[JBoss-user] [Security & JAAS/JBoss] - Not able to logout after login

Tue, 28 Sep 2004 17:56:06 -0700 

I deployed a struts app to JBoss 3.2.3 using JBoss'
UsersRolesLoginModule. In the LogoutAction I invalidate
the session and redirect to a resource that requires login.
The resource shows up without a login prompt. Here is
the part of the web.xml:

<web-resource-collection>
<web-resource-name>Protected All Resources</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>

<!-- Anyone with these roles may enter this area. -->
<auth-constraint>
<role-name>csr</role-name>
</auth-constraint>
    <user-data-constraint>
          <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>

<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>csr</realm-name>
</login-config>

<!-- Security roles referenced by this web application -->
<security-role>
<role-name>csr</role-name>
</security-role>

jboss-web.xml:
<jboss-web>
   <security-domain>java:/jaas/csr</security-domain>
</jboss-web>

In login-config.xml of JBoss I have
    <application-policy name = "csr">
       <!-- A simple server login module, which can be used when the number 
       of users is relatively small. It uses two properties files:
       users.properties, which holds users (key) and their password (value).
       roles.properties, which holds users (key) and a comma-separated list of
       their roles (value).
       The unauthenticatedIdentity property defines the name of the principal
       that will be used when a null username and password are presented as is
       the case for an unuathenticated web client or MDB. If you want to
       allow such users to be authenticated add the property, e.g.,
       unauthenticatedIdentity="nobody"
       -->
       
          <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required">
<module-option name = "usersProperties">users.properties</module-option>
<module-option name = "rolesProperties">roles.properties</module-option>
                    </login-module>

       
    </application-policy>

Login works fine but logout doesn't.

Thanks for help.

Donno

View the original post : 
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3849813#3849813

Reply to the post : 
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3849813


-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to