3 Replies Latest reply on Mar 19, 2003 3:58 PM by petertje

Flush won't work

chris.is Mar 14, 2003 10:35 AM

I want to create a log-out function for my
webapplication. I used a code to flush the authentication cache (see below). But when its done and I come back on the login page and press login.. it just logs in. And it doesn't ask for the user&password again. So probably the flush didn't work as it is suppossed to (it still knows the request.getUserPrinciple()).

CODE:
I imported org.jboss.jmx.adaptor.rmi.*
and the code was:

InitialContext iContext = new InitialContext();
String serverName = null;

if (serverName == null)
serverName = java.net.InetAddress.getLocalHost().getHostName();

RMIAdaptor server = (org.jboss.jmx.adaptor.rmi.RMIAdaptor)

iContext.lookup("jmx:" + serverName + ":rmi");
ObjectName jaasMgr = new ObjectName("jboss.security:service=JaasSecurityManager");

Object[] params = {"My domain"};
String[] signature = {"java.lang.String"};
server.invoke(jaasMgr, "flushAuthenticationCache", params, signature);

-- END CODE

anyone an idea?

1. Re: Flush won't work

petertje Mar 14, 2003 10:49 AM (in response to chris.is)

You cannot logout by flushing the cache! It's just a cache!
What happens is that the user's security credentials are still associated with his session. That's why you can "login" without username/password.
To logout a web user, simply remove the session:
session.invalidate().

Hth
Peter.
Actions
2. Re: Flush won't work

chris.is Mar 19, 2003 3:24 AM (in response to chris.is)

Tried that also.
If you push the log-out button, then it calls the
flush method and it does : request.getSession().invalidate(); .
Then it redirects you to the main screen. Then if I push the log-in button again.. it just goes on and does not show me the pop-up-box asking for the username and password.
So somehow it still uses the data.
Actions
3. Re: Flush won't work

petertje Mar 19, 2003 3:58 PM (in response to chris.is)

BASIC authentication i guess?
Actions

Go to original post