问题
I am working in websphere 7.0. I use the security from the application server. I would like to removing the association with the user, so user is redirected to the login page before accessing a secure resource (and request.getUserPrincipal() returns null).
I try :
request.getSession().invalidate();
but the user principal is still associated.
How could I remove that association?
回答1:
On websphere, a special logout form calles must be used :
http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/tsec_pofolo.html
Here what I am using :
<body onload="javascript:document.logout.submit()">
<h2>Sample Form Logout</h2>
<form METHOD=POST ACTION="ibm_security_logout" NAME="logout">
Click this button to log out:
<input type="submit" name="logout" value="Logout">
<INPUT TYPE="HIDDEN" name="logoutExitPage" VALUE="/some url">
</form>
</body>
来源:https://stackoverflow.com/questions/3628796/how-do-i-logout-from-java-ee-container-managed-security