登录后如何正确注销 Java EE 6 Web 应用程序 [英] How to properly logout of a Java EE 6 Web Application after logging in
问题描述
一个非常简单的要求.登录 Web J2EE 6 应用程序后,如何让用户再次注销?
A pretty simple requirement. After logging into web J2EE 6 application, how can I have the user logout again?
我看过的大多数(全部?)书籍和教程都展示了如何向他们的应用程序添加登录/登录错误页面,并使用j_security_check"方法演示安全主体/角色/领域等的使用 - 一切都很好.但是不清楚如何赋予用户注销的权力.实际上,我如何在会话超时等之后强制注销?
Most (all?) the books and tutorials I have seen show how to add a login/loginerror page to their application and demonstrate the use of security principals/roles/realms etc using the "j_security_check" method - all good. But then it's not clear how to give the user the power to logout. Indeed, how can I force a logout after, say, the session times out, etc?
推荐答案
你应该有 logout servlet/jsp
它使用以下方式使会话无效:
You should have logout servlet/jsp
which invalidates the session using the following ways:
- 在 Servlet 3.0 之前,使用
session.invalidate() 方法
也会使会话无效. - Servlet 3.0 提供了一个 API 方法
HttpServletRequest.logout()
,它只会使安全上下文无效,会话仍然存在.
- Before Servlet 3.0, using
session.invalidate() method
which invalidates the session also. - Servlet 3.0 provides a API method
HttpServletRequest.logout()
which invalidates only the security context and the session still exists.
而且,应用程序 UI 应该提供一个链接来调用 logout servlet/jsp
And, the Application UI should be providing a link which invokes that logout servlet/jsp
问题:确实,我怎样才能在会话超时等之后强制注销?
Question: Indeed, how can I force a logout after, say, the session times out, etc?
答案: web.xml 中的 <session-timeout>
允许您定义超时值,超时后会话将被服务器失效.
Answer: The <session-timeout>
in web.xml lets you define the timeout value after which the session will get invalidated by the server.
这篇关于登录后如何正确注销 Java EE 6 Web 应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!