-
-
2. Re: Logout Jaas
ybxiang.china Sep 23, 2013 4:28 AM (in response to schum-hacker)package com.ybxiang.forum.servlet;
import java.io.IOException;
import java.security.Principal;
import java.util.logging.Logger;
import javax.ejb.EJB;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.ybxiang.forum.ejb.session.core.ICacheService;
/**
* http://www.technicaladvices.com/2012/07/08/the-effective-java-logout-servlet-code/
*
* The servlet must be put into <security-constraint> <web-resource-collection> in web.xml, if not, request.getUserPrincipal() will be null!
*
* 参见:com.ybxiang.forum.jsfmbean.JSFHelper.printFacesExternalContext()
*/
@WebServlet("/logoutServlet")
public class LogoutServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
static final Logger logger = Logger.getLogger(LogoutServlet.class.getName());
@EJB
ICacheService cacheService;
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
//********************** refresh online status **********************//
try {
Principal p = request.getUserPrincipal();
if(p!=null){
cacheService.markUserAsOffline(p.getName());
}
} catch (Exception e) {
logger.info(e.getMessage());
}
//********************** log out(clean something) **********************//
response.setHeader("Cache-Control", "no-cache, no-store");
response.setHeader("Pragma", "no-cache");
response.setHeader("Expires", new java.util.Date().toString());//http://www.coderanch.com/t/541412/Servlets/java/Logout-servlet-button
//response.setHeader("Expires", "0")//http://www.coderanch.com/t/541412/Servlets/java/Logout-servlet-button
response.setHeader("Connection", "close");//http://javaarm.com/faces/display.xhtml?tid=2416&page=1#post_18198
//
if(request.getSession(false)!=null){
request.getSession(false).invalidate();//remove session.
}
if(request.getSession()!=null){
request.getSession().invalidate();//remove session.
}
request.logout();//JAAS log out (from servlet specification)! It is a MUST!
//********************** redirect **********************//
/**
* Here, if we redirect response to a secured page (example:request.getContextPath()+"/faces/console/console.xhtml"),
* then
* (a)<auth-method>BASIC</auth-method> will redirect secured page to login page and login automatically with username and password that are cached in web browser.
* (b)<auth-method>FORM</auth-method> will redirect secured page to login page too, but will NOT login automatically with username and password that are cached in web browser.
*
* Here, if we redirect response to a non-secured page, then the non-secured page is displayed (normal case).
*/
response.sendRedirect(request.getContextPath());
}
}
-
-
4. Re: Logout Jaas
schum-hacker Sep 23, 2013 10:00 AM (in response to ybxiang.china)hi,
thanks for your help but it doesn't change nothing.
I put this in the servlet in the processRequest, I call the servlet , and i am redirected on my homePage but always logued
//********************** log out(clean something) **********************//
response.setHeader("Cache-Control", "no-cache, no-store");
response.setHeader("Pragma", "no-cache");
response.setHeader("Expires", new java.util.Date().toString());//http://www.coderanch.com/t/541412/Servlets/java/Logout-servlet-button
//response.setHeader("Expires", "0")//http://www.coderanch.com/t/541412/Servlets/java/Logout-servlet-button
response.setHeader("Connection", "close");//http://javaarm.com/faces/display.xhtml?tid=2416&page=1#post_18198
//
if(request.getSession(false)!=null){
request.getSession(false).invalidate();//remove session.
}
if(request.getSession()!=null){
request.getSession().invalidate();//remove session.
}
request.logout();//JAAS log out (from servlet specification)! It is a MUST!
//********************** redirect **********************//
/**
* Here, if we redirect response to a secured page (example:request.getContextPath()+"/faces/console/console.xhtml"),
* then
* (a)<auth-method>BASIC</auth-method> will redirect secured page to login page and login automatically with username and password that are cached in web browser.
* (b)<auth-method>FORM</auth-method> will redirect secured page to login page too, but will NOT login automatically with username and password that are cached in web browser.
*
* Here, if we redirect response to a non-secured page, then the non-secured page is displayed (normal case).
*/
response.sendRedirect(request.getContextPath());
-
5. Re: Logout Jaas
schum-hacker Sep 23, 2013 9:59 AM (in response to schum-hacker)for have the connect window (basic), i must close my chrome explorer and open it
i try this
<security-domain flushOnSessionInvalidation="true">java:/jaas/m</security-domain>
i try to delete cookies...
-
6. Re: Logout Jaas
schum-hacker Sep 23, 2013 10:53 AM (in response to schum-hacker)thanks it's ok in production, it s just a pb on my localhost ^^
-
7. Re: Logout Jaas
ybxiang.china Sep 23, 2013 9:00 PM (in response to schum-hacker)thanks it's ok in production, it s just a pb on my localhost ^^
~~~~~~~~~It is OK in both development and production environment.
What is your jboss as version?
There is bug about ip binding with jboss as 7.1.3, I use JBoss AS 7.2.0.
IE:
If you log out and redirect to the page that only logged-in user can access, then IE will log in again automatically!!!
So, please make sure your home page can be accessed by public guest.
Firefox:
Has no such problem.
-
8. Re: Logout Jaas
ybxiang.china Sep 23, 2013 9:01 PM (in response to schum-hacker)Congratulations anyway!
-
9. Re: Logout Jaas
schum-hacker Sep 24, 2013 4:28 AM (in response to ybxiang.china)thanks for all !!!!!!!