• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

JAAS logout question...

 
Ranch Hand
Posts: 194
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Guys,

I understand about JAAS authentication, and I have used form based authentication being submitted to the j_security_check url, my question is, by doing this is it possible to provide a button on the web UI to allow the user to logout?

I have configured JAAS completely declaratively, therefore I do not have runtime access to the LoginContext or LoginModule objects, I login with some web.xml configuration and the j_security_check url.

Is there a standard url to allow the user to logout via a similar url as I have used to login? For example: j_logout or something similar?

I hope you understand what I mean here...

Thank you for any help.

Best Regards,
James.
 
James Turner
Ranch Hand
Posts: 194
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
does anyone have any ideas about how to logout with declaritive JAAS via the container?

I appreciate any help.

Regards,
James.
 
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is no special url to do the logout.
There is however an alternative and that is by invalidation the http session (HttpSession.invalidate()). This will force the application server in invalidating the server managed jaas subject.

Kris
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic