使 weblogic 11g 中所有应用程序的会话无效
我是 weblogic 的新手,正在从 jboss 移植一系列 Web 应用程序。我有多个战争部署到同一个 weblogic 服务器。所有这些都配置为由活动目录支持的基于表单的身份验证。
但是,我在注销应用程序时遇到问题。我有一个应用程序作为我的登录应用程序,其中包含实际的 login.jsp 表单。它还有一个调用 session.invalidate() 的注销 Servlet。调用此函数后,我无法访问主应用程序中的受保护页面,但可以访问其他应用程序中的受保护页面。
根据我所读到的内容,weblogic 11g 在所有应用程序之间共享相同的会话,这与我所看到的情况是有道理的。我找到了使用以下内容使所有应用程序中的会话无效的参考:
invalidateAll(HttpServletRequest req)
在包中
weblogic.servlet.security.ServletAuthentication
但是,我在 weblogic 11g 中找不到此内容或类似内容。这个实用程序类在哪里或者我应该如何执行此操作?
谢谢
更新:
根据下面 Josek 的回答,我必须将以下内容添加到我正在部署的所有应用程序的 weblogic.xml 文件中:
<session-descriptor>
<sharing-enabled>true</sharing-enabled>
</session-descriptor>
我正在寻找的 jar 称为 wls-api.jar,其中包含 ServletAuthentication 类。我使用的是基于 zip 的 10.3.3.0 版本的 Web 逻辑服务器。我在 wlserver_10.3 服务器安装中找到了该 jar,作为 Weblogic Fusion 安装的一部分。我刚刚将 jar 添加到我们的 Nexus maven 存储库中。
I am new to weblogic and am porting over a series of web applications from jboss. I have multiple war's that I deploy to the same weblogic server. All of them are configured for Form based authentication backed by active directory.
I'm having issues logging out of the applications however. I have one of the applications that serves as my login application that contains the actual login.jsp form. It also has a logout servlet that calls session.invalidate(). After calling this, i can't access protected pages in the main application, but can access protected pages in the other applications.
From what I've been reading, weblogic 11g shares the same session across all applications, which makes sense with what I am seeing. I'm finding references to using the following to invalidate a session across all applications:
invalidateAll(HttpServletRequest req)
in package
weblogic.servlet.security.ServletAuthentication
However, I can not find this or anything similar in weblogic 11g. Where is this utility class or how should I be doing this?
Thanks
UPDATE:
Based on Josek's answer below, I had to add the following to my weblogic.xml file for all of the applications that I am deploying:
<session-descriptor>
<sharing-enabled>true</sharing-enabled>
</session-descriptor>
The jar that I was looking for is called wls-api.jar that contains the ServletAuthentication class. I was using the zip based 10.3.3.0 version of the web logic server. I found the jar in the installation of the wlserver_10.3 server installation as part of the Weblogic Fusion installation. I just took the jar and added it to our Nexus maven repository.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
< code>invalidateAll 被记录为 WLS 10.3(又名 11g)的一部分,因此它应该在您的注销 servlet 中工作。您尝试过并遇到任何错误吗?
这向我表明,会话不在 Web 应用程序之间共享,这是默认行为。如果会话被共享,用户将从所有应用程序中注销。对于要共享的会话,您必须设置
启用共享为 true
正如文档状态,
invalidateAllis documented as part of WLS 10.3 (aka 11g) so it should work in your logout servlet. Have you tried it and faced any error?This indicates to me, that the sessions are not shared across web applications, which is the default behaviour. If the sessions were shared the user would be logged out of all the applications. For the sessions to be shared, you would have to set
sharing-enabledto true
As the docs state,