0

In my Vaadin application I would like to have a logout button which redirects me to the login screen and forces the user to enter credentials. I use WebSphere as application server and the login is done via http basic authentication.

So far I have tried this:

VaadinRequest vaadinRequest = VaadinService.getCurrentRequest();
VaadinServletRequest vaadinServletRequest = (VaadinServletRequest) vaadinRequest;
HttpServletRequest hsRequest = vaadinServletRequest.getHttpServletRequest();
    try
    {
        hsRequest.logout();
    }
    catch (ServletException e)
    {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

And this:

UI.getCurrent().getPage().setLocation("/framework42/S42FwWeb/?restartApplication");

I am also aware that I can use 

UI.getCurrent().getPage().setLocation("/pkmslogout");

to perform the logout via WebSeal. I would like the logout to work in development environment, too, where we do not use a WebSeal.

Any help is very appreciated!

Marco
  • 508
  • 2
  • 7
  • 22
  • Try calling .invalidate() on the http session. – Chris M Dec 02 '16 at 14:11
  • You cannot do logout if you are using Basic auth, since browser is resending auth details each time. You have to close the browser or switch to form login. – Gas Dec 02 '16 at 14:39
  • @Gas Isn't it possible to do it with a NoCacheFilter? – Marco Dec 07 '16 at 16:21
  • @Marco - Caching is something completely different that authentication. I don't know what exactly is NoCacheFilter, but it looks like it prevents pages from being cached, which is not relevant to browser resending auth data. So no, it is not possible with filter. – Gas Dec 09 '16 at 09:03
  • The NoCacheFilter prevented the user to use the browser back button meaningfully after logout. I don't need the filter anymore though as I have a better solution as you can see in my answer. Thanks for the help! – Marco Dec 09 '16 at 15:14

1 Answers1

0

I solved the problem by using a JS function which sends a XMLHttpRequest with a bad username and password (Source). After that I called the logout() method on the HttpServletRequest object.

StringBuilder jsCall = new StringBuilder();
jsCall.append("var request = new XMLHttpRequest();");
jsCall.append("request.open(\"GET\", \"");
jsCall.append(AdminUI.getS42Url());

//set credentials to user: _ and pw: _
jsCall.append("\", true, \"_\", \"_\");");
jsCall.append("request.send();");

//execute JS call
JavaScript.getCurrent().execute(jsCall.toString());

//logout user and destroy session
VaadinRequest vaadinRequest = VaadinService.getCurrentRequest();
VaadinServletRequest vaadinServletRequest = (VaadinServletRequest) vaadinRequest;
HttpServletRequest hsRequest = vaadinServletRequest.getHttpServletRequest();
try
{
    hsRequest.logout();
}
catch (ServletException e)
{
    LOG.error("", e);
}
Community
  • 1
  • 1
Marco
  • 508
  • 2
  • 7
  • 22