I have an WebApplication on WAS 6.1 using JAAS already working. Authenticates and authorizes in a orderly manner. But my logout page is not deauthorizing the principal. This application works correctly on JBoss an on Glasfish but not on WAS.
My logout page is just a simple JSP with this content.
<%System.out.println("principal is not null:"+(null != request.getUserPrincipal()));
if (null != request.getSession(false))
request.getSession(false).invalidate();
%><jsp:include page="/index.html" />
Am I missing something? I would preffer not to use any specific API from Webpshere but if it is absolutely needed I will.
To succesfully logout this code snippet is also needed:
try {
com.ibm.websphere.security.WSSecurityHelper.revokeSSOCookies(request, response);
} catch(Exception e) {
// catch all possible exceptions if you want or handle them separately
out.println("JAASLogoutServlet: logout Exception = " + e.getMessage());
throw new ServletException(e);
}