aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java145
1 files changed, 60 insertions, 85 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 53187088e..15333a933 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -48,113 +48,88 @@ package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-public class LogOutServlet extends AuthServlet {
-
- private static final long serialVersionUID = 3908001651893673395L;
+@Controller
+public class LogOutServlet {
private static final String REDIRECT_URL = "redirect";
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("receive LogOut Request");
-
- String redirectUrl = (String) req.getParameter(REDIRECT_URL);
-
- SSOManager ssomanager = SSOManager.getInstance();
+ @Autowired private SSOManager ssomanager;
+ @Autowired private AuthenticationManager authmanager;
+ @Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
- try {
- //get SSO token from request
- String ssoid = ssomanager.getSSOSessionID(req);
-
- if (MiscUtil.isEmpty(redirectUrl)) {
- //set default redirect Target
- Logger.debug("Set default RedirectURL back to MOA-ID-Auth");
- redirectUrl = HTTPUtils.extractAuthURLFromRequest(req);
+ @RequestMapping(value = "/LogOut", method = {RequestMethod.POST, RequestMethod.GET})
+ public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ Logger.debug("Receive simple LogOut Request");
+
+ String redirectUrl = (String) req.getParameter(REDIRECT_URL);
+
+ try {
+ //get SSO token from request
+ String ssoid = ssomanager.getSSOSessionID(req);
- } else {
- //return an error if RedirectURL is not a active Online-Applikation
- OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(redirectUrl);
- if (oa == null) {
- Logger.info("RedirctURL does not match to OA configuration. Set default RedirectURL back to MOA-ID-Auth");
+ if (MiscUtil.isEmpty(redirectUrl)) {
+ //set default redirect Target
+ Logger.debug("Set default RedirectURL back to MOA-ID-Auth");
redirectUrl = HTTPUtils.extractAuthURLFromRequest(req);
+ } else {
+ //return an error if RedirectURL is not a active Online-Applikation
+ IOAAuthParameters oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(redirectUrl);
+ if (oa == null) {
+ Logger.info("RedirctURL does not match to OA configuration. Set default RedirectURL back to MOA-ID-Auth");
+ redirectUrl = HTTPUtils.extractAuthURLFromRequest(req);
+
+ }
+
}
- }
+ if (ssomanager.isValidSSOSession(ssoid, null)) {
- if (ssomanager.isValidSSOSession(ssoid, null)) {
-
- //TODO: Single LogOut Implementation
-
- //delete SSO session and MOA session
- AuthenticationManager authmanager = AuthenticationManager.getInstance();
- String moasessionid = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid);
-
- RequestStorage.removePendingRequest(AuthenticationSessionStoreage.getPendingRequestID(moasessionid));
+ //TODO: Single LogOut Implementation
+
+ //delete SSO session and MOA session
+ String moasessionid = authenticatedSessionStorage.getMOASessionSSOID(ssoid);
+ authmanager.performOnlyIDPLogOut(req, resp, moasessionid);
+
+ Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
+ } else {
+ Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
+
+ }
+
+ //Remove SSO token
+ ssomanager.deleteSSOSessionID(req, resp);
+
+ } catch (Exception e) {
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed.");
+ return;
+
+ } finally {
+
- authmanager.performOnlyIDPLogOut(req, resp, moasessionid);
- Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
- } else {
- Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
}
-
- //Remove SSO token
- ssomanager.deleteSSOSessionID(req, resp);
-
- } catch (Exception e) {
- resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed.");
- return;
-
- } finally {
-
-
+
+ //Redirect to Application
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectUrl);
+
}
-
- //Redirect to Application
- resp.setStatus(302);
- resp.addHeader("Location", redirectUrl);
- }
-
-
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- doGet(req, resp);
- }
-
-
- /**
- * Calls the web application initializer.
- *
- * @see javax.servlet.Servlet#init(ServletConfig)
- */
- public void init(ServletConfig servletConfig) throws ServletException {
-// try {
-// super.init(servletConfig);
-// MOAIDAuthInitializer.initialize();
-// Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
-// }
-// catch (Exception ex) {
-// Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
-// throw new ServletException(ex);
-// }
- }
-
+
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 12:08:53 +0000