integration/CmsLogoutServlet.java

   1 package org.argeo.cms.integration;
   2
   3 import java.io.IOException;
   4 import java.util.Set;
   5
   6 import javax.security.auth.Subject;
   7 import javax.security.auth.callback.Callback;
   8 import javax.security.auth.callback.UnsupportedCallbackException;
   9 import javax.security.auth.login.LoginContext;
  10 import javax.security.auth.login.LoginException;
  11 import javax.servlet.ServletException;
  12 import javax.servlet.http.HttpServlet;
  13 import javax.servlet.http.HttpServletRequest;
  14 import javax.servlet.http.HttpServletResponse;
  15
  16 import org.argeo.cms.auth.CmsSessionId;
  17 import org.argeo.cms.auth.CurrentUser;
  18 import org.argeo.cms.auth.HttpRequestCallback;
  19 import org.argeo.cms.auth.HttpRequestCallbackHandler;
  20 import org.argeo.node.NodeConstants;
  21
  22 /** Externally authenticate an http session. */
  23 public class CmsLogoutServlet extends HttpServlet {
  24         private static final long serialVersionUID = 2478080654328751539L;
  25
  26         @Override
  27         protected void doGet(HttpServletRequest request, HttpServletResponse response)
  28                         throws ServletException, IOException {
  29                 doPost(request, response);
  30         }
  31
  32         @Override
  33         protected void doPost(HttpServletRequest request, HttpServletResponse response)
  34                         throws ServletException, IOException {
  35                 LoginContext lc = null;
  36                 try {
  37                         lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request, response) {
  38                                 public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
  39                                         for (Callback callback : callbacks) {
  40                                                 if (callback instanceof HttpRequestCallback) {
  41                                                         ((HttpRequestCallback) callback).setRequest(request);
  42                                                         ((HttpRequestCallback) callback).setResponse(response);
  43                                                 }
  44                                         }
  45                                 }
  46                         });
  47                         lc.login();
  48
  49                         Subject subject = lc.getSubject();
  50                         CmsSessionId cmsSessionId = extractFrom(subject.getPrivateCredentials(CmsSessionId.class));
  51                         if (cmsSessionId != null) {// logged in
  52                                 CurrentUser.logoutCmsSession(subject);
  53                         }
  54
  55                 } catch (LoginException e) {
  56                         // ignore
  57                 }
  58
  59                 String redirectTo = redirectTo(request);
  60                 if (redirectTo != null)
  61                         response.sendRedirect(redirectTo);
  62         }
  63
  64         protected <T> T extractFrom(Set<T> creds) {
  65                 if (creds.size() > 0)
  66                         return creds.iterator().next();
  67                 else
  68                         return null;
  69         }
  70
  71         protected String redirectTo(HttpServletRequest request) {
  72                 return null;
  73         }
  74 }