Hello,
I have SingleSignOn setup on the web engine and I am trying to build a jsp that will
force the user to re-authenticate when visited (LogOff menu).
I did the following (with scriplet for now) in the welcome page:
<%
// creates a new session if does not exist
HttpSession hsession = request.getSession(false);
if (hsession.isNew())
{
System.out.println("**** creating a _NEW_ session ****");
request.getSession();
}
else
System.out.println("**** using _CURRENT_ session ****");
%>
and in the logoff.jsp:
<%
request.getSession().invalidate()
%>
the session is invalidated (I get a new token id for instance), yet authentification
is not forced again: user can still access any page without authentificating (same
behavior on MSIE and netscape).
I am using BASIC authentification for the login-config. is there any specific servlet
configuration required for this to work ?
Thanks,
Sebastien.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3844441#3844441
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3844441
-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
