/**
* Verifies that required entities were autowired or set.
*
* @throws ServletException
*/
@Override
public void afterPropertiesSet() throws ServletException {
super.afterPropertiesSet();
Assert.notNull(profile, "Single logout profile must be set");
Assert.notNull(contextProvider, "Context provider must be set");
Assert.notNull(samlLogger, "SAML Logger must be set");
}
@Test
public void logoutUrl() throws Exception {
request.setServletPath("/j_spring_security_logout");
filter.doFilter(request, response, chain);
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_FOUND);
}
@Override
public void afterPropertiesSet() throws ServletException {
super.afterPropertiesSet();
if (getTimeOutLogoutUri() == null) {
throw new ServletException(
getClass().getName() + ".afterPropertiesSet: timeOutLogoutUri property required.");
}
}
public void testRequiresLogoutUrlWorksWithQueryParams() {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setContextPath("/context");
MockHttpServletResponse response = new MockHttpServletResponse();
request.setServletPath("/logout");
request.setRequestURI("/context/logout?param=blah");
request.setQueryString("otherparam=blah");
assertTrue(filter.requiresLogout(request, response));
}
public void testRequiresLogoutUrlWorksWithPathParams() {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
request.setRequestURI("/context/logout;someparam=blah?param=blah");
request.setServletPath("/logout;someparam=blah");
request.setQueryString("otherparam=blah");
DefaultHttpFirewall fw = new DefaultHttpFirewall();
assertTrue(filter.requiresLogout(fw.getFirewalledRequest(request), response));
}
/**
* In case request parameter of name "local" is set to true or there is no authenticated user only
* local logout will be performed and user will be redirected to the success page. Otherwise
* global logout procedure is initialized.
*
* @param request http request
* @param response http response
* @param chain chain
* @throws IOException error
* @throws ServletException error
*/
public void processLogout(
HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws IOException, ServletException {
if (requiresLogout(request, response)) {
try {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null && isGlobalLogout(request, auth)) {
Assert.isInstanceOf(
SAMLCredential.class,
auth.getCredentials(),
"Authentication object doesn't contain SAML credential, cannot perform global logout");
// Terminate the session first
for (LogoutHandler handler : globalHandlers) {
handler.logout(request, response, auth);
}
// Notify session participants using SAML Single Logout profile
SAMLCredential credential = (SAMLCredential) auth.getCredentials();
request.setAttribute(SAMLConstants.LOCAL_ENTITY_ID, credential.getLocalEntityID());
SAMLMessageContext context = contextProvider.getLocalEntity(request, response);
profile.sendLogoutRequest(context, credential);
samlLogger.log(SAMLConstants.LOGOUT_REQUEST, SAMLConstants.SUCCESS, context);
} else {
super.doFilter(request, response, chain);
}
} catch (SAMLException e1) {
throw new ServletException("Error initializing global logout", e1);
} catch (MetadataProviderException e1) {
throw new ServletException("Error processing metadata", e1);
} catch (MessageEncodingException e1) {
throw new ServletException("Error encoding outgoing message", e1);
}
} else {
chain.doFilter(request, response);
}
}
@Bean
public LogoutFilter logoutFilter() {
LogoutFilter filter = new LogoutFilter("/logout/success", new SecurityContextLogoutHandler());
filter.setFilterProcessesUrl("/j_spring_security_logout");
return filter;
}
