Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to Logout and clear the user details in JAAS

 
mahudees waran
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hai,
i am having a problem in logout using JAAS.I have the subject which is authenticated and it is is in authorized page of the subject.Now if i want to logout what should i do,even now i am calling the logout method manually in login page after checking like this
RdbmsLoginModule rd=new RdbmsLoginModule();
String remoteuser=request.getRemoteUser();
try
{
if(!remoteuser.equals(null))
{
rd.logout();
}
}
catch(Exception e)
{

}
now my logout method is called in my logout method
subject.getPrincipals().remove(rdbmsprincipal);

but even though now if i am printing
request.getUserPrincipal()
request.getRemoteUser()
after logout method is called it prints the principal and name of the last logged in user.now if i need to login as different user i was supposed to stop and restart the server again.How should i do for logout and clearing all the details of the user logged in.

Thanks in Advance,

Mahudees
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In the logout process you generally invalidate the session.

Generally after successful authentication using JAAS , the subject is stored for further use.In that case HTTP session is a good choice for storing the authenticated subject in case of web applications.

So I think simply invalidating the session is enough.

[ July 31, 2007: Message edited by: Rahul Bhattacharjee ]
 
Michael Ku
Ranch Hand
Posts: 510
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
mahudees, I am interested in learning to write a login module to be used with declarative security in my web.xml file. Can you offer any guidance writing the module. I do not know which objects (Subject, Principal, etc) to create and how to populate them. I want to declare the roles in web.xml, use the web-resource-collection tags to allow access to certain parts of my web app via roles declared in the same web.xml

Would you please help?

Thank you
 
mahudees waran
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Michael Ku ,
Actually i had too got the source from net for practicing and i had struglled to implement it.But after doing that i felt how easy it is.but the the way i found difficult was only untill i am able to execute my first example.i had implemented it in form based authentication to authenticate and latter upon i moved to jaas for authenticaion and authorization.untill now i am having a basic idea not much depth knowledge.moving my steps deepper in to it.


Mahudees
 
Michael Ku
Ranch Hand
Posts: 510
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
would you share the example that you used to get started

Thank you
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic