[jboss-user] [Security & JAAS/JBoss] - The neverending logout topic

[chakotey07]

Dear community,

I am rather new to the JbossSX / JAAS topic and thus, I searched the forum to understand my problems, but I am not sure if I got everthing right.


Scenario:
I successfully secured a test web application via my custom login module and declarative security. Wonderful, but regarding the logout of an authenticated subject I got some problems / questions.


Question 1: 
I first used Basic Auth ... read the solution within the forum that session.invalidate does not work.
Thus, I switched to Form Auth (incl. j_security_check) ... session.invalidate does not work neither. Wrong ... it works, but the browser caches the credentials and performs itself a re-login (right?). Is there any other (easy / designated) solution than restarting the browser?

Question 1a:
I read that the manually invocation of the Basic Auth Popup is not possible, ok. Is this possible using Form Auth?
If yes, then I could store an logout-attribute, check this at each page call and so I'd have a workaround regarding the browser's credential caching...

Question 2:
Is there a possibility to retreive the current LoginContext (although I didn't create the LoginContext instance within my code) in order to manually perform the logout method of my custom login module?


I'd be so glad for helpful suggestions and solutions - and please don't damn me, if I missed an existing solution-topic and thus didn't read it :-/

Thx



View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4037586#4037586

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4037586