|
|
@@ -35,145 +35,135 @@ import org.springframework.util.Assert;
|
|
|
/**
|
|
|
* Logs a principal out.
|
|
|
* <p>
|
|
|
- * Polls a series of {@link LogoutHandler}s. The handlers should be specified
|
|
|
- * in the order they are required. Generally you will want to call logout
|
|
|
- * handlers <code>TokenBasedRememberMeServices</code> and
|
|
|
+ * Polls a series of {@link LogoutHandler}s. The handlers should be specified in the order they are required.
|
|
|
+ * Generally you will want to call logout handlers <code>TokenBasedRememberMeServices</code> and
|
|
|
* <code>SecurityContextLogoutHandler</code> (in that order).
|
|
|
* </p>
|
|
|
* <p>
|
|
|
* After logout, the URL specified by {@link #logoutSuccessUrl} will be shown.
|
|
|
* </p>
|
|
|
* <p>
|
|
|
- * <b>Do not use this class directly.</b> Instead configure
|
|
|
- * <code>web.xml</code> to use the {@link
|
|
|
- * org.acegisecurity.util.FilterToBeanProxy}.
|
|
|
+ * <b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the
|
|
|
+ * {@link org.acegisecurity.util.FilterToBeanProxy}.
|
|
|
* </p>
|
|
|
- *
|
|
|
+ *
|
|
|
* @author Ben Alex
|
|
|
* @version $Id$
|
|
|
*/
|
|
|
public class LogoutFilter implements Filter {
|
|
|
- // ~ Static fields/initializers
|
|
|
- // =====================================================================================
|
|
|
-
|
|
|
- private static final Log logger = LogFactory.getLog(LogoutFilter.class);
|
|
|
-
|
|
|
- // ~ Instance fields
|
|
|
- // ================================================================================================
|
|
|
-
|
|
|
- private String filterProcessesUrl = "/j_acegi_logout";
|
|
|
-
|
|
|
- private String logoutSuccessUrl;
|
|
|
-
|
|
|
- private LogoutHandler[] handlers;
|
|
|
+ //~ Static fields/initializers =====================================================================================
|
|
|
|
|
|
- // ~ Constructors
|
|
|
- // ===================================================================================================
|
|
|
+ private static final Log logger = LogFactory.getLog(LogoutFilter.class);
|
|
|
|
|
|
- public LogoutFilter(String logoutSuccessUrl, LogoutHandler[] handlers) {
|
|
|
- Assert.hasText(logoutSuccessUrl, "LogoutSuccessUrl required");
|
|
|
- Assert.notEmpty(handlers, "LogoutHandlers are required");
|
|
|
- this.logoutSuccessUrl = logoutSuccessUrl;
|
|
|
- this.handlers = handlers;
|
|
|
- }
|
|
|
+ //~ Instance fields ================================================================================================
|
|
|
|
|
|
- // ~ Methods
|
|
|
- // ========================================================================================================
|
|
|
+ private String filterProcessesUrl = "/j_acegi_logout";
|
|
|
+ private String logoutSuccessUrl;
|
|
|
+ private LogoutHandler[] handlers;
|
|
|
|
|
|
- /**
|
|
|
- * Not used. Use IoC container lifecycle methods instead.
|
|
|
- */
|
|
|
- public void destroy() {
|
|
|
- }
|
|
|
+ //~ Constructors ===================================================================================================
|
|
|
|
|
|
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
|
|
|
- ServletException {
|
|
|
- if (!(request instanceof HttpServletRequest)) {
|
|
|
- throw new ServletException("Can only process HttpServletRequest");
|
|
|
- }
|
|
|
+ public LogoutFilter(String logoutSuccessUrl, LogoutHandler[] handlers) {
|
|
|
+ Assert.hasText(logoutSuccessUrl, "LogoutSuccessUrl required");
|
|
|
+ Assert.notEmpty(handlers, "LogoutHandlers are required");
|
|
|
+ this.logoutSuccessUrl = logoutSuccessUrl;
|
|
|
+ this.handlers = handlers;
|
|
|
+ }
|
|
|
|
|
|
- if (!(response instanceof HttpServletResponse)) {
|
|
|
- throw new ServletException("Can only process HttpServletResponse");
|
|
|
- }
|
|
|
+ //~ Methods ========================================================================================================
|
|
|
|
|
|
- HttpServletRequest httpRequest = (HttpServletRequest) request;
|
|
|
- HttpServletResponse httpResponse = (HttpServletResponse) response;
|
|
|
+ /**
|
|
|
+ * Not used. Use IoC container lifecycle methods instead.
