/** * Logs out the client from the authentication system. Clears the {@link SecurityContext} and * removes the principal from the {@link TokenManager}. Finally, calls the authentication * handler's {@link AuthenticationHandler#logout logout} method. * * @param request the request * @param response the response * @return the return value of the authentication handler's <code>logout()</code> method. * @throws AuthenticationProcessingException if an underlying problem prevented the request from * being processed * @throws IOException * @throws ServletException * @see AuthenticationHandler#logout */ public boolean logout(HttpServletRequest request, HttpServletResponse response) throws AuthenticationProcessingException, ServletException, IOException { if (!SecurityContext.exists()) { return false; } SecurityContext securityContext = SecurityContext.getSecurityContext(); Principal principal = securityContext.getPrincipal(); if (principal == null) { return false; } AuthenticationHandler handler = this.tokenManager.getAuthenticationHandler(securityContext.getToken()); // FIXME: what if handler.isLogoutSupported() == false? boolean result = handler.logout(principal, request, response); String status = result ? "OK" : "FAIL"; if (authLogger.isDebugEnabled()) { authLogger.debug( request.getRemoteAddr() + " - request-URI: " + request.getRequestURI() + " - " + "logout_method: Logout: principal: '" + principal + "' - method: '" + handler.getIdentifier() + "' - status: " + status); } this.tokenManager.removeToken(securityContext.getToken()); SecurityContext.setSecurityContext(null); if (this.rememberAuthMethod) { List<String> spCookies = new ArrayList<String>(); spCookies.add(vrtxAuthSP); spCookies.add(uioAuthIDP); if (this.cookieLinksEnabled) { spCookies.add(VRTXLINK_COOKIE); } for (String cookie : spCookies) { Cookie c = getCookie(request, cookie); if (c != null) { if (logger.isDebugEnabled()) { logger.debug("Deleting cookie " + cookie); } c = new Cookie(cookie, c.getValue()); if (!cookie.equals(VRTXLINK_COOKIE)) { c.setSecure(true); } c.setPath("/"); if (this.spCookieDomain != null && !cookie.equals(VRTXLINK_COOKIE)) { c.setDomain(this.spCookieDomain); } c.setMaxAge(0); response.addCookie(c); } } } return result; }
/** * Removes authentication state from the authentication system. The {@link SecurityContext} is * cleared, the current principal is removed from the {@link TokenManager}, but the {@link * AuthenticationHandler#logout logout} process is not initiated. * * @return <code>true</code> if any state was removed, <code>false</code> otherwise */ public boolean removeAuthState(HttpServletRequest request, HttpServletResponse response) { if (!SecurityContext.exists()) { return false; } SecurityContext securityContext = SecurityContext.getSecurityContext(); Principal principal = securityContext.getPrincipal(); if (principal == null) { return false; } this.tokenManager.removeToken(securityContext.getToken()); SecurityContext.setSecurityContext(null); if (authLogger.isDebugEnabled()) { authLogger.debug( request.getRemoteAddr() + " - request-URI: " + request.getRequestURI() + " - " + "removeAuthState_method: Logout: principal: '" + principal + "' - method: '<none>' - status: OK"); } if (this.rememberAuthMethod) { List<String> spCookies = new ArrayList<String>(); spCookies.add(vrtxAuthSP); spCookies.add(uioAuthIDP); spCookies.add(VRTXLINK_COOKIE); for (String cookie : spCookies) { Cookie c = getCookie(request, cookie); if (c != null) { if (logger.isDebugEnabled()) { logger.debug("Deleting cookie " + cookie); } if (authLogger.isDebugEnabled()) { authLogger.debug( request.getRemoteAddr() + " - request-URI: " + request.getRequestURI() + " - " + "Deleting cookie " + cookie); } c = new Cookie(cookie, c.getValue()); if (!cookie.equals(VRTXLINK_COOKIE)) { c.setSecure(true); } c.setPath("/"); if (this.spCookieDomain != null && !cookie.equals(VRTXLINK_COOKIE)) { c.setDomain(this.spCookieDomain); } c.setMaxAge(0); response.addCookie(c); } } } HttpSession session = request.getSession(false); if (session != null) { session.invalidate(); } return true; }