• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How to Logout and clear the user details in JAAS

 
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hai,
i am having a problem in logout using JAAS.I have the subject which is authenticated and it is is in authorized page of the subject.Now if i want to logout what should i do,even now i am calling the logout method manually in login page after checking like this
RdbmsLoginModule rd=new RdbmsLoginModule();
String remoteuser=request.getRemoteUser();
try
{
if(!remoteuser.equals(null))
{
rd.logout();
}
}
catch(Exception e)
{

}
now my logout method is called in my logout method
subject.getPrincipals().remove(rdbmsprincipal);

but even though now if i am printing
request.getUserPrincipal()
request.getRemoteUser()
after logout method is called it prints the principal and name of the last logged in user.now if i need to login as different user i was supposed to stop and restart the server again.How should i do for logout and clearing all the details of the user logged in.

Thanks in Advance,

Mahudees
 
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In the logout process you generally invalidate the session.

Generally after successful authentication using JAAS , the subject is stored for further use.In that case HTTP session is a good choice for storing the authenticated subject in case of web applications.

So I think simply invalidating the session is enough.

[ July 31, 2007: Message edited by: Rahul Bhattacharjee ]
 
Ranch Hand
Posts: 510
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
mahudees, I am interested in learning to write a login module to be used with declarative security in my web.xml file. Can you offer any guidance writing the module. I do not know which objects (Subject, Principal, etc) to create and how to populate them. I want to declare the roles in web.xml, use the web-resource-collection tags to allow access to certain parts of my web app via roles declared in the same web.xml

Would you please help?

Thank you
 
mahudees waran
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Michael Ku ,
Actually i had too got the source from net for practicing and i had struglled to implement it.But after doing that i felt how easy it is.but the the way i found difficult was only untill i am able to execute my first example.i had implemented it in form based authentication to authenticate and latter upon i moved to jaas for authenticaion and authorization.untill now i am having a basic idea not much depth knowledge.moving my steps deepper in to it.


Mahudees
 
Michael Ku
Ranch Hand
Posts: 510
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
would you share the example that you used to get started

Thank you
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic