org.argeo.slc.cms/src/org/argeo/cms/integration/CmsLogoutServlet.java

   1 package org.argeo.cms.integration;
   2
   3 import java.io.IOException;
   4 import java.util.Set;
   5
   6 import javax.security.auth.Subject;
   7 import javax.security.auth.callback.Callback;
   8 import javax.security.auth.callback.UnsupportedCallbackException;
   9 import javax.security.auth.login.LoginContext;
  10 import javax.security.auth.login.LoginException;
  11 import javax.servlet.ServletException;
  12 import javax.servlet.http.HttpServlet;
  13 import javax.servlet.http.HttpServletRequest;
  14 import javax.servlet.http.HttpServletResponse;
  15
  16 import org.argeo.api.cms.CmsAuth;
  17 import org.argeo.api.cms.CmsSessionId;
  18 import org.argeo.cms.CurrentUser;
  19 import org.argeo.cms.auth.RemoteAuthCallback;
  20 import org.argeo.cms.auth.RemoteAuthCallbackHandler;
  21 import org.argeo.cms.servlet.ServletHttpRequest;
  22 import org.argeo.cms.servlet.ServletHttpResponse;
  23
  24 /** Externally authenticate an http session. */
  25 public class CmsLogoutServlet extends HttpServlet {
  26         private static final long serialVersionUID = 2478080654328751539L;
  27
  28         @Override
  29         protected void doGet(HttpServletRequest request, HttpServletResponse response)
  30                         throws ServletException, IOException {
  31                 doPost(request, response);
  32         }
  33
  34         @Override
  35         protected void doPost(HttpServletRequest request, HttpServletResponse response)
  36                         throws ServletException, IOException {
  37                 ServletHttpRequest httpRequest = new ServletHttpRequest(request);
  38                 ServletHttpResponse httpResponse = new ServletHttpResponse(response);
  39                 LoginContext lc = null;
  40                 try {
  41                         lc = new LoginContext(CmsAuth.LOGIN_CONTEXT_USER,
  42                                         new RemoteAuthCallbackHandler(httpRequest, httpResponse) {
  43                                                 public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
  44                                                         for (Callback callback : callbacks) {
  45                                                                 if (callback instanceof RemoteAuthCallback) {
  46                                                                         ((RemoteAuthCallback) callback).setRequest(httpRequest);
  47                                                                         ((RemoteAuthCallback) callback).setResponse(httpResponse);
  48                                                                 }
  49                                                         }
  50                                                 }
  51                                         });
  52                         lc.login();
  53
  54                         Subject subject = lc.getSubject();
  55                         CmsSessionId cmsSessionId = extractFrom(subject.getPrivateCredentials(CmsSessionId.class));
  56                         if (cmsSessionId != null) {// logged in
  57                                 CurrentUser.logoutCmsSession(subject);
  58                         }
  59
  60                 } catch (LoginException e) {
  61                         // ignore
  62                 }
  63
  64                 String redirectTo = redirectTo(request);
  65                 if (redirectTo != null)
  66                         response.sendRedirect(redirectTo);
  67         }
  68
  69         protected <T> T extractFrom(Set<T> creds) {
  70                 if (creds.size() > 0)
  71                         return creds.iterator().next();
  72                 else
  73                         return null;
  74         }
  75
  76         protected String redirectTo(HttpServletRequest request) {
  77                 return null;
  78         }
  79 }