Home/ Questions/Q 8764967
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T16:10:00+00:00

I try to implement the /ibm_security_logout logic in a JSF project. There are some

  • 0

I try to implement the /ibm_security_logout logic in a JSF project.
There are some requirements about the way which I should use for logging out.

It should conform this form:

<FORM METHOD=POST ACTION="<%=request.getContextPath()%>/ibm_security_logout"
NAME="LogoutForm">
<INPUT TYPE="HIDDEN" NAME="logoutExitPage"
VALUE="/../weblogin/logout?dest=/myapp/goodbye.jsp">
<INPUT TYPE="submit" NAME="logout" VALUE="Logout">
</FORM>

Both cases must be there.

<%=request.getContextPath()%>/ibm_security_logout"
VALUE="/../weblogin/logout?dest=/myapp/goodbye.jsp">

How can I realise it with commanlink?

<h:commandLink value="Log Out" action="#{sessionController.logout}" />

How should it look like in the bean method??

public void logout() throws IOException {

    ExternalContext ec = FacesContext.getCurrentInstance().getExternalContext();
    ec.invalidateSession();
    ec.redirect("/../weblogin/logout?dest=/myapp/goodbye.jsp");

}

EDIT

#{request.contextPath} = localhost:9080/MyProject
Login Page = localhost:9080/weblogin/login?webapp=/MyProject (Login Page is managed via) an extern Framework
Logout is also managed via an extern framework. Therefore the URL must conform this VALUE=”/../weblogin/logout?dest=/weblogin/login?webapp=/MyProject.

I tried it with the code below. But it did not work. 

<form id="logout" action="#{request.contextPath}/ibm_security_logout"
            method="post">
<input type="hidden" name="logoutExitPage"
            value="/../weblogin/logout?dest=/weblogin/login?webapp=/MyProject">
<a  href="#" onclick="document.getElementById('logout').submit()">Logout_NEU</a>
</form>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Using ExternalContext#invalidateSession() alone is not sufficient. You absolutely need to POST to /ibm_security_logout directly if you have used IBM’s login facilities. It will not only invalidate the session, but also clear out the SSO cookie and LPTA authentication. Otherwise the user would possibly still be auto-logged-in after invalidate.

    You can just use plain HTML in JSF. I’d only neutralize those 90’s style uppercased tags/attributes, because uppercased/camelcase HTML tags/attributes are invalid in XHTML (I assume that you’re using Facelets; your question history at least confirms that you’re using Facelets).

    <form action="#{request.contextPath}/ibm_security_logout" method="post">
    <input type="hidden" name="logoutExitPage" value="#{request.contextPath}/home.xhtml">
    <input type="submit" name="logout" value="Logout" />
</form>

    Or if you really need a link to submit the form,

    <form id="logout" action="#{request.contextPath}/ibm_security_logout" method="post">
    <input type="hidden" name="logoutExitPage" value="#{request.contextPath}/home.xhtml">
    <a href="#" onclick="document.getElementById('logout').submit()">Logout</a>
</form>

    Note that the logoutExitPage must represent the URL of the landing page after logout. It doesn’t necessarily need to represent exactly /../weblogin/logout?dest=/myapp/goodbye.jsp. That was just an example.

    • 0