users@jersey.java.net

Re: [Jersey] Web applications using XMLHttpRequest and JAX-RS REST/JSON Web Services

From: Paul Sandoz <Paul.Sandoz_at_Sun.COM>
Date: Wed, 12 Nov 2008 19:09:32 +0100

On Nov 12, 2008, at 7:00 PM, Jakub Podlesak wrote:

> On Mon, Nov 10, 2008 at 06:44:57PM +0100, Paul Sandoz wrote:
>> On Nov 10, 2008, at 4:59 PM, Julio Faerman wrote:
>>
> <snip>
>>>
>>>
>>>> A general issue is how to log out. I am not actually sure. I do
>>>> not know
>>>> if
>>>> it is possible to browse my authenticated sessions in Firefox.
>>>> Ideally a
>>>> button on the web page would interact with the browser through some
>>>> standard
>>>> API.
>>>
>>> I read that a 401 response should log me out,
>>
>> I think that is a response to an unauthorized request:
>>
>> http://greenbytes.de/tech/webdav/rfc2616.html#status.401
>>
>>
>>> but that did not worked
>>> for me, and even if it did, i think it would be browser specific.
>>> As i
>>> am using container managed auth, i am looking for a standard JEE way
>>> to log out.
>>>
>>
>> This is probably one of the draw backs of HTTP basic auth. I think it
>> requires a different auth mechanism where by the server can
>> invalidate the
>> authentication of a user.
>
> Regarding logging-out, for Firefox, you can do just: [Tools]->[Clear
> Private Data],
> and check [Authenticated Sessions]. Then Firefox will stop sending
> the authentication
> headres with the requests.
>

Yes, i noticed that to. It will log you out of everything though.


> It is up to client, whether or not to send the authentication
> information
> to the server. This way is IMHO better then if client had to ask
> server
> to log it out.

The server could also timeout the authentication, if one were using
another form of HTTP authentication.


> Maybe there is certain standard JavaScript API
> allowing a script to control this?
>

Quite possibly. It could allow the server to customize the log out.

Paul.

> ~Jakub
>
>>
>> Paul.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
>> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.