weblogic ServletAuthentication

person Bijeshfolder_openOraclelocal_offer, access_time July 9, 2011

The weblogic server provides a nifty API –  weblogic.servlet.security.ServletAuthentication. This class allows you to invoke authentication services from any controller – Servlets, JSF Managed Beans. This is pretty cool as you can do away with the j_security_check authentication and build your custom logic. Or perform programmatic authentication.

I am currently using this for a WebCenter Portal project where, based on a set of database derived parameters, I have to force the user to perform certain actions after login. My login page currently contains a custom login taskflow that implements the necessary logic for me. Of course, there are other ways to do this, but I needed to use ADF components (including BC) and using a bounded task flow seemed the best bet.


1) The ServletAuthentication class is present in the file wlserver_10.3\server\lib\weblogic.jar

2) If the logic requires logging the user out while in the taskflow, use ServletAuthentication.logout() instead of ServletAuthentication.invalidateAll(). If invalidateAll() is used, any navigation after this will result in an error.


  1. Hi,

    I have Authenticated Weblogic session.

    If User clicks logout i can call methods of ServletAuthentication to invalidate authenticated user session.

    Requirement: I need to logout authenticated session when server time out occurs


    How can i call ServletAuthentication.invalidateAll(HttpServletRequest) as it requires HttpServletRequest. Thought about using Session destroy lister.. but we cannot get HttpServletRequest. Any workaround will be appreciated.

  2. Hi Bhuvan,

    You should be able to call invalidate on the session object – http://docs.oracle.com/javaee/5/api/javax/servlet/http/HttpSession.html#invalidate()

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>