1 package org
.argeo
.cms
.integration
;
3 import java
.io
.IOException
;
6 import javax
.security
.auth
.Subject
;
7 import javax
.security
.auth
.callback
.Callback
;
8 import javax
.security
.auth
.callback
.UnsupportedCallbackException
;
9 import javax
.security
.auth
.login
.LoginContext
;
10 import javax
.security
.auth
.login
.LoginException
;
11 import javax
.servlet
.ServletException
;
12 import javax
.servlet
.http
.HttpServlet
;
13 import javax
.servlet
.http
.HttpServletRequest
;
14 import javax
.servlet
.http
.HttpServletResponse
;
16 import org
.argeo
.api
.NodeConstants
;
17 import org
.argeo
.cms
.auth
.CmsSessionId
;
18 import org
.argeo
.cms
.auth
.CurrentUser
;
19 import org
.argeo
.cms
.auth
.HttpRequestCallback
;
20 import org
.argeo
.cms
.auth
.HttpRequestCallbackHandler
;
22 /** Externally authenticate an http session. */
23 public class CmsLogoutServlet
extends HttpServlet
{
24 private static final long serialVersionUID
= 2478080654328751539L;
27 protected void doGet(HttpServletRequest request
, HttpServletResponse response
)
28 throws ServletException
, IOException
{
29 doPost(request
, response
);
33 protected void doPost(HttpServletRequest request
, HttpServletResponse response
)
34 throws ServletException
, IOException
{
35 LoginContext lc
= null;
37 lc
= new LoginContext(NodeConstants
.LOGIN_CONTEXT_USER
, new HttpRequestCallbackHandler(request
, response
) {
38 public void handle(Callback
[] callbacks
) throws IOException
, UnsupportedCallbackException
{
39 for (Callback callback
: callbacks
) {
40 if (callback
instanceof HttpRequestCallback
) {
41 ((HttpRequestCallback
) callback
).setRequest(request
);
42 ((HttpRequestCallback
) callback
).setResponse(response
);
49 Subject subject
= lc
.getSubject();
50 CmsSessionId cmsSessionId
= extractFrom(subject
.getPrivateCredentials(CmsSessionId
.class));
51 if (cmsSessionId
!= null) {// logged in
52 CurrentUser
.logoutCmsSession(subject
);
55 } catch (LoginException e
) {
59 String redirectTo
= redirectTo(request
);
60 if (redirectTo
!= null)
61 response
.sendRedirect(redirectTo
);
64 protected <T
> T
extractFrom(Set
<T
> creds
) {
66 return creds
.iterator().next();
71 protected String
redirectTo(HttpServletRequest request
) {