|
|
|
+ */
|
|
|
+ public void destroy() {
|
|
|
+ }
|
|
|
|
|
|
- if (requiresLogout(httpRequest, httpResponse)) {
|
|
|
- Authentication auth = SecurityContextHolder.getContext().getAuthentication();
|
|
|
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
|
|
|
+ ServletException {
|
|
|
+ if (!(request instanceof HttpServletRequest)) {
|
|
|
+ throw new ServletException("Can only process HttpServletRequest");
|
|
|
+ }
|
|
|
|
|
|
- if (logger.isDebugEnabled()) {
|
|
|
- logger.debug("Logging out user '" + auth + "' and redirecting to logout page");
|
|
|
- }
|
|
|
+ if (!(response instanceof HttpServletResponse)) {
|
|
|
+ throw new ServletException("Can only process HttpServletResponse");
|
|
|
+ }
|
|
|
|
|
|
- for (int i = 0; i < handlers.length; i++) {
|
|
|
- handlers[i].logout(httpRequest, httpResponse, auth);
|
|
|
- }
|
|
|
+ HttpServletRequest httpRequest = (HttpServletRequest) request;
|
|
|
+ HttpServletResponse httpResponse = (HttpServletResponse) response;
|
|
|
|
|
|
- sendRedirect(httpRequest, httpResponse, logoutSuccessUrl);
|
|
|
+ if (requiresLogout(httpRequest, httpResponse)) {
|
|
|
+ Authentication auth = SecurityContextHolder.getContext().getAuthentication();
|
|
|
|
|
|
- return;
|
|
|
- }
|
|
|
+ if (logger.isDebugEnabled()) {
|
|
|
+ logger.debug("Logging out user '" + auth + "' and redirecting to logout page");
|
|
|
+ }
|
|
|
|
|
|
- chain.doFilter(request, response);
|
|
|
- }
|
|
|
+ for (int i = 0; i < handlers.length; i++) {
|
|
|
+ handlers[i].logout(httpRequest, httpResponse, auth);
|
|
|
+ }
|
|
|
|
|
|
- /**
|
|
|
- * Not used. Use IoC container lifecycle methods instead.
|
|
|
- *
|
|
|
- * @param arg0 ignored
|
|
|
- *
|
|
|
- * @throws ServletException ignored
|
|
|
- */
|
|
|
- public void init(FilterConfig arg0) throws ServletException {
|
|
|
- }
|
|
|
+ sendRedirect(httpRequest, httpResponse, logoutSuccessUrl);
|
|
|
|
|
|
- /**
|
|
|
- * Allow subclasses to modify when a logout should tak eplace.
|
|
|
- *
|
|
|
- * @param request the request
|
|
|
- * @param response the response
|
|
|
- *
|
|
|
- * @return <code>true</code> if logout should occur, <code>false</code>
|
|
|
- * otherwise
|
|
|
- */
|
|
|
- protected boolean requiresLogout(HttpServletRequest request, HttpServletResponse response) {
|
|
|
- String uri = request.getRequestURI();
|
|
|
- int pathParamIndex = uri.indexOf(';');
|
|
|
-
|
|
|
- if (pathParamIndex > 0) {
|
|
|
- // strip everything after the first semi-colon
|
|
|
- uri = uri.substring(0, pathParamIndex);
|
|
|
- }
|
|
|
-
|
|
|
- if ("".equals(request.getContextPath())) {
|
|
|
- return uri.endsWith(filterProcessesUrl);
|
|
|
- }
|
|
|
-
|
|
|
- return uri.endsWith(request.getContextPath() + filterProcessesUrl);
|
|
|
- }
|
|
|
+ return;
|
|
|
+ }
|
|
|
|
|
|
- /**
|
|
|
- * Allow subclasses to modify the redirection message.
