Esempio n. 1
0
  /**
   * Logs out the client from the authentication system. Clears the {@link SecurityContext} and
   * removes the principal from the {@link TokenManager}. Finally, calls the authentication
   * handler's {@link AuthenticationHandler#logout logout} method.
   *
   * @param request the request
   * @param response the response
   * @return the return value of the authentication handler's <code>logout()</code> method.
   * @throws AuthenticationProcessingException if an underlying problem prevented the request from
   *     being processed
   * @throws IOException
   * @throws ServletException
   * @see AuthenticationHandler#logout
   */
  public boolean logout(HttpServletRequest request, HttpServletResponse response)
      throws AuthenticationProcessingException, ServletException, IOException {

    if (!SecurityContext.exists()) {
      return false;
    }
    SecurityContext securityContext = SecurityContext.getSecurityContext();
    Principal principal = securityContext.getPrincipal();
    if (principal == null) {
      return false;
    }
    AuthenticationHandler handler =
        this.tokenManager.getAuthenticationHandler(securityContext.getToken());

    // FIXME: what if handler.isLogoutSupported() == false?
    boolean result = handler.logout(principal, request, response);
    String status = result ? "OK" : "FAIL";
    if (authLogger.isDebugEnabled()) {
      authLogger.debug(
          request.getRemoteAddr()
              + " - request-URI: "
              + request.getRequestURI()
              + " - "
              + "logout_method: Logout: principal: '"
              + principal
              + "' - method: '"
              + handler.getIdentifier()
              + "' - status: "
              + status);
    }

    this.tokenManager.removeToken(securityContext.getToken());
    SecurityContext.setSecurityContext(null);

    if (this.rememberAuthMethod) {
      List<String> spCookies = new ArrayList<String>();
      spCookies.add(vrtxAuthSP);
      spCookies.add(uioAuthIDP);
      if (this.cookieLinksEnabled) {
        spCookies.add(VRTXLINK_COOKIE);
      }

      for (String cookie : spCookies) {
        Cookie c = getCookie(request, cookie);
        if (c != null) {
          if (logger.isDebugEnabled()) {
            logger.debug("Deleting cookie " + cookie);
          }
          c = new Cookie(cookie, c.getValue());
          if (!cookie.equals(VRTXLINK_COOKIE)) {
            c.setSecure(true);
          }
          c.setPath("/");
          if (this.spCookieDomain != null && !cookie.equals(VRTXLINK_COOKIE)) {
            c.setDomain(this.spCookieDomain);
          }
          c.setMaxAge(0);
          response.addCookie(c);
        }
      }
    }
    return result;
  }
Esempio n. 2
0
  /**
   * Removes authentication state from the authentication system. The {@link SecurityContext} is
   * cleared, the current principal is removed from the {@link TokenManager}, but the {@link
   * AuthenticationHandler#logout logout} process is not initiated.
   *
   * @return <code>true</code> if any state was removed, <code>false</code> otherwise
   */
  public boolean removeAuthState(HttpServletRequest request, HttpServletResponse response) {
    if (!SecurityContext.exists()) {
      return false;
    }
    SecurityContext securityContext = SecurityContext.getSecurityContext();
    Principal principal = securityContext.getPrincipal();
    if (principal == null) {
      return false;
    }
    this.tokenManager.removeToken(securityContext.getToken());
    SecurityContext.setSecurityContext(null);
    if (authLogger.isDebugEnabled()) {
      authLogger.debug(
          request.getRemoteAddr()
              + " - request-URI: "
              + request.getRequestURI()
              + " - "
              + "removeAuthState_method: Logout: principal: '"
              + principal
              + "' - method: '<none>' - status: OK");
    }
    if (this.rememberAuthMethod) {
      List<String> spCookies = new ArrayList<String>();
      spCookies.add(vrtxAuthSP);
      spCookies.add(uioAuthIDP);
      spCookies.add(VRTXLINK_COOKIE);

      for (String cookie : spCookies) {
        Cookie c = getCookie(request, cookie);
        if (c != null) {
          if (logger.isDebugEnabled()) {
            logger.debug("Deleting cookie " + cookie);
          }
          if (authLogger.isDebugEnabled()) {
            authLogger.debug(
                request.getRemoteAddr()
                    + " - request-URI: "
                    + request.getRequestURI()
                    + " - "
                    + "Deleting cookie "
                    + cookie);
          }
          c = new Cookie(cookie, c.getValue());
          if (!cookie.equals(VRTXLINK_COOKIE)) {
            c.setSecure(true);
          }
          c.setPath("/");
          if (this.spCookieDomain != null && !cookie.equals(VRTXLINK_COOKIE)) {
            c.setDomain(this.spCookieDomain);
          }
          c.setMaxAge(0);
          response.addCookie(c);
        }
      }
    }

    HttpSession session = request.getSession(false);
    if (session != null) {
      session.invalidate();
    }

    return true;
  }