3 Replies Latest reply on Nov 19, 2003 4:08 AM by juha

Logout in J2EE???

anbenham Oct 29, 2003 3:07 AM

Hi,
I am using JAAS for my J2EE application, with JSP frontend. I would like to place a "logout"-link.
Authentication is formbased.
Now, how to enforce logout, so that the subject ist resetted, and access is denied for the application?

1. Re: Logout in J2EE???

mikefinn Oct 29, 2003 11:18 AM (in response to anbenham)

Shoudn't session.invalidate() do what you need?

Mike
Actions
2. Re: Logout in J2EE???

gouldm Nov 18, 2003 12:57 PM (in response to anbenham)

Should this also prevent you from accessing any ejb's with security applied to them? If for example I had a page without security that the user browsed to after they had 'logged out', but there were some ejb's *with* security, would the ejb's execute?

Thanks,

Mark.
Actions
3. Re: Logout in J2EE???

juha Nov 19, 2003 4:08 AM (in response to anbenham)

No, there's no security context propagation from unprotected servlets to EJBs.

-- Juha
Actions

Go to original post