How do I logout from Java EE container managed security?

StackOverflow https://stackoverflow.com/questions/3628796

Question

I am working in websphere 7.0. I use the security from the application server. I would like to removing the association with the user, so user is redirected to the login page before accessing a secure resource (and request.getUserPrincipal() returns null).

I try :

request.getSession().invalidate();

but the user principal is still associated.

How could I remove that association?

Was it helpful?

Solution

On websphere, a special logout form calles must be used :

http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/tsec_pofolo.html

Here what I am using : 

<body onload="javascript:document.logout.submit()">
    <h2>Sample Form Logout</h2>
    <form METHOD=POST ACTION="ibm_security_logout" NAME="logout">
    Click this button to log out:
    <input type="submit" name="logout" value="Logout">
    <INPUT TYPE="HIDDEN" name="logoutExitPage" VALUE="/some url">
    </form>
</body>
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top