Wildfly 26.0.1 LDAP Logout
50 views
Skip to first unread message
Doug Dillon
Sep 19, 2022, 2:31:08 PM9/19/22
to WildFly
Wildfly 26.0.1
1. Defined a security-domain
2. Defined a security-realm
3. Defined a dir-context
We are able to login and access the servlet resource according the the defined roles.
The logout servlet has the following code::
HttpSession session = a_request.getSession(false);
if ( session != null ) {
session.invalidate();
}
a_request.logout();
a_response.sendRedirect(a_request.getContextPath()+ "/logout.jsp");
if ( session != null ) {
session.invalidate();
}
a_request.logout();
a_response.sendRedirect(a_request.getContextPath()+ "/logout.jsp");
User is still able to access application with back button or by opening another window in the browser.
Any guidance would be appreciated.
Thanks
Darran Lofthouse
Sep 20, 2022, 11:14:44 AM9/20/22
to WildFly
What is the authentication mechanism being used for the web application?
Doug Dillon
Sep 20, 2022, 12:25:04 PM9/20/22
to WildFly
BASIC
Darran Lofthouse
Sep 20, 2022, 1:50:28 PM9/20/22
to WildFly
For BASIC authentication you are never "logged in" to "logout", instead the web browser caches and sends the credentials over for each request and the application server performs per request authentication.
If you are looking for an authenticated session which can subsequently be invalidated "logged out" you should use FORM authentication.
Reply all
Reply to author
Forward
0 new messages