Witam chcę napisać proste logowanie przez protokół http ale nie wiem jak zmusić to do poprawnego działania. Tz. samo logowanie działa poprawnie ale przeglądarka zapamiętuje login hasło i przesyła je za każdym razem w nagłówku. Praktycznie uniemożliwia to wylogowanie, nawet jeśli klikniemy wyloguj zaraz automatycznie zostaniemy zalogowani ponownie. Co powinienem zrobić żeby usnąć te dane z przeglądarki ?
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package eu.pozoga.jspf.filter;
import eu.pozoga.jspf.action.codeck.Base64Utils;
import eu.pozoga.jspf.model.User;
import eu.pozoga.jspf.model.UserManager;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@WebFilter(urlPatterns = { "/*" })
public class HttpBaseAuth implements Filter {
public static final String PARAM_USER = "user";
public static final String PARAM_PASSWORD = "password";
public static final String PARAM_REALM = "realm";
private String _realm = "You must be authenticate user";
public void init(FilterConfig filterConfig) throws ServletException {
/* Do nothing */
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException, UnsupportedEncodingException {
final HttpServletRequest httpRequest = (HttpServletRequest) request;
final HttpServletResponse httpResponse = (HttpServletResponse) response;
User authUser = UserManager.getInstance().getAuthUser(httpRequest);
if (authUser != null) {
chain.doFilter(httpRequest, httpResponse);
return;
}
try {
final String auth = httpRequest.getHeader("Authorization");
if (auth != null) {
final int index = auth.indexOf(' ');
if (index > 0) {
final String[] credentials = new String(Base64Utils.decode(auth.substring(index).getBytes()), "UTF-8").split(":");
//String userName = credentials[0];
//String userPassword = credentials[1];
if (credentials.length == 2 && UserManager.getInstance().login(httpRequest, credentials[0], credentials[1])) {
chain.doFilter(httpRequest, httpResponse);
return;
}
}
}
}catch(Exception ex){
throw new ServletException(ex.getMessage());
}
httpResponse.setHeader( "WWW-Authenticate", "Basic realm=\"" + _realm + "\"" );
httpResponse.sendError( HttpServletResponse.SC_UNAUTHORIZED );
}
public void destroy() {
/* Do nothing */
}
}