Logging *out*
3 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   A_R
Posted On:   Friday, August 31, 2001 09:24 AM


I have a few servlets that can be accesed from my page. I have set up different roles for each servlet, therefore access is only allowed to specific roles for each servlet. Once I have logged in once, how do I get Tomcat to ask for authentication again if I want to go to my other servlets. Right now, it just directly goes and if the role is the same as my first login then it lets me in, however, if it's not then it just gives me the error message, but does not prompt me to try logging in again. Any suggestions?

Re: Logging *out*

Posted By:   Ram_Sripracha  
Posted On:   Thursday, August 1, 2002 03:30 PM

use the getSession to retrive the session then us the 'invalidate' method to invalidate the session. This will force Tomcat to re authen.

-ram

Re: Logging *out*

Posted By:   Marcel_Offermans  
Posted On:   Tuesday, December 11, 2001 03:41 AM

If you use basic authentication, you really can't log out unless you completely quit your browser.



This type of authentication requires the browser to identify itself for each request. Since it doesn't want to "bother" the user every time, the browser caches username and password and automatically sends it along with each request.



From your question, I'm guessing you have users that have roles. If a user does not have a role, you want to allow a different user to log in. Since you can't do that, the only thing you can try is "invalidate" the whole user account as soon as that user is not in a role you require. Say you start with first.html and log in as user bob with password bob, the authentication mechanism will look up bob in the database, check the password and allow access if bob has the role required for first.html. Now suppose you go to second.html from there and that only user joe has a role required for that. You first get a request for second.html with bob/bob. You see it's bob, you see bob doesn't have the right role, so you simply refuse bob access here by just pretending he supplied the wrong password. The user then will have the opportunity to switch to joe for this page.

Re: Logging *out*

Posted By:   Sachin_Patil  
Posted On:   Sunday, December 2, 2001 07:55 PM

Your Question needs bit more explanation still shall give it a go. If the servlet knows the "role" assigned and gives an error(details appreciated) one can always trap the error and redirect it to the login URL(servlet or html or jsp). eg. I have a login servlet which connects to database as sysadmin or normal user. If logged in as a user and i try to update tables it doesnt allow me to do and displays proper alert. I redirect it to the login servlet after the message. I hope answer is related to the question.
About | Sitemap | Contact