Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Logout with Javascript after Form-Based authentication  RSS feed

 
Vasilis Souvatzis
Ranch Hand
Posts: 94
1
Chrome Java Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello once again!

Here's what I want to accomplice... In my web application, I'm building the admin pages with JSF and the client pages with pure HTML and JS (mainly because a frontend friend of mine will help). Security is handled with default Form-Based authentication, no login servlets written by me. When I want to logout from JSF, the way I've been doing it so far is call FacesContext then ExternalContext and invalidate the session.

How do I do this with JavaScript? Perhaps a Logout servlet? Does it work well with JSF? I guess so, JSF uses servlets underneath doesn't it. Is there an easy method to call, similar to j_security_check? There are way to many was to implement security in a project, that's the main reason I'm asking...

I could switch to JSF for the client pages as well (Bootstrap will be used so pretty colours everywhere), but I'd like not to use JSF for some pages...
 
Jeanne Boyarsky
author & internet detective
Sheriff
Posts: 37241
519
Eclipse IDE Java VI Editor
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A logout servlet is a viable approach and the JavaScript can call that.

Your servlet will of course invalidate the session. If you use a single sign on product, you'll also need to sign out from that. One app I worked on, we had to delete the cookies explicitly from the logout code because "the single sign on product" was weird. It's been a long time since I've seen that problem. Just fyi in case your product is old.
 
Vasilis Souvatzis
Ranch Hand
Posts: 94
1
Chrome Java Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey Jeanne, sorry for the late response.

My "product" is simple, just an app I'm building and decided to use the default security mechanisms because they're more than enough, nothing fancy really. I haven't worked with servlets yet but I'll try to make it work, there are many examples online although many are outdated or extremely complicated.

I know that "security" is a highly subjective topic and depends on the application, that's why I'll stick to the provided mechanisms for now and if I need to use something else, I'll try that. If I'm not mistaken (JACC?) provides security for JSF and HTTP requests as well, so I'll be able to secure an HTML client as well.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!