tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: [SingleSignOn Valve] Overriding deregister(String) method
Date Tue, 03 Aug 2010 12:57:26 GMT
On 03/08/2010 13:49, DJP JEAN-PROST Dominique wrote:
> -----Message d'origine-----
> De : Pid [] 
> Envoyé : mardi 3 août 2010 14:45
> À : Tomcat Users List
> Objet : Re: [SingleSignOn Valve] Overriding deregister(String) method
> Potentially silly questions:
> #1 how is one supposed to logout of all apps?
>  [Dominique Jean-Prost]  I don't need this feature
> #2 what's the reason for using a half functional SSO valve?
> [Dominique Jean-Prost] From y point of view (and from what I need) the SSO valve is aimed
at preventing user to enter login/password each time he wants to access a new webapp. It shouldn't
mean that because he used this feature he should log out for all the webapp he accessed.
> That's why I would like to "enhance" tomcat's valve so that it meets my requirements.
My question is : will I introduce such a change so that tomcat wouldn't work (is the fact
that the valve runs this way is a requirement for tomcat ?)

Tomcat won't care.

The user won't be able to logout in the normal sense (since the SSO
valve will sign them back in again) but logging out should invalidate
the session associated with that web app which is what I suspect you want.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message