Logout in a JSF application

Monday, 09 April 2012 16:46

Logout with Java Server Faces

In computer security, a login or logon (also called logging in or on and signing in or on) is the process by which individual access to a computer system is controlled by identifying and authentifying the user referring to credentials presented by the user.

A user can log in to a system to obtain access and can then log out or log off (perform a logout / logoff) when the access is no longer needed. To log out is to close off one's access to a computer system or web site after having previously logged in.

Logging out of a computer when leaving it is a common security practice, preventing unauthorized users from tampering with it.

1. GUI component

To trigger the logout process you need a link or a button. We will use a commandLink tag in our sample :

<h:form>
<h:commandLink 
    value="#{bundle['logout']}" 
    action="#{userBB.logout}"/>
</h:form>

The value attribute contains a reference to the bundle properties files. action define the backing bean and method responsible to execute the logout process.

2. Backing bean

In this sample we are using a backing bean called userBB assuming this backing is already in charge of logging in the user. it is a Session scope bean .

@ManagedBean
@SessionScoped
public class UserBB {
...
   public String logout(){
      FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
      return "/public/user/logout?faces-redirect=true";
   }
}

The logout method retrieve the external context using the getExternalContext method then invalidate the session to prevent the creation of a session (if empty) then call invalidate to invalidate the session and unbinds any objects bound to it.

	It is important that a redirect (a new request) is fired after invalidating the session, otherwise you will be still displaying data from the old session. The redirect is done by adding ?faces-redirect=true to the outcome.