De Ed em TechTime :
It is possible to force IOPlex Jespa (the library that actually does NTLM authenticaton under the bonnet) to install an anonymous identitiy into the session on logout. This will prevent users from getting logged in again immediately after explicit logout, but it will also remove the possibility of logging back in again by just clicking on anything outside of logout page. If you do want to go this route, just add/change this in Jespa filter definition in web.xml:
<init-param>
<param-name>http.parameter.anonymous.name</param-name>
<param-value>logout</param-value>
</init-param>
<init-param>
<param-name>http.parameter.logout.name</param-name>
<param-value>logout</param-value>
</init-param>
<init-param>
<param-name>fallback.location</param-name>
<param-value>/login.action?logout=true</param-value>
</init-param>
This tells Jespa 3 things:
- if you see logout parameter in the URL, do logout.
- if you see logout parameter in the URL install anonymous identity
- if for some reason authentication fails - go to login form and install anonymous identity while you are at it
A partir daqui, também adicionei alguns códigos ao notpermitted.vm para redirecionar para o logout.action e também login.vm para redirecionar para a página inicial no logout. É um kludge, mas Ed disse que eles vão atualizar o plugin para não registrar um usuário com deficiência.