|
1
|
|
|
package org.apereo.cas.support.pac4j.web.flow; |
|
2
|
|
|
|
|
3
|
|
|
import java.util.List; |
|
4
|
|
|
|
|
5
|
|
|
import javax.servlet.http.HttpServletRequest; |
|
6
|
|
|
import javax.servlet.http.HttpServletResponse; |
|
7
|
|
|
|
|
8
|
|
|
import org.apereo.cas.CentralAuthenticationService; |
|
9
|
|
|
import org.apereo.cas.configuration.model.core.logout.LogoutProperties; |
|
10
|
|
|
import org.apereo.cas.logout.LogoutRequest; |
|
11
|
|
|
import org.apereo.cas.web.flow.TerminateSessionAction; |
|
12
|
|
|
import org.apereo.cas.web.support.CookieRetrievingCookieGenerator; |
|
13
|
|
|
import org.apereo.cas.web.support.WebUtils; |
|
14
|
|
|
import org.slf4j.Logger; |
|
15
|
|
|
import org.slf4j.LoggerFactory; |
|
16
|
|
|
import org.springframework.webflow.action.EventFactorySupport; |
|
17
|
|
|
import org.springframework.webflow.execution.Event; |
|
18
|
|
|
import org.springframework.webflow.execution.RequestContext; |
|
19
|
|
|
|
|
20
|
|
|
import com.google.common.base.Throwables; |
|
21
|
|
|
|
|
22
|
|
|
|
|
23
|
|
|
/** |
|
24
|
|
|
* A light version of {@link TerminateSessionAction} that does NOT destroy the HTTP session, only destroys the TGT and cookies. |
|
25
|
|
|
* |
|
26
|
|
|
* It is assumed that the session itself will be terminated in {@link TerminateSessionFlowExecutionListener}. |
|
27
|
|
|
* |
|
28
|
|
|
* @author jkacer |
|
29
|
|
|
* |
|
30
|
|
|
* @see TerminateSessionFlowExecutionListener |
|
31
|
|
|
* |
|
32
|
|
|
* @since 5.2.0 |
|
33
|
|
|
*/ |
|
34
|
|
|
public class DestroyTgtAndCookiesAction extends TerminateSessionAction { |
|
35
|
|
|
|
|
36
|
|
|
private final Logger logger2 = LoggerFactory.getLogger(DestroyTgtAndCookiesAction.class); |
|
37
|
|
|
|
|
38
|
|
|
private final EventFactorySupport eventFactorySupport; |
|
39
|
|
|
private final CentralAuthenticationService centralAuthenticationService; |
|
40
|
|
|
private final CookieRetrievingCookieGenerator ticketGrantingTicketCookieGenerator; |
|
41
|
|
|
private final CookieRetrievingCookieGenerator warnCookieGenerator; |
|
42
|
|
|
|
|
43
|
|
|
|
|
44
|
|
|
public DestroyTgtAndCookiesAction( |
|
45
|
|
|
final CentralAuthenticationService centralAuthenticationService, |
|
46
|
|
|
final CookieRetrievingCookieGenerator tgtCookieGenerator, |
|
47
|
|
|
final CookieRetrievingCookieGenerator warnCookieGenerator, |
|
48
|
|
|
final LogoutProperties logoutProperties) { |
|
49
|
|
|
super(centralAuthenticationService, tgtCookieGenerator, warnCookieGenerator, logoutProperties); |
|
50
|
|
|
this.eventFactorySupport = new EventFactorySupport(); |
|
51
|
|
|
this.centralAuthenticationService = centralAuthenticationService; |
|
52
|
|
|
this.ticketGrantingTicketCookieGenerator = tgtCookieGenerator; |
|
53
|
|
|
this.warnCookieGenerator = warnCookieGenerator; |
|
54
|
|
|
} |
|
55
|
|
|
|
|
56
|
|
|
|
|
57
|
|
|
@Override |
|
58
|
|
|
public Event terminate(final RequestContext context) { |
|
59
|
|
|
// in login's webflow : we can get the value from context as it has already been stored |
|
60
|
|
|
try { |
|
61
|
|
|
final HttpServletRequest request = WebUtils.getHttpServletRequestFromExternalWebflowContext(context); |
|
62
|
|
|
final HttpServletResponse response = WebUtils.getHttpServletResponseFromExternalWebflowContext(context); |
|
63
|
|
|
|
|
64
|
|
|
String tgtId = WebUtils.getTicketGrantingTicketId(context); |
|
65
|
|
|
// for logout, we need to get the cookie's value |
|
66
|
|
|
if (tgtId == null) { |
|
67
|
|
|
tgtId = this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request); |
|
68
|
|
|
} |
|
69
|
|
|
if (tgtId != null) { |
|
70
|
|
|
logger2.debug("Destroying SSO session linked to ticket-granting ticket [{}]", tgtId); |
|
71
|
|
|
final List<LogoutRequest> logoutRequests = this.centralAuthenticationService.destroyTicketGrantingTicket(tgtId); |
|
72
|
|
|
WebUtils.putLogoutRequests(context, logoutRequests); |
|
73
|
|
|
} |
|
74
|
|
|
logger2.debug("Removing CAS cookies"); |
|
75
|
|
|
this.ticketGrantingTicketCookieGenerator.removeCookie(response); |
|
76
|
|
|
this.warnCookieGenerator.removeCookie(response); |
|
77
|
|
|
|
|
78
|
|
|
// Do NOT destroy the session here. Keep it. |
|
79
|
|
|
return this.eventFactorySupport.success(this); |
|
80
|
|
|
} catch (final Exception e) { |
|
81
|
|
|
throw Throwables.propagate(e); |
|
82
|
|
|
} |
|
83
|
|
|
} |
|
84
|
|
|
|
|
85
|
|
|
} |
|
86
|
|
|
|
apereo /
cas
