コード例 #1
0
  /**
   * In case request parameter of name "local" is set to true or there is no authenticated user only
   * local logout will be performed and user will be redirected to the success page. Otherwise
   * global logout procedure is initialized.
   *
   * @param request http request
   * @param response http response
   * @param chain chain
   * @throws IOException error
   * @throws ServletException error
   */
  public void processLogout(
      HttpServletRequest request, HttpServletResponse response, FilterChain chain)
      throws IOException, ServletException {

    if (requiresLogout(request, response)) {

      try {

        Authentication auth = SecurityContextHolder.getContext().getAuthentication();

        if (auth != null && isGlobalLogout(request, auth)) {

          Assert.isInstanceOf(
              SAMLCredential.class,
              auth.getCredentials(),
              "Authentication object doesn't contain SAML credential, cannot perform global logout");

          // Terminate the session first
          for (LogoutHandler handler : globalHandlers) {
            handler.logout(request, response, auth);
          }

          // Notify session participants using SAML Single Logout profile
          SAMLCredential credential = (SAMLCredential) auth.getCredentials();
          request.setAttribute(SAMLConstants.LOCAL_ENTITY_ID, credential.getLocalEntityID());
          SAMLMessageContext context = contextProvider.getLocalEntity(request, response);
          profile.sendLogoutRequest(context, credential);
          samlLogger.log(SAMLConstants.LOGOUT_REQUEST, SAMLConstants.SUCCESS, context);

        } else {

          super.doFilter(request, response, chain);
        }

      } catch (SAMLException e1) {
        throw new ServletException("Error initializing global logout", e1);
      } catch (MetadataProviderException e1) {
        throw new ServletException("Error processing metadata", e1);
      } catch (MessageEncodingException e1) {
        throw new ServletException("Error encoding outgoing message", e1);
      }

    } else {

      chain.doFilter(request, response);
    }
  }
コード例 #2
0
  /*
   * mapped to cas logout flow
   */
  public void processLogoutPac4j(
      HttpServletRequest request,
      HttpServletResponse response,
      org.springframework.security.core.Authentication auth)
      throws IOException, ServletException {

    try {

      Assert.isInstanceOf(
          SAMLCredential.class,
          auth.getCredentials(),
          "Authentication object doesn't contain SAML credential, cannot perform global logout");

      if (auth != null) {

        for (LogoutHandler handler : globalHandlers) {
          // is cas logout flow work ?
          // handler.logout(request, response, auth);
        }

        // Notify session participants using SAML Single Logout profile
        // send assertion to SLO logoutServiceIDP
        // idp send resp assertion to logout?action=SingleLogout
        SAMLCredential credential = (SAMLCredential) auth.getCredentials();
        // request.setAttribute(SAMLConstants.LOCAL_ENTITY_ID, credential.getLocalEntityID());
        SAMLMessageContext context = contextProvider.getLocalEntity(request, response);
        profile.sendLogoutRequest(context, credential);
        samlLogger.log(SAMLConstants.LOGOUT_REQUEST, SAMLConstants.SUCCESS, context);
      }

    } catch (SAMLException e1) {
      throw new ServletException("Error initializing global logout", e1);
    } catch (MetadataProviderException e1) {
      throw new ServletException("Error processing metadata", e1);
    } catch (MessageEncodingException e1) {
      throw new ServletException("Error encoding outgoing message", e1);
    }
  }