I've taken a look through the forums and can't find an answer to this. As far as my tests have shown, the only way to remove a Principal object from the request is to use the LoginContext.logout() method, but can anyone figure out how to explicitly call this from a Servlet? What I have is this:
1. User logs in via JAAS custom login module..create Principal
2. Custom login module keeps track of Principal.getName() (usernames) in custom cache.
3. User session object is stuffed in session
I'd like to logout via servlet and have all 3 wiped out.
#2 and #3 are more that happy to go the way of the dodo, but that pesky #1 refuses to die. I can call session.invalidate() until my eyes pop out of my head and the Principal object will not leave me.
Any help on this would be greatly appreciated! Alternatively I'd be more than happy to write my own logging in with Servlet Filters?? Any good discussions or pointers on how to do this?