1 package org
.argeo
.cms
.integration
;
3 import java
.io
.IOException
;
6 import javax
.security
.auth
.Subject
;
7 import javax
.security
.auth
.callback
.Callback
;
8 import javax
.security
.auth
.callback
.UnsupportedCallbackException
;
9 import javax
.security
.auth
.login
.LoginContext
;
10 import javax
.security
.auth
.login
.LoginException
;
11 import javax
.servlet
.ServletException
;
12 import javax
.servlet
.http
.HttpServlet
;
13 import javax
.servlet
.http
.HttpServletRequest
;
14 import javax
.servlet
.http
.HttpServletResponse
;
16 import org
.argeo
.api
.cms
.CmsAuth
;
17 import org
.argeo
.api
.cms
.CmsSessionId
;
18 import org
.argeo
.cms
.auth
.CurrentUser
;
19 import org
.argeo
.cms
.auth
.RemoteAuthCallback
;
20 import org
.argeo
.cms
.auth
.RemoteAuthCallbackHandler
;
21 import org
.argeo
.cms
.servlet
.ServletHttpRequest
;
22 import org
.argeo
.cms
.servlet
.ServletHttpResponse
;
24 /** Externally authenticate an http session. */
25 public class CmsLogoutServlet
extends HttpServlet
{
26 private static final long serialVersionUID
= 2478080654328751539L;
29 protected void doGet(HttpServletRequest request
, HttpServletResponse response
)
30 throws ServletException
, IOException
{
31 doPost(request
, response
);
35 protected void doPost(HttpServletRequest request
, HttpServletResponse response
)
36 throws ServletException
, IOException
{
37 ServletHttpRequest httpRequest
= new ServletHttpRequest(request
);
38 ServletHttpResponse httpResponse
= new ServletHttpResponse(response
);
39 LoginContext lc
= null;
41 lc
= new LoginContext(CmsAuth
.LOGIN_CONTEXT_USER
,
42 new RemoteAuthCallbackHandler(httpRequest
, httpResponse
) {
43 public void handle(Callback
[] callbacks
) throws IOException
, UnsupportedCallbackException
{
44 for (Callback callback
: callbacks
) {
45 if (callback
instanceof RemoteAuthCallback
) {
46 ((RemoteAuthCallback
) callback
).setRequest(httpRequest
);
47 ((RemoteAuthCallback
) callback
).setResponse(httpResponse
);
54 Subject subject
= lc
.getSubject();
55 CmsSessionId cmsSessionId
= extractFrom(subject
.getPrivateCredentials(CmsSessionId
.class));
56 if (cmsSessionId
!= null) {// logged in
57 CurrentUser
.logoutCmsSession(subject
);
60 } catch (LoginException e
) {
64 String redirectTo
= redirectTo(request
);
65 if (redirectTo
!= null)
66 response
.sendRedirect(redirectTo
);
69 protected <T
> T
extractFrom(Set
<T
> creds
) {
71 return creds
.iterator().next();
76 protected String
redirectTo(HttpServletRequest request
) {