[jboss-user] [Security & JAAS/JBoss] - Re: Logout from a WebService application
ragavgomatam
do-not-reply at jboss.com
Wed Jan 30 21:32:03 EST 2008
Calling logout() on your LoginModule is only possible if you do a JAAS login with a handle to your CallbackHandler and LoginContext. In the case of web applications the container does this Jaas Login eventhough you have your LoginModule. The container has the instance of the Callback Handler & passes that as arguments to your initialize()method. So calling logout() method on your CustomLoginModule is ruled out when do a web based login...There is no way you can do it from your browser....
Next question is :- Are you certain that the Principal is not cleared from our session... Check it as follows after session time out:-
| Principal p = request.getPrincipal() If the Principal is null then it works else we have an issue......I tried it with jboss 5 Beta 3 & it works...You are redirected to the Login Page again & asked to authenticate
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4124977#4124977
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4124977
More information about the jboss-user
mailing list