I have tried every way imaginable. Disabled SSO in Glassfish. Put session.invalidate() in a jsp page and redirected. Did a request.invalidate in a jsf backing bean. What should I do? Thanks.
EDIT
This works.
private String email;
public ViewLines() {
}
@PostConstruct
public void onLoad() {
Principal principal = FacesContext.getCurrentInstance().getExternalContext().getUserPrincipal();
email = principal.getName();
if (email != null) {
User user = userService.findUserbyEmail(email);
for (Acl acl : user.getAclList()) {
if (acl.getAccess().equals("allow")) {
digPackageLines(acl.getTreeId());
}
}
} else {
FacesUtils.addFatalMessage("Couldn't find user information from login!");
}
}
@WebServlet(value = "/j_security_logout")
public class LogoutServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.getSession().invalidate();
response.sendRedirect("index.jsf");
}
}