My application requires client certificate authentication (with use of smart
cards). The only problem is implementation of "logout" functionality.
I'm pretty sure in "logout" business method I should get access to current
SSLSession object and call invalidate on that object. As I checked
HttpSession.invalidate() doesn't invalidate SSLSession.
QUESTION: how can I get access to SSLSession in EJB method under Glassfish
3.1.1?
Portable procedure is preferable.
--
[Message sent by forum member 'ktomaszewski']
View Post: http://forums.java.net/node/883582