Recipe 15.5 Logging Out a User

Recipe 15.5 Logging Out a User


You want to log out a user in a system that uses form-based authentication.


Call invalidate( ) on the user's HttpSession object.


Invalidating a user's HttpSession object will log the user out in an application that uses form-based authentication. Naturally, this code involves calling HttpSession.invalidate( ) . Example 15-8 displays some information about a logged-in user, then logs him out by invalidating his session. The next time this user requests a protected resource, the web application will send him to the configured login page, because he has been logged out of the application.

Example 15-8. Logging out a user
 package com.jspservletcookbook;            import javax.servlet.*; import javax.servlet.http.*; public class LogoutServlet extends HttpServlet {   public void doGet(HttpServletRequest request,      HttpServletResponse response)throws ServletException, {             HttpSession session = request.getSession( );        response.setContentType("text/html"); out = response.getWriter( );        out.println(        "<html><head><title>Authenticated User Info</title></head><body>");            out.println("<h2>Logging out a user</h2>");        out.println("request.getRemoteUser( ) returns: ");  //get the logged-in user's name        String remUser = request.getRemoteUser( );        //Is the request.getRemoteUser( ) return value null? If        //so, then the user is not authenticated        out.println(remUser == null ? "Not authenticated." : remUser );        out.println("<br>");        out.println("request.isUserInRole(\"dbadmin\")  returns: ");        //Find out whether the user is in the dbadmin role        boolean isInRole = request.isUserInRole("dbadmin");        out.println(isInRole);        out.println("<br>");        //log out the user by invalidating the HttpSession        session.invalidate( );  out.println("</body></html>");          } //doGet         public void doPost(HttpServletRequest request,      HttpServletResponse response) throws ServletException, {               doGet(request,response);             } //doPost } //LogoutServlet 

A logged-in user who requests this servlet sees the output in Figure 15-5. The servlet displays the return values of HttpServletRequest.getRemoteUser( ) (the username) and HttpServletRequest.isUserInRole( ) . The latter method returns a boolean value indicating whether the user is associated with the role specified by the method's String parameter.

Figure 15-5. A servlet shows some user- related information before logging out the user

The servlet then invalidates the user's session to log her out. Rerequesting the servlet produces the output shown in Figure 15-6.

Figure 15-6. The servlet's output indicates a logged-out user

See Also

The Tomcat documentation and Recipe 15.2 on setting up SSL for use with authentication:; Recipe 3.9 on restricting requests for certain servlets; Recipe 15.6-Recipe 15.9 on using JAAS.

Java Servlet & JSP Cookbook
Java Servlet & JSP Cookbook
ISBN: 0596005725
EAN: 2147483647
Year: 2004
Pages: 326 © 2008-2017.
If you may any questions please contact us: