How do I "force" a logout, using ibm_security_logout? - Websphere

This is a discussion on How do I "force" a logout, using ibm_security_logout? - Websphere ; Im a newbee trying to secure a web application. I have a common access servlet in my application, and Im doing some additional business logic validations in this servlet. This servlet is a protected resource, so the user is redirected ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: How do I "force" a logout, using ibm_security_logout?

  1. How do I "force" a logout, using ibm_security_logout?

    Im a newbee trying to secure a web application. I have a common access servlet in my application, and Im doing some additional business logic validations in this servlet. This servlet is a protected resource, so the user is redirected to a login page when he trys to access it. The user enters his login and password and then accesses the servlet. If a certain validation is not correct, then the user is bumped out of the system; I need to force a logout.

    How do I do this? Ive seen that from a JSP page you can add a form that uses the ibm_security_logout, but this is done with a user action (onSubmit). I need to do this from a servlet, is this even posible?

    Thankyou,

  2. Re: How do I "force" a logout, using ibm_security_logout?

    amelende82@gbm.net wrote:
    > Im a newbee trying to secure a web application. I have a common
    > access servlet in my application, and Im doing some additional
    > business logic validations in this servlet. This servlet is a
    > protected resource, so the user is redirected to a login page when he
    > trys to access it. The user enters his login and password and then
    > accesses the servlet. If a certain validation is not correct, then
    > the user is bumped out of the system; I need to force a logout.
    >
    > How do I do this? Ive seen that from a JSP page you can add a form
    > that uses the ibm_security_logout, but this is done with a user
    > action (onSubmit). I need to do this from a servlet, is this even
    > posible?
    >


    It's just a POST to the ibm_security_logout servlet.

  3. Re: How do I "force" a logout, using ibm_security_logout?

    Could you be more explicit? Are you talking about doing the following in my doPost method from my servlet?

    RequestDispatcher disp;
    disp = getServletContext().getRequestDispatcher("/ibm_security_logout");
    request.setAttribute("userID", request.getRemoteUser());
    disp.forward(request, response);

    Thankyou,

  4. Re: How do I "force" a logout, using ibm_security_logout?

    amelende82@gbm.net wrote:
    > Could you be more explicit? Are you talking about doing the following in my doPost method from my servlet?
    >
    > RequestDispatcher disp;
    > disp = getServletContext().getRequestDispatcher("/ibm_security_logout");
    > request.setAttribute("userID", request.getRemoteUser());
    > disp.forward(request, response);
    >
    > Thankyou,


    Something like that. Did it work?

  5. Re: How do I "force" a logout, using ibm_security_logout?

    On Oct 26, 3:26 pm, wrote:
    > Im a newbee trying to secure a web application. I have a common accessservlet in my application, and Im doing some additional business logic validations in this servlet. This servlet is a protected resource, so the user is redirected to a login page when he trys to access it. The user enters his login and password and then accesses the servlet. If a certain validation is not correct, then the user is bumped out of the system; I need to force a logout.
    >
    > How do I do this? Ive seen that from a JSP page you can add a form that uses the ibm_security_logout, but this is done with a user action (onSubmit). I need to do this from a servlet, is this even posible?
    >
    > Thankyou,


    Couldn't you use Struts/Roles in the application so those who are not
    authorized to the servlet, won't even see the option to select it?


  6. Re: How do I "force" a logout, using ibm_security_logout?

    Hi,

    I would like to do the same pattern and I implement the forward code. In the first look it's seem work because the application forward to loginPage but if I write a secure url page the application accept the page instead to denied it.
    It seem that the credential is not release. Somebody know how to fix it?

    Gilles.

  7. Re: How do I "force" a logout, using ibm_security_logout?

    Gilles,

    Please try

    response.sendRedirect(request.getContextPath() + "/ibm_security_logout?logoutExitPage=" + "/");

    as shown here:

    http://www.lbenitez.com/2008/10/how-...for-lotus.html

    thanks,
    dims

+ Reply to Thread