3 Replies Latest reply on Sep 11, 2005 12:04 PM by ahmed sultan

    Users don't log out

    Tremal Naik Newbie

      Hello folks, I'm using Jboss 4.0.2. I still have some problems with login modules. My login-config.xml follows:

      <application-policy name = "CpRealm">
       <authentication>
       <login-module code = "com.ciccio.pasticcio.CpLoginModule" flag = "required">
       <module-option name="hashAlgorithm">MD5</module-option>
       <module-option name="hashEncoding">base64</module-option>
       </login-module>
       </authentication>
      </application-policy>
      


      The LogoutAction is invalidating the session in its
      execute()
      method:

      httpServletRequest.getSession().invalidate();


      I'm logging the
      login()
      and
      logout()
      methods of com.ciccio.pasticcio.CpLoginModule and the result is summarized in the following use case:

      1) I start Jboss
      1.1) I start Iexplorer and login as userA: login() is called
      1.2) logout as userA: execute() is called, logout() is NOT called
      1.1) I login again as userA: login() is NOT called
      1.2) I logout as userA: same as 1.2)
      1.3) restart Iexplorer, login as userA: login() is NOT called
      1.4) logout as userA, same as 1.2)
      1.5) I login as userB: login() is called
      1.6) logout as userB: same as 1.2)

      2) Restart Jboss, NOT Iexplorer
      1.1) login as userA: login() is called
      the rest is same as above

      I tried the following configuration:

      <application-policy name = "CpRealm">
       <authentication>
       <login-module code = "com.ciccio.pasticcio.CpLoginModule" flag = "required">
       <module-option name="hashAlgorithm">MD5</module-option>
       <module-option name="hashEncoding">base64</module-option>
       </login-module>
       <login-module code = "org.jboss.security.ClientLoginModule" flag = "required">
       <module-option name="multi-threaded">true</module-option>
       <module-option name="password-stacking">useFirstPass</module-option>
       </login-module>
       </authentication>
      </application-policy>
      


      nothing changed. Can anyone explain me where I'm doing wrong, please?

      thanks