diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java')
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java | 33 |
1 files changed, 8 insertions, 25 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index beacf1552..21d329145 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -56,12 +56,10 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager; +import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager; import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -71,8 +69,8 @@ import at.gv.egovernment.moa.util.MiscUtil; public class LogOutServlet { private static final String REDIRECT_URL = "redirect"; - @Autowired(required=true) private SSOManager ssomanager; - @Autowired(required=true) private AuthenticationManager authmanager; + @Autowired(required=true) private ISSOManager ssomanager; + //@Autowired(required=true) private IAuthenticationManager authmanager; @Autowired(required=true) private IAuthenticationSessionStoreage authenticatedSessionStorage; @Autowired(required=true) private AuthConfiguration authConfig; @@ -83,10 +81,7 @@ public class LogOutServlet { String redirectUrl = (String) req.getParameter(REDIRECT_URL); - try { - //get SSO token from request - String ssoid = ssomanager.getSSOSessionID(req); - + try { if (MiscUtil.isEmpty(redirectUrl)) { //set default redirect Target Logger.debug("Set default RedirectURL back to MOA-ID-Auth"); @@ -103,23 +98,11 @@ public class LogOutServlet { } - if (ssomanager.isValidSSOSession(ssoid, null)) { - - //TODO: Single LogOut Implementation - - //delete SSO session and MOA session - AuthenticationSession moasessionid = authenticatedSessionStorage.getInternalMOASessionWithSSOID(ssoid); - authmanager.performOnlyIDPLogOut(moasessionid); - - Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl); - } else { + if (ssomanager.destroySSOSessionOnIDPOnly(req, resp)) + Logger.info("User with SSO is logged out and get redirect to "+ redirectUrl); + else Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl); - - } - - //Remove SSO token - ssomanager.deleteSSOSessionID(req, resp); - + } catch (Exception e) { resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed."); return; |