/**
* Logs out the client from the authentication system. Clears the {@link SecurityContext} and
* removes the principal from the {@link TokenManager}. Finally, calls the authentication
* handler's {@link AuthenticationHandler#logout logout} method.
*
* @param request the request
* @param response the response
* @return the return value of the authentication handler's <code>logout()</code> method.
* @throws AuthenticationProcessingException if an underlying problem prevented the request from
* being processed
* @throws IOException
* @throws ServletException
* @see AuthenticationHandler#logout
*/
public boolean logout(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationProcessingException, ServletException, IOException {
if (!SecurityContext.exists()) {
return false;
}
SecurityContext securityContext = SecurityContext.getSecurityContext();
Principal principal = securityContext.getPrincipal();
if (principal == null) {
return false;
}
AuthenticationHandler handler =
this.tokenManager.getAuthenticationHandler(securityContext.getToken());
// FIXME: what if handler.isLogoutSupported() == false?
boolean result = handler.logout(principal, request, response);
String status = result ? "OK" : "FAIL";
if (authLogger.isDebugEnabled()) {
authLogger.debug(
request.getRemoteAddr()
+ " - request-URI: "
+ request.getRequestURI()
+ " - "
+ "logout_method: Logout: principal: '"
+ principal
+ "' - method: '"
+ handler.getIdentifier()
+ "' - status: "
+ status);
}
this.tokenManager.removeToken(securityContext.getToken());
SecurityContext.setSecurityContext(null);
if (this.rememberAuthMethod) {
List<String> spCookies = new ArrayList<String>();
spCookies.add(vrtxAuthSP);
spCookies.add(uioAuthIDP);
if (this.cookieLinksEnabled) {
spCookies.add(VRTXLINK_COOKIE);
}
for (String cookie : spCookies) {
Cookie c = getCookie(request, cookie);
if (c != null) {
if (logger.isDebugEnabled()) {
logger.debug("Deleting cookie " + cookie);
}
c = new Cookie(cookie, c.getValue());
if (!cookie.equals(VRTXLINK_COOKIE)) {
c.setSecure(true);
}
c.setPath("/");
if (this.spCookieDomain != null && !cookie.equals(VRTXLINK_COOKIE)) {
c.setDomain(this.spCookieDomain);
}
c.setMaxAge(0);
response.addCookie(c);
}
}
}
return result;
}
/**
* Removes authentication state from the authentication system. The {@link SecurityContext} is
* cleared, the current principal is removed from the {@link TokenManager}, but the {@link
* AuthenticationHandler#logout logout} process is not initiated.
*
* @return <code>true</code> if any state was removed, <code>false</code> otherwise
*/
public boolean removeAuthState(HttpServletRequest request, HttpServletResponse response) {
if (!SecurityContext.exists()) {
return false;
}
SecurityContext securityContext = SecurityContext.getSecurityContext();
Principal principal = securityContext.getPrincipal();
if (principal == null) {
return false;
}
this.tokenManager.removeToken(securityContext.getToken());
SecurityContext.setSecurityContext(null);
if (authLogger.isDebugEnabled()) {
authLogger.debug(
request.getRemoteAddr()
+ " - request-URI: "
+ request.getRequestURI()
+ " - "
+ "removeAuthState_method: Logout: principal: '"
+ principal
+ "' - method: '<none>' - status: OK");
}
if (this.rememberAuthMethod) {
List<String> spCookies = new ArrayList<String>();
spCookies.add(vrtxAuthSP);
spCookies.add(uioAuthIDP);
spCookies.add(VRTXLINK_COOKIE);
for (String cookie : spCookies) {
Cookie c = getCookie(request, cookie);
if (c != null) {
if (logger.isDebugEnabled()) {
logger.debug("Deleting cookie " + cookie);
}
if (authLogger.isDebugEnabled()) {
authLogger.debug(
request.getRemoteAddr()
+ " - request-URI: "
+ request.getRequestURI()
+ " - "
+ "Deleting cookie "
+ cookie);
}
c = new Cookie(cookie, c.getValue());
if (!cookie.equals(VRTXLINK_COOKIE)) {
c.setSecure(true);
}
c.setPath("/");
if (this.spCookieDomain != null && !cookie.equals(VRTXLINK_COOKIE)) {
c.setDomain(this.spCookieDomain);
}
c.setMaxAge(0);
response.addCookie(c);
}
}
}
HttpSession session = request.getSession(false);
if (session != null) {
session.invalidate();
}
return true;
}
