如何在登录后正确注销Java EE 6 Web应用程序 [英] How to properly logout of a Java EE 6 Web Application after logging in

问题描述

一个非常简单的要求。登录到Web J2EE 6应用程序后，如何让用户再次注销？

A pretty simple requirement. After logging into web J2EE 6 application, how can I have the user logout again?

我看过的大多数（全部？）书籍和教程都展示了如何在他们的应用程序中添加login / loginerror页面并演示安全主体/角色/领域的使用等等使用j_security_check方法 - 一切都很好。但是，目前尚不清楚如何赋予用户注销权。事实上，如何在会话超时等之后强制退出？

Most (all?) the books and tutorials I have seen show how to add a login/loginerror page to their application and demonstrate the use of security principals/roles/realms etc using the "j_security_check" method - all good. But then it's not clear how to give the user the power to logout. Indeed, how can I force a logout after, say, the session times out, etc?

推荐答案

你应该有 logout servlet / jsp 使用以下方式使会话无效：

You should have logout servlet/jsp which invalidates the session using the following ways:

• 在Servlet 3.0之前，使用 session.invalidate（）方法也使会话无效。


• Servlet 3.0提供了一个API方法 HttpServletRequest.logout（），它只使安全上下文无效，并且会话仍然存在。

• Before Servlet 3.0, using session.invalidate() method which invalidates the session also.
• Servlet 3.0 provides a API method HttpServletRequest.logout() which invalidates only the security context and the session still exists.

并且，应用程序UI应该提供一个调用注销servlet / jsp 的链接

And, the Application UI should be providing a link which invokes that logout servlet/jsp

问题：确实，如何在会话超时等之后强行退出？

Question: Indeed, how can I force a logout after, say, the session times out, etc?

答案： web.xml中的< session-timeout> 可让您定义超时值，之后会话将被服务器无效。

Answer: The <session-timeout> in web.xml lets you define the timeout value after which the session will get invalidated by the server.

这篇关于如何在登录后正确注销Java EE 6 Web应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！