Logout after custom login

15 views
Skip to first unread message

IT Tudes

unread,
Apr 4, 2012, 8:55:37 AM4/4/12
to Jease - The Java CMS with Ease
Hi,

I'm using a CustomAccess object, it extends jease.cms.domain.Access
overriding the method:

public boolean approves(String login, String password) {...}

Using it I can protect some cms resources applying my own security
policy (implemented in CustomAccess).
The authentication part is managed keeping the actual basic http
authentication.
The login process works fine but I would like find a solution to
perform logout (J)easly :)

Now the actual solution is closing the browser to invalidate the
session.

Thanks!
Alessandro

Maik Jablonski

unread,
Apr 5, 2012, 4:31:59 AM4/5/12
to je...@googlegroups.com
Hi,

...


> The login process works fine but I would like find a solution to
> perform logout (J)easly :)
>
> Now the actual solution is closing the browser to invalidate the
> session.

there's no (j)easy way to solve this issue, because "basic
authorization" isn't designed by specification for a logout-scenary.
There are lots of discussions around this issue in the web:

http://stackoverflow.com/questions/449788/http-authentication-logout-via-php

The simple approach: create another Access-Object with same title (but
other credentials) besides your main Access-Object. If you want to
logout, simlpy redirect/forward the request to this second
Access-object (or just point your "Logout"-link to the URI of the
second Access object), which sends a new validation request. If the
user just hits "cancel" on the dialog, he/she is logged out. Not very
nice from a UI perspective, but maybe the only solution which works
across all browsers.

HTH, Maik

Reply all
Reply to author
Forward
0 new messages