4 Replies Latest reply on Sep 20, 2001 11:39 AM by William Kaufman

    Logout question

    William Kaufman Newbie

      How do i get the server-side login module's logout() invoked when the client-side login module's logout() is invoked? (I want to persist the logout time). This does not seem to be the default behavior. Here's a (twisted) way: the client logout could call a stateless session bean remote logout method, which would get the server login module (i can do that, i think), and invoke logout on that.

      But is there a better way?

        • 1. Re: Logout question
          Scott Stark Master

          You would have to create your own client/server login module pairs that allowed for this. The default JBoss login mechanism does not pass logout calls to the server as authentication is stateless.

          • 2. Re: Logout question
            William Kaufman Newbie

            To accomplish this I had to add a logout method to the SecurityManager, and insert another Interceptor in the StatelessSessionContainer which only looks for create calls on a "LogoutHome". (The Logout Bean has no methods in its RemoteInterface, the LogoutHome has only create().) When the interceptor intercepts a call to LogoutHome.create(), it calls SecurityManager.logout(), which calls LoginContext.logout(), which does the login module logouts.

            Now I have to add a non-default cache policy to the SecurityManager, since the default doesn't maintain state.

            Scott, I really like what you've done. But your explanations are so windy!

            • 3. Re: Logout question
              Scott Stark Master

              Adding container interceptors is not the best way to do this as this only works for the EJB types for which you change the interceptor configurations. The security manager is an independent entity that is accessible from JNDI via the security domain name so the simplest approach is to create a logout mbean that exposes an RMI interface for use by your client side login module. The mbean would house the cache policy used by the security manager and simply do the logout without having to deal with the security manager. No changes to the security manager would be required.

              • 4. Re: Logout question
                William Kaufman Newbie

                Thanks. I think I understand what you're saying.