Servlet 3.0注销不起作用 [英] Servlet 3.0 logout doesn't work
问题描述
我遇到了Servlet 3.0身份验证功能的问题:
I've got a problem with the authentication features of Servlet 3.0:
在Servlet v3中使用此代码:
With this code in a Servlet v3:
log.info(""+request.getUserPrincipal());
log.info(""+request.getAuthType());
log.info("===^===");
request.logout() ;
log.info(""+request.getUserPrincipal());
log.info(""+request.getAuthType());
request.authenticate(response) ;
log.info("===v===");
log.info(""+request.getUserPrincipal());
log.info(""+request.getAuthType());
我总是希望看到用户名/登录窗口,因为 logout()
函数。相反,它似乎是一个缓存机制,它重新填充凭证并取消我的注销...
I would always expect to see the Username/login windows, because of the logout()
function. Instead, it seems to be a 'cache' mechanism which repopulate the credential and cancel my logout ...
管理员
Admin
BASIC
=== ^ ===
===^===
null
null
=== v ===
===v===
管理员
BASIC
我的firefox是否有问题,或者我在Servlet代码中缺少的东西?
Is it a problem with my firefox, or something I'm missing in the Servlet code?
推荐答案
我总是希望看到用户名/登录窗口,因为
logout()
功能。相反,它似乎是一个缓存机制,它重新填充凭证并取消我的注销...
I would always expect to see the Username/login windows, because of the
logout()
function. Instead, it seems to be a 'cache' mechanism which repopulate the credential and cancel my logout ...
这就是HTTP BASIC的方式设计了AUTH,它允许所有身份验证状态保存在客户端中。换句话说,不可能使用基本/摘要式身份验证注销,服务器无法阻止客户端缓存并在后续请求到服务器时重新发送BASIC身份验证器。
That's the way HTTP BASIC AUTH was designed, it allows all authenticate state to be kept in the client. In other words, its impossible to logout with basic/digest authentication, the server cannot stop a client from caching and resending a BASIC auth authenticator on subsequent requests to the server.
我的建议是使用基于表单的身份验证和 login
HTTPServletRequest <的方法/ code>
。
My suggestion is to use form based authentication and the login
method of HTTPServletRequest
.
- < a href =http://blogs.oracle.com/nithya/entry/new_security_features_in_glassfish1 =nofollow noreferrer> Glassfish v3(Java EE 6)中的新安全功能 - 第二部分
- Glassfish v3(Java EE 6)中的新安全功能 - 第III部分
- 最简单,最便携的方式真实的以编程方式使用
- 如何从Glassfish服务器注销用户 - 需要SUN的帮助
- New Security Features in Glassfish v3 (Java EE 6) - Part II
- New Security Features in Glassfish v3 (Java EE 6) - Part III
- Easiest and most portable way to authenticate programatically
- How to log users out from Glassfish server - need help from SUN
这篇关于Servlet 3.0注销不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!