ask for a secure resource , then the browser asks for user credentials.If authentication is successful then the request object is created and populated with the username and roles , those can be used from the code.
once the request and response objects are created then those are passed on to the resource ,for which the request came.After processing when the response buffer is flused ,both the objects are destroyed so as the authenticaion information.
toukhir mujawar
Ranch Hand

Joined: Oct 11, 2006
Posts: 70
thanks a lot for your support....

now i understood what you mean...


but the problem is when i do so in the Logout servlet and redirect to Login page using RequestDispatcher it shows Login page... but when i try to login a error message comes like.....

HTTP Status 400 - Invalid direct reference to form login page

--------------------------------------------------------------------------------

type Status report

message Invalid direct reference to form login page

description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).


--------------------------------------------------------------------------------

Apache Tomcat/5.5.6


can you suggest me what should i do?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: problem in logout procedure