如何在登录后正确注销Java EE 6 Web应用程序 [英] How to properly logout of a Java EE 6 Web Application after logging in
问题描述
一个非常简单的要求。登录到Web J2EE 6应用程序后,如何让用户再次注销?
A pretty simple requirement. After logging into web J2EE 6 application, how can I have the user logout again?
我看过的大多数(全部?)书籍和教程都展示了如何在他们的应用程序中添加login / loginerror页面并演示安全主体/角色/领域的使用等等使用j_security_check方法 - 一切都很好。但是,目前尚不清楚如何赋予用户注销权。事实上,如何在会话超时等之后强制退出?
Most (all?) the books and tutorials I have seen show how to add a login/loginerror page to their application and demonstrate the use of security principals/roles/realms etc using the "j_security_check" method - all good. But then it's not clear how to give the user the power to logout. Indeed, how can I force a logout after, say, the session times out, etc?
推荐答案
你应该有 logout servlet / jsp
使用以下方式使会话无效:
You should have logout servlet/jsp
which invalidates the session using the following ways:
- 在Servlet 3.0之前,使用
session.invalidate()方法
也使会话无效。 - Servlet 3.0提供了一个API方法
HttpServletRequest.logout()
,它只使安全上下文无效,并且会话仍然存在。
- Before Servlet 3.0, using
session.invalidate() method
which invalidates the session also. - Servlet 3.0 provides a API method
HttpServletRequest.logout()
which invalidates only the security context and the session still exists.
并且,应用程序UI应该提供一个调用注销servlet / jsp
的链接
And, the Application UI should be providing a link which invokes that logout servlet/jsp
问题:确实,如何在会话超时等之后强行退出?
Question: Indeed, how can I force a logout after, say, the session times out, etc?
答案: web.xml中的< session-timeout>
可让您定义超时值,之后会话将被服务器无效。
Answer: The <session-timeout>
in web.xml lets you define the timeout value after which the session will get invalidated by the server.
这篇关于如何在登录后正确注销Java EE 6 Web应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!