Beispiel #1
0
  @Override
  public Response requestEndSession(
      String idTokenHint,
      String postLogoutRedirectUri,
      String state,
      String sessionId,
      HttpServletRequest httpRequest,
      HttpServletResponse httpResponse,
      SecurityContext sec) {

    log.debug(
        "Attempting to end session, idTokenHint: {0}, postLogoutRedirectUri: {1}, sessionId: {2}, Is Secure = {3}",
        idTokenHint, postLogoutRedirectUri, sessionId, sec.isSecure());

    EndSessionParamsValidator.validateParams(
        idTokenHint, postLogoutRedirectUri, errorResponseFactory);

    final Pair<SessionId, AuthorizationGrant> pair =
        endSession(idTokenHint, sessionId, httpRequest, httpResponse, sec);

    // Validate redirectUri
    String redirectUri =
        redirectionUriService.validatePostLogoutRedirectUri(
            pair.getSecond().getClient().getClientId(), postLogoutRedirectUri);

    if (StringUtils.isNotBlank(redirectUri)) {
      RedirectUri redirectUriResponse = new RedirectUri(redirectUri);
      if (StringUtils.isNotBlank(state)) {
        redirectUriResponse.addResponseParameter(EndSessionResponseParam.STATE, state);
      }

      return RedirectUtil.getRedirectResponseBuilder(redirectUriResponse, httpRequest).build();
    } else {
      errorResponseFactory.throwBadRequestException(EndSessionErrorResponseType.INVALID_REQUEST);
    }
    return Response.ok().build();
  }
Beispiel #2
0
  @Override
  public Response requestEndSessionPage(
      @ApiParam(
              value =
                  "Previously issued ID Token (id_token) passed to the logout endpoint as a hint about the End-User's current authenticated session with the Client. This is used as an indication of the identity of the End-User that the RP is requesting be logged out by the OP. The OP need not be listed as an audience of the ID Token when it is used as an id_token_hint value.",
              required = true)
          String idTokenHint,
      @ApiParam(value = "Session ID", required = false) String sessionId,
      @Context HttpServletRequest httpRequest,
      @Context HttpServletResponse httpResponse,
      @Context SecurityContext sec) {

    log.debug(
        "Attempting to end session, idTokenHint: {0}, sessionId: {1}, Is Secure = {2}",
        idTokenHint, sessionId, sec.isSecure());

    Pair<SessionId, AuthorizationGrant> pair =
        endSession(idTokenHint, sessionId, httpRequest, httpResponse, sec);

    final Set<String> logoutUris = getRpLogoutUris(pair.getFirst());
    final String html = constructPage(logoutUris);
    log.debug("Constructed http logout page: " + html);
    return Response.ok().type(MediaType.TEXT_HTML_TYPE).entity(html).build();
  }