I took a further look, the JBoss did enforce the login again after the user
logout. however, the content of the login page displayed to the user instead of
the real login pages. this is tested in the GWT based application. Anybody saw
this issues before, please advise. thanks
View the original
I can't see exactly the details of how GWT get the logged user information (the
principal).
but obviously, the GWT application does not know that the Principal is not
anymore out of use.
two way :
- at each request, the GWT re get the Principal (and may all other login
information)
- when
Thanks for the replay, per my testing it indicated the user still was able to
revisit the GWT based application even the session == null the principal ==
null.
So my question is:
Can JBoss container enforce the login after the logout in the GWT based app? if
is not, how to enforce the login