com.ibm.portal.auth
Interface ExplicitLogoutFilter
- All Superinterfaces:
- SecurityFilter
public interface ExplicitLogoutFilter
- extends SecurityFilter
This interface can be implemented to realize a custom element in the filter chain for the explicit Portal logout,
i.e. the logout that has been explicitly triggered by a URL (e.g. by the user clicking on a logout link).
The logout method can then be used to add additional logic before or after calling the next
logout filter chain element by invoking the logout method on the LogoutFilterChain
object passed in as the last argument.
The order of the logout filter elements is defined by the logout.explicit.filterchain
property in the Portal Authentication Service. The default filter implementation is always set as the last element in the chain
and performs the necessary steps to logout the user both from WAS and Portal.
Each logout filter is instantiated as a singleton, so the implementor must make sure that
the logout(HttpServletRequest, HttpServletResponse, FilterChainContext, LogoutFilterChain)
method is thread-safe. The SecurityFilter.init(SecurityFilterConfig) method is called once during Portal startup and gets the
values of all properties of the Portal Authentication Service that start with
filterchain.properties.<fully qualified classname of the implementing class> passed in with the
SecurityFilterConfig object. The SecurityFilter.destroy() method is called once when Portal is shut down.
NOTE: This API may only be used in the scope of an HTTP request in WebSphere Portal, i.e. within a theme.
The API can not be invoked directly by a custom servlet.
- Since:
- 6.1
|
Method Summary |
void |
logout(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp,
FilterChainContext portalLogoutContext,
LogoutFilterChain chain)
Can be used to implement custom logout code for the explicit logout. |
logout
void logout(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp,
FilterChainContext portalLogoutContext,
LogoutFilterChain chain)
throws LogoutException,
javax.security.auth.login.LoginException
- Can be used to implement custom logout code for the explicit logout. The implementation should call the corresponding
logout method on the next element in the filter chain by invoking the logout method on the last
argument passed in.
- Parameters:
req - The servlet request.resp - The servlet response. The implementor must not send a redirect
on this object, but use the FilterChainContext object passed in as
an argument to set a redirect target to be executed after the filter chain
has been processed.portalLogoutContext - A FilterChainContext object that can be used to share information between the logout filter
implementations.chain - The reference to the logout filter chain that has to be used to call the logout method
of the next logout filter chain element.
- Throws:
LogoutException - This generic exception is thrown for all
kinds of exceptions that can occur during the logout process.
javax.security.auth.login.LoginException - Can be thrown by the logout method
on the JAAS login context in WAS (performed by the default logout filter implementation).