To
end a user's session before the session expires, you can call the invalidate()
method on the HttpSession object from a backing bean in response to the user's
click on a Logout button or link. This cleans up the HttpSession in the same
way as if the session time had expired. Using JSF and ADF, after invalidating
the session, you must perform a redirect to the next page you want to display,
rather than just doing a forward.
Following
code shows a way to perform this task from a Logout button.
import
javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import
javax.servlet.http.HttpServletRequest;
import
javax.servlet.http.HttpSession;
import
weblogic.servlet.security.ServletAuthentication;
public String
onLogout(){
FacesContext fctx =
FacesContext.getCurrentInstance();
ExternalContext ectx =
fctx.getExternalContext();
String url =
ectx.getRequestContextPath() +
"/adfAuthentication?logout=true&end_url=/faces/login.jspx";
HttpSession session =
(HttpSession)ectx.getSession(false);
session.invalidate();
HttpServletRequest
request = (HttpServletRequest)ectx.getRequest();
ServletAuthentication.logout(request);
ServletAuthentication.invalidateAll(request);
ServletAuthentication.killCookie(request);
try{
ectx.redirect(url);
}
catch(Exception
e){
e.printStackTrace();
}
fctx.responseComplete();
return null;
}
Happy learningJ
