登录后如何正确注销 Java EE 6 Web 应用程序 [英] How to properly logout of a Java EE 6 Web Application after logging in

问题描述

一个非常简单的要求.登录 Web J2EE 6 应用程序后，如何让用户再次注销?

A pretty simple requirement. After logging into web J2EE 6 application, how can I have the user logout again?

我看过的大多数(全部?)书籍和教程都展示了如何向他们的应用程序添加登录/登录错误页面，并使用j_security_check"方法演示安全主体/角色/领域等的使用 - 一切都很好.但是不清楚如何赋予用户注销的权力.实际上，我如何在会话超时等之后强制注销?

Most (all?) the books and tutorials I have seen show how to add a login/loginerror page to their application and demonstrate the use of security principals/roles/realms etc using the "j_security_check" method - all good. But then it's not clear how to give the user the power to logout. Indeed, how can I force a logout after, say, the session times out, etc?

推荐答案

你应该有 logout servlet/jsp 它使用以下方式使会话无效:

You should have logout servlet/jsp which invalidates the session using the following ways:

• 在 Servlet 3.0 之前，使用 session.invalidate() 方法 也会使会话无效.
• Servlet 3.0 提供了一个 API 方法 HttpServletRequest.logout()，它只会使安全上下文无效，会话仍然存在.

• Before Servlet 3.0, using session.invalidate() method which invalidates the session also.
• Servlet 3.0 provides a API method HttpServletRequest.logout() which invalidates only the security context and the session still exists.

而且，应用程序 UI 应该提供一个链接来调用 logout servlet/jsp

And, the Application UI should be providing a link which invokes that logout servlet/jsp

问题:确实，我怎样才能在会话超时等之后强制注销?

Question: Indeed, how can I force a logout after, say, the session times out, etc?

答案: web.xml 中的 <session-timeout> 允许您定义超时值，超时后会话将被服务器失效.

Answer: The <session-timeout> in web.xml lets you define the timeout value after which the session will get invalidated by the server.

这篇关于登录后如何正确注销 Java EE 6 Web 应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！