jfc100 wrote: > Hi, > > tc323jboss241a,tiles+struts > > Can anyone explain this to me. In a struts action servlet, I > invalidate a form-based-authenticated user's session object > (successfully) and then immediately call getUserPrincipal(), in the > same servlet, which returns the users name. It seems the user is only > truely logged out once a response has been returned to the client > because the very next request is treated as an unauthenticated user. > > In this case I would like the user to be seen by the presentation > layer as being already logged out (i.e. as the goodbye page is > constructed). > > Joe > > (How do I know it was successfully invalidated? Because I cannot > access its attributes when trying to see if it still contained the > username/password. I get a msg saying the session was invalidated.) > > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > This is the security environment:
I have, as yet, not set up ejb security as I would like to leave that out altogether if possible but still have declarative security available to use in the ejb tier if neccessary. So at the moment I am simply using form-based authentication which (somehow?) is routed through to the DatabaseServerLoginModule (defined in auth.conf) which interogates the appropriate db tables(the default ones). I can login and logout of my app although when I logout, it seems as though only after the current request has been handled completely that I am logged out. I want the tiles processor to recognize that the current user is now no longer logged in - i.e. on the way out, so that the now logged out user sees the appropriate response. I have a debug statement in the action servlet which prints loggedIn == true after I have invalidated the session. Any help much appreciated! Joe -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
