There is no logout per se provided by web container. You simply invalidate the HTTP session.
The HttpSession has nothing to do with whether the user is authenticated or not; I can be logged into the system when the HttpSession is null.
Anyone know how i can logout of the container when I am on a web page?
If you invalidate HttpSession, web container kinda logout for you. If you access protected area again, the web container will ask you to login again.
> The HttpSession has nothing to do with whether the
> user is authenticated or not; I can be logged into
> the system when the HttpSession is null.
> Anyone know how i can logout of the container when I
> am on a web page?
Do I understand you correctly: you mean you are "logged into" JBoss and want to log out in some servlet. But my understanding is you are never really "logged in" in JBoss. In fact, you are providing credentials in every call; if these credentials have already been verified then JBoss doesn't call the JAAS stuff again.
So the question is, where are you keeping these credentials on the servlet side ? If it's in the http session then a call to session invalidate is actually enough.
I guess i should have filled in some more information.
I have a web app. I login and submit to 'j_security_check'. My LoginModules execute and I am logged in. The user uses the app, (several web pages) and then wants to logout.
The login modules have no access to the HttpSession. If i invalidate the HttpSession, i can still access the secured pages. In fact, i do not even create a HttpSession in my app; it is stateless.
I just tried it when using Form based authentication, and after invalidating the session, I could no longer access the restricted pages.
My guess is you are using BASIC auth, correct? In which case the browser resends the user/password on each request--which means that even after invalidating the session, when you try to access the restricted page, the browser in effect logs you right back in again automatically. Could this be what's happening?
i just tried it again and it worked. i have been fighting with this JAAS stuff too long!!!!!!!! Thanks for your help.