Here goes web.xml and servlet.xml
I will note that server.xml contains SingleSignOn because I've got two
applications which share logging
<?xml version="1.0" encoding="UTF-8"?>
<web-app>
<!-- Authentication -->
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>com.server.servlet.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/login.do</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>LogoutServlet</servlet-name>
<servlet-class>com.server.servlet.LogoutServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LogoutServlet</servlet-name>
<url-pattern>/logout.do</url-pattern>
</servlet-mapping>
<!-- Default page to serve -->
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>ssl</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>admin</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>realm</realm-name>
<form-login-config>
<form-login-page>/login.do</form-login-page>
<form-error-page>/error.do</form-error-page>
</form-login-config>
</login-config>
</web-app>
***************
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1"
redirectPort="8443"/>
<Connector SSLEnabled="true" clientAuth="false"
keystoreFile="C:\keystore.jks" keystorePass="tomcat" maxThreads="150"
port="8443" protocol="HTTP/1.1" scheme="https" secure="true"
sslProtocol="TLS"/>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
<Engine defaultHost="localhost" name="Catalina">
<Realm
className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
<Host appBase="webapps" autoDeploy="true"
name="localhost" unpackWARs="true">
<Realm className="com.realm.CustomRealm"
dataSourceName="ds_admin"
digest="SHA" roleNameCol="role" userCredCol="password"
userNameCol="email" userRoleTable="group_role_user" userTable="user"/>
<Valve
className="org.apache.catalina.authenticator.SingleSignOn"/>
<Context crossContext="true" path="/login"
reloadable="true"/>
<Context crossContext="true" path="/admin" reloadable="true" /></Host>
</Engine>
2011/9/16 Christopher Schultz <[email protected]>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Chema,
>
> On 9/16/2011 1:25 PM, Chema wrote:
>>>
>>> Presumably, you are using CLIENT-CERT as your <auth-method>?
>>
>> No, [I am using] FORM method
>
> Hmm. HttpSession.invalidate() *is* the proper way to terminate a
> "FORM" authentication login.
>
>> session.invalidate(); org.apache.tomcat.util.net.SSLSessionManager
>> mgr
>> =(org.apache.tomcat.util.net.SSLSessionManager)request.getAttribute("javax.servlet.request.ssl_session_mgr");
>>
>>
> mgr.invalidateSession();
>
> You don't need this SSL stuff. HttpSession.invalidate() ought to do
> the trick.
>
>> response.setHeader("Connection", "close");
>
> This is optional, and not usually necessary.
>
>> but didnt work. does anyone have worked with realm + SSL ? anyone
>> ?
>
> This definitely works.
>
> Are you saying that when you use HTTP instead of HTTPS, logouts work?
> That sounds really strange.
>
> Please post the relevant sections of web.xml and server.xml, and be
> sure to remove any sensitive information.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk5ziX4ACgkQ9CaO5/Lv0PCitQCgwgv0Khtvabe0xJK0A5SYe0u0
> BlAAnRno9V/PAwyRKIs1s4cC/2oFz0GK
> =pshV
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
