Well, thanks a bunch JBoss gurus! (Not you elponderador, the developers who should know this, and should have helped!)
After much searching, I randomly stumbled across the correct incantation: in jboss-web.xml | <jboss-web> | <!-- Specify the security domain for authentication/authorization and | require that the domain's cache be flushed when the session invalidates. | --> | <security-domain flushOnSessionInvalidation="true"> | java:/jaas/jbossweb-form-auth | </security-domain> | </jboss-web> | So now, I can log out when they click the logout link. Great. Next up, how to programatically determine whether a URL is available to the current user. I'm of course using container-managed authorization, but it's no good outputting a link only to have the user click on it, and be tipped into the error page by JBoss. I want to have a custom tag for links which does not output any HTML if the URL is not accessible to the current user. Any ideas? No doubt, I'll find the incantation at some random site given enough searching... View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3913766#3913766 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3913766 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
