Author: anil.saldhana(a)jboss.com Date: 2011-07-28 14:23:56 -0400 (Thu, 28 Jul 2011) New Revision: 1141 Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java Log: PLFED-196: sp local log out Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2011-07-28 16:17:34 UTC (rev 1140) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2011-07-28 18:23:56 UTC (rev 1141) @@ -34,11 +34,14 @@ import java.util.concurrent.locks.Lock; import java.util.concurrent.locks.ReentrantLock; +import javax.servlet.RequestDispatcher; import javax.servlet.ServletContext; +import javax.servlet.ServletException; import javax.servlet.http.HttpServletResponse; import javax.xml.crypto.dsig.CanonicalizationMethod; import org.apache.catalina.LifecycleException; +import org.apache.catalina.Session; import org.apache.catalina.authenticator.AuthenticatorBase; import org.apache.catalina.authenticator.FormAuthenticator; import org.apache.catalina.connector.Request; @@ -114,6 +117,8 @@ protected String canonicalizationMethod = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS; + protected final String logOutPage = GeneralConstants.LOGOUT_PAGE_NAME; + /** * Servlet3 related changes forced Tomcat to change the authenticate method * signature in the FormAuthenticator. For now, we use reflection for forward @@ -454,6 +459,28 @@ chainConfigOptions.put(GeneralConstants.ROLE_VALIDATOR_IGNORE, "false"); //No validator as tomcat realm does validn } + protected void sendToLogoutPage(Request request, Response response, Session session) throws IOException, + ServletException + { + //we are invalidated. + RequestDispatcher dispatch = context.getServletContext().getRequestDispatcher(this.logOutPage); + if (dispatch == null) + log.error("Cannot dispatch to the logout page: no request dispatcher:" + this.logOutPage); + else + { + session.expire(); + try + { + dispatch.forward(request, response); + } + catch (Exception e) + { + //JBAS5.1 and 6 quirkiness + dispatch.forward(request.getRequest(), response); + } + } + } + private Class<?> getAuthenticatorBaseClass() { Class<?> myClass = getClass(); Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2011-07-28 16:17:34 UTC (rev 1140) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2011-07-28 18:23:56 UTC (rev 1141) @@ -29,7 +29,7 @@ import java.util.List; import java.util.Set; -import javax.servlet.RequestDispatcher; +import javax.servlet.ServletException; import javax.servlet.http.HttpServletResponse; import org.apache.catalina.Session; @@ -77,8 +77,6 @@ private boolean jbossEnv = false; - private final String logOutPage = GeneralConstants.LOGOUT_PAGE_NAME; - protected boolean supportSignatures = false; protected TrustKeyManager keyManager; @@ -118,8 +116,27 @@ @Override public boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException { + Session session = request.getSessionInternal(true); + SPUtil spUtil = new SPUtil(); + //Eagerly look for Local LogOut + String lloStr = request.getParameter(GeneralConstants.LOCAL_LOGOUT); + boolean localLogout = isNotNull(lloStr) && "true".equalsIgnoreCase(lloStr); + if (localLogout) + { + try + { + sendToLogoutPage(request, response, session); + } + catch (ServletException e) + { + log.error("Exception in logout::", e); + throw new IOException(e); + } + return false; + } + //Eagerly look for Global LogOut String gloStr = request.getParameter(GeneralConstants.GLOBAL_LOGOUT); boolean logOutRequest = isNotNull(gloStr) && "true".equalsIgnoreCase(gloStr); @@ -133,7 +150,6 @@ if (principal != null && !(logOutRequest || isNotNull(samlRequest) || isNotNull(samlResponse))) return true; - Session session = request.getSessionInternal(true); String relayState = request.getParameter(GeneralConstants.RELAY_STATE); boolean willSendRequest = false; @@ -244,23 +260,7 @@ boolean sessionValidity = session.isValid(); if (!sessionValidity) { - //we are invalidated. - RequestDispatcher dispatch = context.getServletContext().getRequestDispatcher(this.logOutPage); - if (dispatch == null) - log.error("Cannot dispatch to the logout page: no request dispatcher:" + this.logOutPage); - else - { - session.expire(); - try - { - dispatch.forward(request, response); - } - catch (Exception e) - { - //JBAS5.1 and 6 quirkiness - dispatch.forward(request.getRequest(), response); - } - } + sendToLogoutPage(request, response, session); return false; } Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java =================================================================== --- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2011-07-28 16:17:34 UTC (rev 1140) +++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2011-07-28 18:23:56 UTC (rev 1141) @@ -31,7 +31,6 @@ import java.util.Set; import java.util.StringTokenizer; -import javax.servlet.RequestDispatcher; import javax.servlet.ServletException; import javax.servlet.http.HttpServletResponse; @@ -81,8 +80,6 @@ protected boolean jbossEnv = false; - private final String logOutPage = GeneralConstants.LOGOUT_PAGE_NAME; - public SPRedirectFormAuthenticator() { super(); @@ -112,6 +109,25 @@ @Override public boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException { + Session session = request.getSessionInternal(true); + + //Eagerly look for Local LogOut + String lloStr = request.getParameter(GeneralConstants.LOCAL_LOGOUT); + boolean localLogout = isNotNull(lloStr) && "true".equalsIgnoreCase(lloStr); + if (localLogout) + { + try + { + sendToLogoutPage(request, response, session); + } + catch (ServletException e) + { + log.error("Exception in logout::", e); + throw new IOException(e); + } + return false; + } + //Eagerly look for Global LogOut String gloStr = request.getParameter(GeneralConstants.GLOBAL_LOGOUT); boolean logOutRequest = isNotNull(gloStr) && "true".equalsIgnoreCase(gloStr); @@ -125,7 +141,6 @@ if (principal != null && !(logOutRequest || isNotNull(samlRequest) || isNotNull(samlResponse))) return true; - Session session = request.getSessionInternal(true); String relayState = request.getParameter(GeneralConstants.RELAY_STATE); HTTPContext httpContext = new HTTPContext(request, response, context.getServletContext()); @@ -278,23 +293,7 @@ boolean sessionValidity = session.isValid(); if (!sessionValidity) { - //we are invalidated. - RequestDispatcher dispatch = context.getServletContext().getRequestDispatcher(this.logOutPage); - if (dispatch == null) - log.error("Cannot dispatch to the logout page: no request dispatcher:" + this.logOutPage); - else - { - session.expire(); - try - { - dispatch.forward(request, response); - } - catch (Exception e) - { - //JBAS5.1 and 6 quirkiness - dispatch.forward(request.getRequest(), response); - } - } + sendToLogoutPage(request, response, session); return false; } Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java =================================================================== --- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java 2011-07-28 16:17:34 UTC (rev 1140) +++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/constants/GeneralConstants.java 2011-07-28 18:23:56 UTC (rev 1141) @@ -48,6 +48,8 @@ String CONFIG_FILE_LOCATION = "/WEB-INF/picketlink-idfed.xml"; + String LOCAL_LOGOUT = "LLO"; + String GLOBAL_LOGOUT = "GLO"; String HANDLER_CONFIG_FILE_LOCATION = "/WEB-INF/picketlink-handlers.xml";