users@glassfish.java.net

Logoff from Realm authentication

From: <glassfish_at_javadesktop.org>
Date: Mon, 04 Jan 2010 07:02:54 PST

Hi everyone,

Having a problem which is I cannot logout my user that was authenticated on a fileRealm realm.

My web.xml file looks something like this :

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>testrealm</realm-name>
</login-config>

<security-constraint>
<web-resource-collection>
<web-resource-name>Test</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>master</role-name>
</auth-constraint>
</security-constraint>

I manage to login properly and all that.
Then I created a method on a servlet that basically just calls getSession from the response and invalidate() that session.

I refresh the page of my application and apparently I'm still logged in, or at least it does not prompt me to insert credentials again.

Any thoughs ?
Thanks
[Message sent by forum member 'syshex' (rui.pereira_at_jbaysolutions.com)]

http://forums.java.net/jive/thread.jspa?messageID=378577