com.ibm.portal.auth
Interface ImplicitLogoutFilter
- All Superinterfaces:
- SecurityFilter
public interface ImplicitLogoutFilter
- extends SecurityFilter
This interface can be implemented to realize a custom element in the filter chain for the implicit Portal logout,
i.e. the logout that has been triggered by the Portal runtime after a session timeout, when an authenticated user
accesses a public page, or if the current user is not member of the user realm associated to the
virtual portal.
The logout method can then be used to add additional logic before or after calling the next
logout filter chain element by invoking the logout method on the LogoutFilterChain
object passed in as the last argument.
The order of the logout filter elements is defined by the logout.implicit.filterchain
property in the Portal Authentication Service. The default filter implementation is always set as the last element in the chain
and performs the necessary steps to logout the user both from WAS and Portal.
Each logout filter is instantiated as a singleton, so the implementor must make sure that
the logout(HttpServletRequest, HttpServletResponse, FilterChainContext, LogoutFilterChain)
method is thread-safe. The SecurityFilter.init(SecurityFilterConfig)
method is called once during Portal startup and gets the
values of all properties of the Portal Authentication Service that start with
filterchain.properties.<fully qualified classname of the implementing class>
passed in with the
SecurityFilterConfig
object. The SecurityFilter.destroy()
method is called once when Portal is shut down.
NOTE: This API may only be used in the scope of an HTTP request in WebSphere Portal, i.e. within a theme.
The API can not be invoked directly by a custom servlet.
- Since:
- 6.1
Method Summary |
void |
logout(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp,
FilterChainContext portalLogoutContext,
LogoutFilterChain chain)
Can be used to implement custom logout code for the implicit logout. |
logout
void logout(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp,
FilterChainContext portalLogoutContext,
LogoutFilterChain chain)
throws LogoutException,
javax.security.auth.login.LoginException
- Can be used to implement custom logout code for the implicit logout. The implementation should call the corresponding
logout method on the next element in the filter chain by invoking the logout method on the last
argument passed in.
- Parameters:
req
- The servlet request.resp
- The servlet response. The implementor must not send a redirect
on this object, but use the FilterChainContext
object passed in as
an argument to set a redirect target to be executed after the filter chain
has been processed.portalLogoutContext
- A FilterChainContext
object that can be used to share information between the logout filter
implementations.chain
- The reference to the logout filter chain that has to be used to call the logout method
of the next logout filter chain element.
- Throws:
LogoutException
- This generic exception is thrown for all
kinds of exceptions that can occur during the logout process.
javax.security.auth.login.LoginException
- Can be thrown by the logout method
on the JAAS login context in WAS (performed by the default logout filter implementation).