Honestly I don't want the programmatic login approach I just need to know the best way to deauthorize a user for instance calling loginContext.logout(). I can invalidate the session which accomplishes the same thing (getting rid of the Subject and principles) however this is not best practice surely. I'll give that a read over again and see if there is something I'm missing.
[Message sent by forum member 'sloanb' (sloanb)]
http://forums.java.net/jive/thread.jspa?messageID=286064