Discussion:
How do I "force" a logout, using ibm_security_logout?
(too old to reply)
a***@gbm.net
2007-10-26 19:26:05 UTC
Permalink
I´m a newbee trying to secure a web application. I have a common access servlet in my application, and I´m doing some additional business logic validations in this servlet. This servlet is a protected resource, so the user is redirected to a login page when he try´s to access it. The user enters his login and password and then accesses the servlet. If a certain validation is not correct, then the user is bumped out of the system; I need to force a logout.

How do I do this? I´ve seen that from a JSP page you can add a form that uses the ibm_security_logout, but this is done with a user action (onSubmit). I need to do this from a servlet, is this even posible?

Thankyou,
Paul Ilechko
2007-10-26 20:43:03 UTC
Permalink
Post by a***@gbm.net
I´m a newbee trying to secure a web application. I have a common
access servlet in my application, and I´m doing some additional
business logic validations in this servlet. This servlet is a
protected resource, so the user is redirected to a login page when he
try´s to access it. The user enters his login and password and then
accesses the servlet. If a certain validation is not correct, then
the user is bumped out of the system; I need to force a logout.
How do I do this? I´ve seen that from a JSP page you can add a form
that uses the ibm_security_logout, but this is done with a user
action (onSubmit). I need to do this from a servlet, is this even
posible?
It's just a POST to the ibm_security_logout servlet.
a***@gbm.net
2007-10-29 16:05:14 UTC
Permalink
Could you be more explicit? Are you talking about doing the following in my doPost method from my servlet?

RequestDispatcher disp;
disp = getServletContext().getRequestDispatcher("/ibm_security_logout");
request.setAttribute("userID", request.getRemoteUser());
disp.forward(request, response);

Thankyou,
Paul Ilechko
2007-10-29 17:23:53 UTC
Permalink
Post by a***@gbm.net
Could you be more explicit? Are you talking about doing the following in my doPost method from my servlet?
RequestDispatcher disp;
disp = getServletContext().getRequestDispatcher("/ibm_security_logout");
request.setAttribute("userID", request.getRemoteUser());
disp.forward(request, response);
Thankyou,
Something like that. Did it work?
dwForum
2009-11-11 17:14:27 UTC
Permalink
Hi,

I would like to do the same pattern and I implement the forward code. In the first look it's seem work because the application forward to loginPage but if I write a secure url page the application accept the page instead to denied it.
It seem that the credential is not release. Somebody know how to fix it?

Gilles.
Davanum Srinivas
2009-11-11 18:13:52 UTC
Permalink
Gilles,

Please try

response.sendRedirect(request.getContextPath() + "/ibm_security_logout?logoutExitPage=" + "/");

as shown here:

http://www.lbenitez.com/2008/10/how-to-change-logout-url-for-lotus.html

thanks,
dims

Les
2007-10-30 18:41:48 UTC
Permalink
Post by a***@gbm.net
I´m a newbee trying to secure a web application. I have a common access servlet in my application, and I´m doing some additional business logic validations in this servlet. This servlet is a protected resource, so the user is redirected to a login page when he try´s to access it. The user enters his login and password and then accesses the servlet. If a certain validation is not correct, then the user is bumped out of the system; I need to force a logout.
How do I do this? I´ve seen that from a JSP page you can add a form that uses the ibm_security_logout, but this is done with a user action (onSubmit). I need to do this from a servlet, is this even posible?
Thankyou,
Couldn't you use Struts/Roles in the application so those who are not
authorized to the servlet, won't even see the option to select it?
Loading...