|
|
|
- *
|
|
|
- * @param request the request
|
|
|
- * @param response the response
|
|
|
- * @param url the URL to redirect to
|
|
|
- *
|
|
|
- * @throws IOException in the event of any failure
|
|
|
- */
|
|
|
- protected void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url)
|
|
|
- throws IOException {
|
|
|
- if (!url.startsWith("http://") && !url.startsWith("https://")) {
|
|
|
- url = request.getContextPath() + url;
|
|
|
- }
|
|
|
-
|
|
|
- response.sendRedirect(response.encodeRedirectURL(url));
|
|
|
- }
|
|
|
+ chain.doFilter(request, response);
|
|
|
+ }
|
|
|
|
|
|
- public void setFilterProcessesUrl(String filterProcessesUrl) {
|
|
|
- Assert.hasText(filterProcessesUrl, "FilterProcessesUrl required");
|
|
|
- this.filterProcessesUrl = filterProcessesUrl;
|
|
|
+ /**
|
|
|
+ * Not used. Use IoC container lifecycle methods instead.
|
|
|
+ *
|
|
|
+ * @param arg0 ignored
|
|
|
+ *
|
|
|
+ * @throws ServletException ignored
|
|
|
+ */
|
|
|
+ public void init(FilterConfig arg0) throws ServletException {
|
|
|
}
|
|
|
|
|
|
+ /**
|
|
|
+ * Allow subclasses to modify when a logout should take place.
|
|
|
+ *
|
|
|
+ * @param request the request
|
|
|
+ * @param response the response
|
|
|
+ *
|
|
|
+ * @return <code>true</code> if logout should occur, <code>false</code> otherwise
|
|
|
+ */
|
|
|
+ protected boolean requiresLogout(HttpServletRequest request, HttpServletResponse response) {
|
|
|
+ String uri = request.getRequestURI();
|
|
|
+ int pathParamIndex = uri.indexOf(';');
|
|
|
+
|
|
|
+ if (pathParamIndex > 0) {
|
|
|
+ // strip everything after the first semi-colon
|
|
|
+ uri = uri.substring(0, pathParamIndex);
|
|
|
+ }
|
|
|
+
|
|
|
+ if ("".equals(request.getContextPath())) {
|
|
|
+ return uri.endsWith(filterProcessesUrl);
|
|
|
+ }
|
|
|
+
|
|
|
+ return uri.endsWith(request.getContextPath() + filterProcessesUrl);
|
|
|
+ }
|
|
|
+
|
|
|
+ /**
|
|
|
+ * Allow subclasses to modify the redirection message.
|
|
|
+ *
|
|
|
+ * @param request the request
|
|
|
+ * @param response the response
|
|
|
+ * @param url the URL to redirect to
|
|
|
+ *
|
|
|
+ * @throws IOException in the event of any failure
|
|
|
+ */
|
|
|
+ protected void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url)
|
|
|
+ throws IOException {
|
|
|
+ if (!url.startsWith("http://") && !url.startsWith("https://")) {
|
|
|
+ url = request.getContextPath() + url;
|
|
|
+ }
|
|
|
+
|
|
|
+ response.sendRedirect(response.encodeRedirectURL(url));
|
|
|
+ }
|
|
|
+
|
|
|
+ public void setFilterProcessesUrl(String filterProcessesUrl) {
|
|
|
+ Assert.hasText(filterProcessesUrl, "FilterProcessesUrl required");
|
|
|
+ this.filterProcessesUrl = filterProcessesUrl;
|
|
|
+ }
|
|
|
}
|
Luke Taylor