コード例 #1
0
  @Override
  public Response requestEndSession(
      String idTokenHint,
      String postLogoutRedirectUri,
      String state,
      String sessionId,
      HttpServletRequest httpRequest,
      HttpServletResponse httpResponse,
      SecurityContext sec) {

    log.debug(
        "Attempting to end session, idTokenHint: {0}, postLogoutRedirectUri: {1}, sessionId: {2}, Is Secure = {3}",
        idTokenHint, postLogoutRedirectUri, sessionId, sec.isSecure());

    EndSessionParamsValidator.validateParams(
        idTokenHint, postLogoutRedirectUri, errorResponseFactory);

    final Pair<SessionId, AuthorizationGrant> pair =
        endSession(idTokenHint, sessionId, httpRequest, httpResponse, sec);

    // Validate redirectUri
    String redirectUri =
        redirectionUriService.validatePostLogoutRedirectUri(
            pair.getSecond().getClient().getClientId(), postLogoutRedirectUri);

    if (StringUtils.isNotBlank(redirectUri)) {
      RedirectUri redirectUriResponse = new RedirectUri(redirectUri);
      if (StringUtils.isNotBlank(state)) {
        redirectUriResponse.addResponseParameter(EndSessionResponseParam.STATE, state);
      }

      return RedirectUtil.getRedirectResponseBuilder(redirectUriResponse, httpRequest).build();
    } else {
      errorResponseFactory.throwBadRequestException(EndSessionErrorResponseType.INVALID_REQUEST);
    }
    return Response.ok().build();
  }
コード例 #2
0
  @Override
  public Response requestEndSession(
      String idTokenHint,
      String postLogoutRedirectUri,
      String state,
      String sessionId,
      HttpServletRequest httpRequest,
      HttpServletResponse httpResponse,
      SecurityContext sec) {
    log.debug(
        "Attempting to end session, idTokenHint: {0}, postLogoutRedirectUri: {1}, sessionId: {2}, Is Secure = {3}",
        idTokenHint, postLogoutRedirectUri, sessionId, sec.isSecure());
    Response.ResponseBuilder builder = Response.ok();

    if (!EndSessionParamsValidator.validateParams(idTokenHint, postLogoutRedirectUri)) {
      builder = Response.status(400);
      builder.entity(
          errorResponseFactory.getErrorAsJson(EndSessionErrorResponseType.INVALID_REQUEST));
    } else {
      AuthorizationGrant authorizationGrant =
          authorizationGrantList.getAuthorizationGrantByIdToken(idTokenHint);
      boolean isExternalAuthenticatorLogoutPresent = false;
      boolean externalLogoutResult = false;
      if (authorizationGrant != null) {
        removeSessionId(sessionId, httpRequest, httpResponse);

        isExternalAuthenticatorLogoutPresent = externalApplicationSessionService.isEnabled();
        if (isExternalAuthenticatorLogoutPresent) {
          externalLogoutResult =
              externalApplicationSessionService.executeExternalEndSessionMethods(
                  httpRequest, authorizationGrant);
          log.info(
              "End session result for '{0}': '{1}'",
              authorizationGrant.getUser().getUserId(), "logout", externalLogoutResult);
        }
      }
      boolean isGrantAndNoExternalLogout =
          authorizationGrant != null && !isExternalAuthenticatorLogoutPresent;
      boolean isGrantAndExternalLogoutSuccessful =
          authorizationGrant != null
              && isExternalAuthenticatorLogoutPresent
              && externalLogoutResult;
      if (isGrantAndNoExternalLogout || isGrantAndExternalLogoutSuccessful) {
        authorizationGrant.revokeAllTokens();

        // Validate redirectUri
        String redirectUri =
            redirectionUriService.validatePostLogoutRedirectUri(
                authorizationGrant.getClient().getClientId(), postLogoutRedirectUri);

        if (StringUtils.isNotBlank(redirectUri)) {
          RedirectUri redirectUriResponse = new RedirectUri(redirectUri);
          if (StringUtils.isNotBlank(state)) {
            redirectUriResponse.addResponseParameter(EndSessionResponseParam.STATE, state);
          }

          builder = RedirectUtil.getRedirectResponseBuilder(redirectUriResponse, httpRequest);
        } else {
          builder = Response.status(400);
          builder.entity(
              errorResponseFactory.getErrorAsJson(EndSessionErrorResponseType.INVALID_REQUEST));
        }
      } else {
        builder = Response.status(401);
        builder.entity(
            errorResponseFactory.getErrorAsJson(EndSessionErrorResponseType.INVALID_GRANT));
      }
    }
    return builder.build();
  }