Do not use the WebLogic ServletAuthentication invalidateAll method

This rule flags the use of the weblogic.servlet.security.ServletAuthentication invalidateAll method. The method implementation must be migrated for use on WebSphere Application Server.

Solution

Use the following code to replace the WebLogic invalidateAll method.

public static void invalidateAllWebAppSessions(HttpServletRequest req)) {
try {

com.ibm.wsspi.servlet.session.IBMSessionExt sessExt = (IBMSessionExt) req.getSession();
sessExt.invalidateAll(true);

} catch(IllegalStateException e) {
// This exception is thrown if another thread is invalidating this session, so just ignore it.
}
}

For more information, see com.ibm.wsspi.servlet.session.IBMSessionExt interface Java documentation.