@RequestMapping("logout.form")
public String logoutUser(
ModelMap model,
HttpSession session,
HttpServletRequest request,
HttpServletResponse response) {
try {
Context.logout();
session.removeAttribute(WebConstants.OPENMRS_USER_CONTEXT_HTTPSESSION_ATTR);
session.setAttribute(WebConstants.OPENMRS_MSG_ATTR, "auth.logged.out");
session.setAttribute(
WebConstants.OPENMRS_LOGIN_REDIRECT_HTTPSESSION_ATTR, request.getContextPath());
session.invalidate();
return "redirect:login.form";
} catch (Exception e) {
// TODO
log.error("Uexpected auth error", e);
}
return "redirect:login.form";
}
/**
* @verifies return unauthorized if not logged in
* @see BaseRestController#apiAuthenticationExceptionHandler(Exception,
* javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
@Test
public void apiAuthenticationExceptionHandler_shouldReturnUnauthorizedIfNotLoggedIn()
throws Exception {
Context.logout();
controller.apiAuthenticationExceptionHandler(
new APIAuthenticationException(), request, response);
assertThat(response.getStatus(), is(HttpServletResponse.SC_UNAUTHORIZED));
}
/**
* @see javax.servlet.http.HttpServlet#doGet(javax.servlet.http.HttpServletRequest,
* javax.servlet.http.HttpServletResponse)
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
HttpSession httpSession = request.getSession();
Context.logout();
response.sendRedirect(request.getContextPath() + "/index.htm?noredirect=true");
// clears attributes and makes sure that no one can access this session
httpSession.invalidate();
}
public void logout() {
Context.logout();
}