I was googling all over for some documentation on the allow_logout_url_param_overwrite initialization parameter of the adfAuthentication servlet in web.xml and guess what... (yes, you guessed right) I could not find anything on it. After digging into it, disassembling the library code and all, it turns out that this parameter is used in the following ADF code snippet in oracle.adf.share.security.authentication.AuthenticationServlet (the adfAuthentication servlet in web.xml):
if (session != null) {
endUrl = (String)session.getAttribute(paramEndUrl);
session.removeAttribute(paramEndUrl);
}
if ((overwriteLogoutUrl || endUrl == null) && parameters.containsKey(paramEndUrl)) {
String[] paramEndUrlVals = (String[]) parameters.get(paramEndUrl);
endUrl = paramEndUrlVals[0];
}
As you can see from the above code, the allow_logout_url_param_overwrite parameter when set to "true" allows you to overwrite the logout URL (if one is specified during logout) with the one defined with the end_url parameter in web.xml.
Another interesting tip is that when a logout URL is not specified during logout (endUrl == null above), the one defined by the end_url parameter in web.xml (if one is defined) is used no matter what the value of the allow_logout_url_param_overwrite parameter is. Makes sense.
That's all!
if (session != null) {
endUrl = (String)session.getAttribute(paramEndUrl);
session.removeAttribute(paramEndUrl);
}
if ((overwriteLogoutUrl || endUrl == null) && parameters.containsKey(paramEndUrl)) {
String[] paramEndUrlVals = (String[]) parameters.get(paramEndUrl);
endUrl = paramEndUrlVals[0];
}
As you can see from the above code, the allow_logout_url_param_overwrite parameter when set to "true" allows you to overwrite the logout URL (if one is specified during logout) with the one defined with the end_url parameter in web.xml.
Another interesting tip is that when a logout URL is not specified during logout (endUrl == null above), the one defined by the end_url parameter in web.xml (if one is defined) is used no matter what the value of the allow_logout_url_param_overwrite parameter is. Makes sense.
That's all!