9 Replies Latest reply on Sep 24, 2013 4:28 AM by floflo floflo

    Logout Jaas

    floflo floflo Newbie

      Hello,

      I try to logout but it doesn't work.

      I read that session.invalidate();  calls the logout() on jaas.

      Please i need help

      thanks

       

      jboss-web.xml

      
      
      
      

      <?xml version="1.0" encoding="UTF-8"?>

      <jboss-web>

          <!-- DBG - 28/01/10  ==  Authentification/JAAS -->

          <security-domain>java:/jaas/m</security-domain>

          <context-root>/MWeb</context-root>

      </jboss-web>

       

       

       

       

       

      killSession.jsp

      <%

      session.invalidate();

      %>

      <%@page contentType="text/html" pageEncoding="UTF-8"%>

      <!DOCTYPE html>

      <html>

          <head>

              <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

              <title>M logout</title>

          </head>

          <body>

              <h1>Logout</h1>

              You are diconnected of M application.

          </body>

      </html>

        • 2. Re: Logout Jaas
          xiang yingbing Master

          package com.ybxiang.forum.servlet;

           

          import java.io.IOException;

          import java.security.Principal;

          import java.util.logging.Logger;

           

          import javax.ejb.EJB;

          import javax.servlet.ServletException;

          import javax.servlet.annotation.WebServlet;

          import javax.servlet.http.HttpServlet;

          import javax.servlet.http.HttpServletRequest;

          import javax.servlet.http.HttpServletResponse;

           

          import com.ybxiang.forum.ejb.session.core.ICacheService;

           

          /**

          * http://www.technicaladvices.com/2012/07/08/the-effective-java-logout-servlet-code/

          *

          * The servlet must be put into <security-constraint> <web-resource-collection> in web.xml, if not, request.getUserPrincipal() will be null!

          *

          * 参见:com.ybxiang.forum.jsfmbean.JSFHelper.printFacesExternalContext()

          */

          @WebServlet("/logoutServlet")

          public class LogoutServlet extends HttpServlet {

              private static final long serialVersionUID = 1L;

              static final Logger logger = Logger.getLogger(LogoutServlet.class.getName());

             

              @EJB

              ICacheService cacheService;

             

              protected void doGet(HttpServletRequest request,

                      HttpServletResponse response) throws ServletException, IOException {

                 

                  //********************** refresh online status **********************//

                  try {

                      Principal p = request.getUserPrincipal();

                      if(p!=null){

                          cacheService.markUserAsOffline(p.getName());

                      }

                  } catch (Exception e) {

                      logger.info(e.getMessage());

                  }

                 

                  //********************** log out(clean something) **********************//

                  response.setHeader("Cache-Control", "no-cache, no-store");

                  response.setHeader("Pragma", "no-cache");

                  response.setHeader("Expires", new java.util.Date().toString());//http://www.coderanch.com/t/541412/Servlets/java/Logout-servlet-button 

                  //response.setHeader("Expires", "0")//http://www.coderanch.com/t/541412/Servlets/java/Logout-servlet-button

                  response.setHeader("Connection", "close");//http://javaarm.com/faces/display.xhtml?tid=2416&page=1#post_18198

                  //

                  if(request.getSession(false)!=null){

                      request.getSession(false).invalidate();//remove session.

                  }

                  if(request.getSession()!=null){

                      request.getSession().invalidate();//remove session.

                  }

                 

                  request.logout();//JAAS log out (from servlet specification)! It is a MUST!

                 

                 

                  //********************** redirect **********************//

                  /**

                   * Here, if we redirect response to a secured page (example:request.getContextPath()+"/faces/console/console.xhtml"),

                   * then

                   * (a)<auth-method>BASIC</auth-method> will redirect secured page to login page and login automatically with username and password that are cached in web browser.

                   * (b)<auth-method>FORM</auth-method> will redirect secured page to login page too, but will NOT login automatically with username and password that are cached in web browser.

                   *

                   * Here, if we redirect response to a non-secured page, then the non-secured page is displayed (normal case).

                   */

                  response.sendRedirect(request.getContextPath());

              }

             

           

          }

          • 4. Re: Logout Jaas
            floflo floflo Newbie

            hi,

            thanks for your help but it doesn't change nothing.

             

            I put this in the servlet in the processRequest, I call the servlet , and i am redirected on my homePage but always logued

             

            //********************** log out(clean something) **********************//

                    response.setHeader("Cache-Control", "no-cache, no-store");

                    response.setHeader("Pragma", "no-cache");

                    response.setHeader("Expires", new java.util.Date().toString());//http://www.coderanch.com/t/541412/Servlets/java/Logout-servlet-button

                    //response.setHeader("Expires", "0")//http://www.coderanch.com/t/541412/Servlets/java/Logout-servlet-button

                    response.setHeader("Connection", "close");//http://javaarm.com/faces/display.xhtml?tid=2416&page=1#post_18198

                    //

                    if(request.getSession(false)!=null){

                        request.getSession(false).invalidate();//remove session.

                    }

                    if(request.getSession()!=null){

                        request.getSession().invalidate();//remove session.

                    }

                 

                    request.logout();//JAAS log out (from servlet specification)! It is a MUST!

                      

                     

                 

                            //********************** redirect **********************//

                    /**

                     * Here, if we redirect response to a secured page (example:request.getContextPath()+"/faces/console/console.xhtml"),

                     * then

                     * (a)<auth-method>BASIC</auth-method> will redirect secured page to login page and login automatically with username and password that are cached in web browser.

                     * (b)<auth-method>FORM</auth-method> will redirect secured page to login page too, but will NOT login automatically with username and password that are cached in web browser.

                     *

                     * Here, if we redirect response to a non-secured page, then the non-secured page is displayed (normal case).

                     */

                    response.sendRedirect(request.getContextPath());

            • 5. Re: Logout Jaas
              floflo floflo Newbie

              for have the connect window (basic), i must close my chrome explorer and open it

               

               

              i try this

              <security-domain  flushOnSessionInvalidation="true">java:/jaas/m</security-domain>

              i try to delete cookies...

              • 6. Re: Logout Jaas
                floflo floflo Newbie

                thanks it's ok in production, it s just a pb on my localhost ^^

                • 7. Re: Logout Jaas
                  xiang yingbing Master

                  thanks it's ok in production, it s just a pb on my localhost ^^

                  ~~~~~~~~~It is OK in both development and production environment.

                   

                  What is your jboss as version?

                  There is bug about ip binding with jboss as 7.1.3, I use JBoss AS 7.2.0.

                   

                  IE:

                      If you log out and redirect to the page that only logged-in user can access, then IE will log in again automatically!!!

                      So, please make sure your home page can be accessed by public guest.

                   

                  Firefox:

                      Has no such problem.

                  • 8. Re: Logout Jaas
                    xiang yingbing Master

                    Congratulations anyway!

                    • 9. Re: Logout Jaas
                      floflo floflo Newbie

                      thanks for all !!!!!!!