If you access your site through http://yoursite.com you would get a dialog
from the browser asking to enter your username and password. If you don't
want to see this dialog you can put your username and password directly in
the URL (ie. http://username:[EMAIL PROTECTED]) and your browser will
send those credentials along with your request. As you've noticed once the
browser has sent credentials once it will keep on sending them with any
other requests you make to that realm.
So redirect the user to a secured page called logout.html with the
credentials in the url (http://logout:[EMAIL PROTECTED]/logout.html).
>From there if you try going back to your site you will get a dialog asking
to authenticate as the user logout would not have permissions for the rest
of the site.
Hope this helps,
Giscard
----------------------------------------------------
Giscard,
I like this idea but I'm not sure what you mean by
logout:[EMAIL PROTECTED]/logout.html. I understand
that the user should be redirected to a protected page
which is accessible only to the logout user, but how
can I set the authorization header to contain the
logout username without having the browser's dialog
box show up and having the end user actually type in
the logout username? Is this possible? Do you mean
use the URLConnection class or something like that?
Thanks for the idea -- it is definitely the one which
carries the most potential at the moment, and I'm
looking forward to your answers.
Jane
--- Giscard Girard <[EMAIL PROTECTED]> wrote:
> Redirect the user to
> logout:[EMAIL PROTECTED]/logout.html
>
> The concept is to create a user for the logout, the
> logout user has access
> to the logout.html page. This will replace the
> Authorization header that
> your previous user had. If someone tries to go back
> to the secured site he
> will be reprompted for authentication because the
> logout user does not have
> access to the site.
>
> Lame hack, but its the only one I could find.
>
_________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at
> http://www.hotmail.com.
>
> Share information about yourself, create your own
> public profile at
> http://profiles.msn.com.
>
>
___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED]
> and include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives:
>
http://archives.java.sun.com/archives/servlet-interest.html
> Resources:
>
http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help:
> http://www.lsoft.com/manuals/user/user.html
> .
> soft.com/manuals/user/user.html
> .
>
__________________________________________________
Do You Yahoo!?
Thousands of Stores. Millions of Products. All in one Place.
http://shopping.yahoo.com/
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
