JSF Siteminder 注销
环境
- Richfaces 3.3.3
- JSF 1.2
- Siteminder
要求
用户输入所需的申请地址。 Siteminder 拦截并询问用户名和密码。客户提供凭据。客户使用应用程序并单击注销/退出按钮。应用程序销毁会话并将 302 重定向到相同的应用程序地址,并且 Siteminder 应再次拦截。
问题
我正在尝试从从 siteminder 登录的 richfaces 应用程序注销。注销后,它会返回到应用程序的主页,而不是转到 siteminder 的登录页面。似乎它正在终止应用程序会话,但没有终止站点管理器会话。有没有办法注销 siteminder?
代码
public String logout() {
ExternalContext ec = FacesContext.getCurrentInstance().getExternalContext();
HttpSession session = (HttpSession)ec.getSession(false);
if (session != null) {
session.invalidate();
}
try {
String redirectPath = "https://abcd.xyz.com/context/start.jsf";
ec.redirect(redirectPath);
} catch (IOException e) {
e.printStackTrace();
}
return null;
日志
com.ibm.ws.webcontainer.servlet.ServletWrapper doDestroy SRVE0253I [主机名] [/context] [uri]:销毁成功。 com.ibm.ws.webcontainer.servlet.ServletWrapper init SRVE0242I [主机名] [/上下文] [uri]:初始化成功。
Environment
- Richfaces 3.3.3
- JSF 1.2
- Siteminder
Requirement
User enters the required application address. Siteminder intercepts and asks for username and password. Client provides with credentials. Clients uses application and clicks on logout/exit button. Application destroys sessions and redirects 302 to same application address and Siteminder should intercept again.
Problem
I am trying to logout from richfaces application which is logged in from siteminder. after logout, rather going to login page of siteminder it comes back to main page of application. Seems like it is killing the application session but not the siteminder session. Is there a way to logout siteminder ?
Code
public String logout() {
ExternalContext ec = FacesContext.getCurrentInstance().getExternalContext();
HttpSession session = (HttpSession)ec.getSession(false);
if (session != null) {
session.invalidate();
}
try {
String redirectPath = "https://abcd.xyz.com/context/start.jsf";
ec.redirect(redirectPath);
} catch (IOException e) {
e.printStackTrace();
}
return null;
Log
com.ibm.ws.webcontainer.servlet.ServletWrapper doDestroy SRVE0253I [hostname] [/context] [uri]: Destroy successfull.
com.ibm.ws.webcontainer.servlet.ServletWrapper init SRVE0242I [hostname] [/context] [uri]: Initialization successfull.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果标头中的 SM_USER 值为 null/空,我会在 servletfilter 中使用以下代码强制进行重定向。
I forcibly do a redirect by using the below code in servletfilter if the SM_USER value in header is null / empty.
您需要更新托管应用程序的 Web 代理的代理配置对象 (ACO)。 LogOffUri 参数指示 SiteMinder Web 代理销毁 SMSESSION(实际上将该值设置为 LOGGEDOFF)。
如果您将 LogOffUri ACO 参数中指定的 URI 配置为将用户重定向回应用程序的主 URL,则 WebAgent 将检测到 SMSESSION 无效并将用户发送到登录页面。
You need to update the Agent Configuration Object (ACO) for the Web Agent that is hosting the application. The LogOffUri parameter instructs the SiteMinder Web Agent to destroy the SMSESSION (actually sets the value to LOGGEDOFF).
If you configure the URI specified in the LogOffUri ACO parameter to redirect the user back to the application's main URL, the WebAgent will detect that the SMSESSION is not valid and will send the user to the login page.