Author: sohil.shah(a)jboss.com Date: 2008-02-01 17:58:18 -0500 (Fri, 01 Feb 2008) New Revision: 9708 Modified: modules/identity/branches/JBP_IDENTITY_BRANCH_1_0/sso/src/etc/cas/context.xml modules/identity/branches/JBP_IDENTITY_BRANCH_1_0/sso/src/main/org/jboss/portal/identity/sso/cas/CASAuthenticationValve.java modules/identity/branches/JBP_IDENTITY_BRANCH_1_0/sso/src/main/org/jboss/portal/identity/sso/josso/JOSSOLogoutValve.java Log: JBPORTAL-1848 - Portal CAS integration does not invalidate the CAS token Modified: modules/identity/branches/JBP_IDENTITY_BRANCH_1_0/sso/src/etc/cas/context.xml =================================================================== --- modules/identity/branches/JBP_IDENTITY_BRANCH_1_0/sso/src/etc/cas/context.xml 2008-02-01 21:41:57 UTC (rev 9707) +++ modules/identity/branches/JBP_IDENTITY_BRANCH_1_0/sso/src/etc/cas/context.xml 2008-02-01 22:58:18 UTC (rev 9708) @@ -2,6 +2,7 @@ <Context> <Valve className="org.jboss.portal.identity.sso.cas.CASAuthenticationValve" casLogin="https://localhost/cas/login" + casLogout="https://localhost/cas/logout" casValidate="https://localhost/cas/serviceValidate" casServerName="localhost" authType="FORM" Modified: modules/identity/branches/JBP_IDENTITY_BRANCH_1_0/sso/src/main/org/jboss/portal/identity/sso/cas/CASAuthenticationValve.java =================================================================== --- modules/identity/branches/JBP_IDENTITY_BRANCH_1_0/sso/src/main/org/jboss/portal/identity/sso/cas/CASAuthenticationValve.java 2008-02-01 21:41:57 UTC (rev 9707) +++ modules/identity/branches/JBP_IDENTITY_BRANCH_1_0/sso/src/main/org/jboss/portal/identity/sso/cas/CASAuthenticationValve.java 2008-02-01 22:58:18 UTC (rev 9708) @@ -144,6 +144,9 @@ // Configuration state /** Secure URL whereat CAS offers its login service. */ private String casLogin; + + /**Secure URL to perfrom CAS signout */ + private String casLogout; /** Secure URL whereat CAS offers its CAS 2.0 validate service */ private String casValidate; @@ -202,9 +205,27 @@ { this.casLogin = casLogin; } + + /** + * + * @return + */ + public String getCasLogout() + { + return casLogout; + } /** * + * @param casLogout + */ + public void setCasLogout(String casLogout) + { + this.casLogout = casLogout; + } + + /** + * * @return */ public String getCasServerName() @@ -282,7 +303,8 @@ ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; - HttpSession session = httpRequest.getSession(); + HttpSession session = httpRequest.getSession(); + request.setAttribute("ssoEnabled", "true"); String requestURI = request.getRequestURI(); if (isSecuredURI(requestURI) @@ -300,39 +322,47 @@ && session.getAttribute(CAS_FILTER_USER) == null) { CASReceipt receipt = null; + boolean skip = false; try { receipt = getAuthenticatedUser(httpRequest); } catch (CASAuthenticationException e) { - throw new ServletException(e); + skip = true; } - if (!isReceiptAcceptable(receipt)) + if (!skip && !isReceiptAcceptable(receipt)) { - throw new ServletException( - "Authentication was technically successful but rejected as a matter of policy. [" - + receipt + "]"); + skip = true; } - session.setAttribute(CAS_FILTER_USER, receipt.getUserName()); - session.setAttribute(CAS_FILTER_RECEIPT, receipt); - - // perform the portal JAAS authentication - String user = receipt.getUserName(); - request.setAttribute("ssoSuccess", new Boolean(true)); - Principal principal = ((Context) this.container).getRealm() - .authenticate(user, (String) null); - if (principal != null) + if(!skip) { - this.register(request, response, principal, this.authType, user, - (String) null); + session.setAttribute(CAS_FILTER_USER, receipt.getUserName()); + session.setAttribute(CAS_FILTER_RECEIPT, receipt); + + // perform the portal JAAS authentication + String user = receipt.getUserName(); + request.setAttribute("ssoSuccess", new Boolean(true)); + Principal principal = ((Context) this.container).getRealm() + .authenticate(user, (String) null); + if (principal != null) + { + this.register(request, response, principal, this.authType, user, + (String) null); + } } } // continue processing the request this.getNext().invoke(request, response); + + //Perform a logout on the CAS SSO Session + if(request.getAttribute("org.jboss.portal.logout") != null) + { + response.sendRedirect(this.casLogout); + } } /** Modified: modules/identity/branches/JBP_IDENTITY_BRANCH_1_0/sso/src/main/org/jboss/portal/identity/sso/josso/JOSSOLogoutValve.java =================================================================== --- modules/identity/branches/JBP_IDENTITY_BRANCH_1_0/sso/src/main/org/jboss/portal/identity/sso/josso/JOSSOLogoutValve.java 2008-02-01 21:41:57 UTC (rev 9707) +++ modules/identity/branches/JBP_IDENTITY_BRANCH_1_0/sso/src/main/org/jboss/portal/identity/sso/josso/JOSSOLogoutValve.java 2008-02-01 22:58:18 UTC (rev 9708) @@ -45,7 +45,8 @@ public void invoke(Request request, Response response) throws IOException, ServletException { - HttpServletRequest httpRequest = (HttpServletRequest) request; + HttpServletRequest httpRequest = (HttpServletRequest) request; + request.setAttribute("ssoEnabled", "true"); Cookie jossoPortalCookie = this.findJOSSOPortalLogoutCookie(httpRequest); if(jossoPortalCookie != null)