subject:"Re\: formbased authentication\: logout \?"

Re: formbased authentication: logout ?

2001-02-22 Thread Christian Rauh


uthay wrote:
 
 If you want an application controled authentication why dont you develope a
 session bean that will interact with the login script?

How can that be done without developing the whole custom authentication
mechanism?

Christian Rauh

 
 - Original Message -
 From: "paul marshal" [EMAIL PROTECTED]
 To: "tomcat-list" [EMAIL PROTECTED]
 Sent: Wednesday, February 21, 2001 3:10 PM
 Subject: formbased authentication: logout ?
 
  How do I create a possibility for my users to logout.
  Is there something in the HttpSession that I need to delete ?
  Or how does it all work ?
 
  Paul
 
  --
  Paul Marshall
  [EMAIL PROTECTED]
  089/26019-609
 
  -
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, email: [EMAIL PROTECTED]
 
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, email: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: formbased authentication: logout ?

2001-02-22 Thread uthay


Thats correct.
But it was more of a design issue than anything else.
For me using session bean helps me to have accessor modifier style controle
over my session vars.
Extend it little bit further and you get full session control over your
application.

following code will allow me to control the access to the pages at user or
admin level

boolean admin=false;
if(sessInfo.getUName()==null || sessInfo.getUName()== ""){
%
jsp:forward  page="loginValidate.jsp" /
%
}else{
if(sessInfo.getAuthority().equals("admin")){
admin=true;
}
}

sessInfo.setUName("") will invalidate the user

Comments are welcome
Note:sessInfo-session bean



- Original Message -
From: "Christian Rauh" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, February 22, 2001 2:36 PM
Subject: Re: formbased authentication: logout ?


 uthay wrote:
 
  If you want an application controled authentication why dont you
develope a
  session bean that will interact with the login script?

 How can that be done without developing the whole custom authentication
 mechanism?

 Christian Rauh

 
  - Original Message -
  From: "paul marshal" [EMAIL PROTECTED]
  To: "tomcat-list" [EMAIL PROTECTED]
  Sent: Wednesday, February 21, 2001 3:10 PM
  Subject: formbased authentication: logout ?
 
   How do I create a possibility for my users to logout.
   Is there something in the HttpSession that I need to delete ?
   Or how does it all work ?
  
   Paul
  
   --
   Paul Marshall
   [EMAIL PROTECTED]
   089/26019-609
  
   -
   To unsubscribe, e-mail: [EMAIL PROTECTED]
   For additional commands, email: [EMAIL PROTECTED]
  
  
 
  -
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, email: [EMAIL PROTECTED]

 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, email: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: formbased authentication: logout ?

2001-02-21 Thread Bill_Fellows/MO/americancentury




I'm sure others are more knowledgeable, but from what I've been able to observe
(snoop servlet is wonderful), a session must have been created before
authentication.  I'm basing all of my stuff off of my b*stardization of
SimpleRealm, BTW.  Session name is JSESSIONID.  A principal user is defined and
the username and password are stored in the session variable (j_username 
j_password.) upon successful authentication.  A tomcat.auth.originalLocation is
defined if they attempted to access a specific secure part before being
authenticated.  If so, after they authenticate it takes them to that particular
page.

To logout, I have my users hit a servlet (could be a jsp) that goes through all
the cookies and expires them.  Since tomcat can only expire the cookies it
created, you don't have to worry about killing someone else's cookie.  Looking
at my code now, I can't remember if expiring the session takes care of removing
the cookies or not.  At any rate, I think I had trouble getting the
session.invalidate() to work in a jsp (since they create sessions automagically)
so maybe that's why I went to the jsp.  Maybe the invalidate is required to drop
the principal user...  At any rate, I'm going to re-evaluate my code but this
does work.  Enjoy.

/bill

public void doGet(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException
{
  if ( request.isRequestedSessionIdValid() )
  {
  HttpSession session = request.getSession(false);
  session.invalidate();
  }
  {
 Cookie BagofGingerSnaps[]  = request.getCookies();
 for (int i = 0; i  BagofGingerSnaps.length ; i++)
 {
BagofGingerSnaps[i].setMaxAge(0);  //expire all cookies in 0 seconds
response.addCookie(BagofGingerSnaps[i]);  //replace old cookies with
the new
 }
  }
  response.sendRedirect(stLogoutDestination);

}//closes doGet




paul marshal [EMAIL PROTECTED] on 02/21/2001 09:10:08 AM



Please respond to [EMAIL PROTECTED]

To:   tomcat-list [EMAIL PROTECTED]
cc:(bcc: Bill Fellows/MO/americancentury)
Subject:  formbased authentication: logout ?



How do I create a possibility for my users to logout.
Is there something in the HttpSession that I need to delete ?
Or how does it all work ?

Paul

--
Paul Marshall
[EMAIL PROTECTED]
089/26019-609

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]









-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: formbased authentication: logout ?

2001-02-21 Thread uthay

If you want an application controled authentication why dont you develope a
session bean that will interact with the login script?

- Original Message -
From: "paul marshal" [EMAIL PROTECTED]
To: "tomcat-list" [EMAIL PROTECTED]
Sent: Wednesday, February 21, 2001 3:10 PM
Subject: formbased authentication: logout ?

 How do I create a possibility for my users to logout.
 Is there something in the HttpSession that I need to delete ?
 Or how does it all work ?

 Paul

 --
 Paul Marshall
 [EMAIL PROTECTED]
 089/26019-609

 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, email: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: formbased authentication: logout ?

2001-02-21 Thread Charles Sabourdin


you create a page where you set :
%session.invalidate() %

then the session is eligable for the garbage
collector.


--- paul marshal [EMAIL PROTECTED] wrote:
 How do I create a possibility for my users to
 logout. 
 Is there something in the HttpSession that I need to
 delete ?
 Or how does it all work ?
 
 Paul
 
 -- 
 Paul Marshall
 [EMAIL PROTECTED]
 089/26019-609
 

-
 To unsubscribe, e-mail:
 [EMAIL PROTECTED]
 For additional commands, email:
 [EMAIL PROTECTED]
 


__
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices! http://auctions.yahoo.com/

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: formbased authentication: logout ?

Re: formbased authentication: logout ?

Re: formbased authentication: logout ?

Re: formbased authentication: logout ?

Re: formbased authentication: logout ?

5 matches

Site Navigation

Mail list logo

Footer information