diff options
Diffstat (limited to 'id')
| -rw-r--r-- | id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml | 4 | ||||
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java | 137 | 
2 files changed, 60 insertions, 81 deletions
| diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml index 18a75740a..d0c786751 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml @@ -17,8 +17,12 @@  	<context:annotation-config />
 +	<context:component-scan base-package="at.gv.egovernment.moa.id.auth.servlet" />
 +
  	<mvc:annotation-driven />
 +	<mvc:default-servlet-handler/>
 +
  	<bean id="processEngine" class="at.gv.egovernment.moa.id.process.ProcessEngineImpl">
  		<property name="transitionConditionExpressionEvaluator">
  			<bean class="at.gv.egovernment.moa.id.process.springweb.SpringWebExpressionEvaluator" />
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index 53187088e..a5504ec4c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -48,11 +48,12 @@ package at.gv.egovernment.moa.id.auth.servlet;  import java.io.IOException; -import javax.servlet.ServletConfig; -import javax.servlet.ServletException;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod;  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;  import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -64,97 +65,71 @@ import at.gv.egovernment.moa.id.util.HTTPUtils;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.MiscUtil; -public class LogOutServlet extends AuthServlet { - -	private static final long serialVersionUID = 3908001651893673395L; +@Controller +public class LogOutServlet {  	private static final String REDIRECT_URL = "redirect"; -  protected void doGet(HttpServletRequest req, HttpServletResponse resp) -    throws ServletException, IOException { - -	Logger.debug("receive LogOut Request");   +	@RequestMapping(value = "/LogOut", method = {RequestMethod.POST, RequestMethod.GET}) +	public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException { +		Logger.debug("receive LogOut Request");   -	String redirectUrl = (String) req.getParameter(REDIRECT_URL); -	 -	SSOManager ssomanager = SSOManager.getInstance(); -	 -	try { -		//get SSO token from request -		String ssoid = ssomanager.getSSOSessionID(req); +		String redirectUrl = (String) req.getParameter(REDIRECT_URL); -		if (MiscUtil.isEmpty(redirectUrl)) { -			//set default redirect Target -			Logger.debug("Set default RedirectURL back to MOA-ID-Auth"); -			redirectUrl = HTTPUtils.extractAuthURLFromRequest(req); +		SSOManager ssomanager = SSOManager.getInstance(); +		 +		try { +			//get SSO token from request +			String ssoid = ssomanager.getSSOSessionID(req); -		} else { -			//return an error if RedirectURL is not a active Online-Applikation -			OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(redirectUrl);			 -			if (oa == null) {		 -				Logger.info("RedirctURL does not match to OA configuration. Set default RedirectURL back to MOA-ID-Auth"); +			if (MiscUtil.isEmpty(redirectUrl)) { +				//set default redirect Target +				Logger.debug("Set default RedirectURL back to MOA-ID-Auth");  				redirectUrl = HTTPUtils.extractAuthURLFromRequest(req); +			} else { +				//return an error if RedirectURL is not a active Online-Applikation +				OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(redirectUrl);			 +				if (oa == null) {		 +					Logger.info("RedirctURL does not match to OA configuration. Set default RedirectURL back to MOA-ID-Auth"); +					redirectUrl = HTTPUtils.extractAuthURLFromRequest(req); +					 +				} +				  			} -		} -		 -		if (ssomanager.isValidSSOSession(ssoid, null)) { -	 -			//TODO: Single LogOut Implementation -	 -			//delete SSO session and MOA session -			AuthenticationManager authmanager = AuthenticationManager.getInstance(); -			String moasessionid = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid); -	 -			RequestStorage.removePendingRequest(AuthenticationSessionStoreage.getPendingRequestID(moasessionid)); -			 -			authmanager.performOnlyIDPLogOut(req, resp, moasessionid); -			Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl); -		} else { -			Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl); -		} -		 -		//Remove SSO token -		ssomanager.deleteSSOSessionID(req, resp); -		 -	} catch (Exception e) { -		resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed."); -		return; +			if (ssomanager.isValidSSOSession(ssoid, null)) { -	} finally { +				//TODO: Single LogOut Implementation +				//delete SSO session and MOA session +				AuthenticationManager authmanager = AuthenticationManager.getInstance(); +				String moasessionid = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid); +				RequestStorage.removePendingRequest(AuthenticationSessionStoreage.getPendingRequestID(moasessionid)); +				 +				authmanager.performOnlyIDPLogOut(req, resp, moasessionid); +				Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl); +			} else { +				Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl); +			} +			 +			//Remove SSO token +			ssomanager.deleteSSOSessionID(req, resp); +			 +		} catch (Exception e) { +			resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed."); +			return; +			 +		} finally { +			 +			 +		} +			 +		//Redirect to Application +	    resp.setStatus(302); +	    resp.addHeader("Location", redirectUrl); +	      	} -		 -	//Redirect to Application -    resp.setStatus(302); -    resp.addHeader("Location", redirectUrl); -  } - - -  protected void doPost(HttpServletRequest req, HttpServletResponse resp) -    throws ServletException, IOException { -     -    doGet(req, resp); -  } -   - -  /** -   * Calls the web application initializer. -   *  -   * @see javax.servlet.Servlet#init(ServletConfig) -   */ -  public void init(ServletConfig servletConfig) throws ServletException { -//  	try { -//      super.init(servletConfig); -//      MOAIDAuthInitializer.initialize(); -//  		Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); -//  	} -//  	catch (Exception ex) { -//  		Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); -//  		throw new ServletException(ex); -//  	} -  }   - +	  } | 
