I'm developing an application under JDeveloper 11.1.1.3.0 (since the targetted WLS is 10.3.3)
Using ADF security, I use a specific login page with the code associated with the submit button is the following :
int authSuccess =
ServletAuthentication.login(strUsername, strPassword, request,
response);
if (ServletAuthentication.AUTHENTICATED == authSuccess) {
NavigationHandler nvHndlr =
FacesContext.getCurrentInstance().getApplication().getNavigationHandler();
nvHndlr.handleNavigation(FacesContext.getCurrentInstance(), null,
"home");
}
When clicking on the logout button of the homepage, this navigates to an url view returned by a bean function with this code :
FacesContext ctx = FacesContext.getCurrentInstance();
ExternalContext ectx = ctx.getExternalContext();
HttpServletRequest request = null;
request = (HttpServletRequest)ectx.getRequest();
boolean logout;
try {
logout = ServletAuthentication.logout(request);
} catch (Exception e) {
System.out.println("Exception: " + e);
}
strUrl =
ectx.getRequestContextPath() + "/adfAuthentication?logout=true&end_url=" +
ectx.getRequestContextPath() + "/faces/loginpage";
return strUrl;
But doing this the session is not invalidated.
If i use ServletAuthentication.invalidateAll(request); or session.invalidate(); call, then the navigation fails.
How can I force invalidate and login ?