0

I try to implement the /ibm_security_logout logic in a JSF project. There are some requirements about the way which I should use for logging out.

It should conform this form:

<FORM METHOD=POST ACTION="<%=request.getContextPath()%>/ibm_security_logout"
NAME="LogoutForm">
<INPUT TYPE="HIDDEN" NAME="logoutExitPage"
VALUE="/../weblogin/logout?dest=/myapp/goodbye.jsp">
<INPUT TYPE="submit" NAME="logout" VALUE="Logout">
</FORM>

Both cases must be there.

<%=request.getContextPath()%>/ibm_security_logout"
VALUE="/../weblogin/logout?dest=/myapp/goodbye.jsp">

How can I realise it with commanlink?

<h:commandLink value="Log Out" action="#{sessionController.logout}" />

How should it look like in the bean method??

public void logout() throws IOException {

    ExternalContext ec = FacesContext.getCurrentInstance().getExternalContext();
    ec.invalidateSession();
    ec.redirect("/../weblogin/logout?dest=/myapp/goodbye.jsp");

}

EDIT

#{request.contextPath} = localhost:9080/MyProject
Login Page = localhost:9080/weblogin/login?webapp=/MyProject (Login Page is managed via) an extern Framework
Logout is also managed via an extern framework. Therefore the URL must conform this VALUE="/../weblogin/logout?dest=/weblogin/login?webapp=/MyProject.

I tried it with the code below. But it did not work. 

<form id="logout" action="#{request.contextPath}/ibm_security_logout"
            method="post">
<input type="hidden" name="logoutExitPage"
            value="/../weblogin/logout?dest=/weblogin/login?webapp=/MyProject">
<a  href="#" onclick="document.getElementById('logout').submit()">Logout_NEU</a>
</form>
4

1 回答 1

2

单独使用ExternalContext#invalidateSession()是不够的。/ibm_security_logout如果您使用过 IBM 的登录工具,您绝对需要直接 POST 。它不仅会使会话无效,还会清除 SSO cookie 和 LPTA 身份验证。否则用户可能在失效后仍会自动登录。

您可以在 JSF 中使用纯 HTML。我只会中和那些 90 年代风格的大写标签/属性,因为大写/驼峰式 HTML 标签/属性在 XHTML 中无效(我假设您使用的是 Facelets;您的问题历史至少证实了您使用的是 Facelets)。

<form action="#{request.contextPath}/ibm_security_logout" method="post">
    <input type="hidden" name="logoutExitPage" value="#{request.contextPath}/home.xhtml">
    <input type="submit" name="logout" value="Logout" />
</form>

或者,如果您确实需要一个链接来提交表单,

<form id="logout" action="#{request.contextPath}/ibm_security_logout" method="post">
    <input type="hidden" name="logoutExitPage" value="#{request.contextPath}/home.xhtml">
    <a href="#" onclick="document.getElementById('logout').submit()">Logout</a>
</form>

请注意,logoutExitPage必须代表注销后登录页面的 URL。它不一定需要精确表示/../weblogin/logout?dest=/myapp/goodbye.jsp。那只是一个例子。

于 2012-10-31T13:47:50.160 回答