From ff8ae7727e4de105a1179288b129429a29bc07ca Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 10 Feb 2016 17:05:00 +0100
Subject: refactor LogOutServlet to Spring WebMVC implementation

---
 .../moa/id/auth/servlet/LogOutServlet.java         | 137 +++++++++------------
 1 file changed, 56 insertions(+), 81 deletions(-)

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 53187088e..a5504ec4c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -48,11 +48,12 @@ package at.gv.egovernment.moa.id.auth.servlet;
 
 import java.io.IOException;
 
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -64,97 +65,71 @@ import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
-public class LogOutServlet extends AuthServlet {
-
-	private static final long serialVersionUID = 3908001651893673395L;
 
+@Controller
+public class LogOutServlet {
 	private static final String REDIRECT_URL = "redirect";
 	
-  protected void doGet(HttpServletRequest req, HttpServletResponse resp)
-    throws ServletException, IOException {
-
-	Logger.debug("receive LogOut Request");  
+	@RequestMapping(value = "/LogOut", method = {RequestMethod.POST, RequestMethod.GET})
+	public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+		Logger.debug("receive LogOut Request");  
 
-	String redirectUrl = (String) req.getParameter(REDIRECT_URL);
-	
-	SSOManager ssomanager = SSOManager.getInstance();
-	
-	try {
-		//get SSO token from request
-		String ssoid = ssomanager.getSSOSessionID(req);
+		String redirectUrl = (String) req.getParameter(REDIRECT_URL);
 		
-		if (MiscUtil.isEmpty(redirectUrl)) {
-			//set default redirect Target
-			Logger.debug("Set default RedirectURL back to MOA-ID-Auth");
-			redirectUrl = HTTPUtils.extractAuthURLFromRequest(req);
+		SSOManager ssomanager = SSOManager.getInstance();
+		
+		try {
+			//get SSO token from request
+			String ssoid = ssomanager.getSSOSessionID(req);
 			
-		} else {
-			//return an error if RedirectURL is not a active Online-Applikation
-			OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(redirectUrl);			
-			if (oa == null) {		
-				Logger.info("RedirctURL does not match to OA configuration. Set default RedirectURL back to MOA-ID-Auth");
+			if (MiscUtil.isEmpty(redirectUrl)) {
+				//set default redirect Target
+				Logger.debug("Set default RedirectURL back to MOA-ID-Auth");
 				redirectUrl = HTTPUtils.extractAuthURLFromRequest(req);
 				
+			} else {
+				//return an error if RedirectURL is not a active Online-Applikation
+				OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(redirectUrl);			
+				if (oa == null) {		
+					Logger.info("RedirctURL does not match to OA configuration. Set default RedirectURL back to MOA-ID-Auth");
+					redirectUrl = HTTPUtils.extractAuthURLFromRequest(req);
+					
+				}
+				
 			}
 			
-		}
-		
-		if (ssomanager.isValidSSOSession(ssoid, null)) {
-	
-			//TODO: Single LogOut Implementation
-	
-			//delete SSO session and MOA session
-			AuthenticationManager authmanager = AuthenticationManager.getInstance();
-			String moasessionid = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid);
-	
-			RequestStorage.removePendingRequest(AuthenticationSessionStoreage.getPendingRequestID(moasessionid));
-			
-			authmanager.performOnlyIDPLogOut(req, resp, moasessionid);
-			Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
-		} else {
-			Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
-		}
-		
-		//Remove SSO token
-		ssomanager.deleteSSOSessionID(req, resp);
-		
-	} catch (Exception e) {
-		resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed.");
-		return;
+			if (ssomanager.isValidSSOSession(ssoid, null)) {
 		
-	} finally {
+				//TODO: Single LogOut Implementation
 		
+				//delete SSO session and MOA session
+				AuthenticationManager authmanager = AuthenticationManager.getInstance();
+				String moasessionid = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid);
 		
+				RequestStorage.removePendingRequest(AuthenticationSessionStoreage.getPendingRequestID(moasessionid));
+				
+				authmanager.performOnlyIDPLogOut(req, resp, moasessionid);
+				Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
+			} else {
+				Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
+			}
+			
+			//Remove SSO token
+			ssomanager.deleteSSOSessionID(req, resp);
+			
+		} catch (Exception e) {
+			resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed.");
+			return;
+			
+		} finally {
+			
+			
+		}
+			
+		//Redirect to Application
+	    resp.setStatus(302);
+	    resp.addHeader("Location", redirectUrl);
+	    
 	}
-		
-	//Redirect to Application
-    resp.setStatus(302);
-    resp.addHeader("Location", redirectUrl);
-  }
-
-
-  protected void doPost(HttpServletRequest req, HttpServletResponse resp)
-    throws ServletException, IOException {
-    
-    doGet(req, resp);
-  }
-  
-
-  /**
-   * Calls the web application initializer.
-   * 
-   * @see javax.servlet.Servlet#init(ServletConfig)
-   */
-  public void init(ServletConfig servletConfig) throws ServletException {
-//  	try {
-//      super.init(servletConfig);
-//      MOAIDAuthInitializer.initialize();
-//  		Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
-//  	}
-//  	catch (Exception ex) {
-//  		Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
-//  		throw new ServletException(ex);
-//  	}
-  }  
-
+	
 }
-- 
cgit v1.2.3