View Javadoc
1   package org.argeo.cms.integration;
2   
3   import java.io.IOException;
4   import java.util.Set;
5   
6   import javax.security.auth.Subject;
7   import javax.security.auth.callback.Callback;
8   import javax.security.auth.callback.UnsupportedCallbackException;
9   import javax.security.auth.login.LoginContext;
10  import javax.security.auth.login.LoginException;
11  import javax.servlet.ServletException;
12  import javax.servlet.http.HttpServlet;
13  import javax.servlet.http.HttpServletRequest;
14  import javax.servlet.http.HttpServletResponse;
15  
16  import org.argeo.api.NodeConstants;
17  import org.argeo.cms.auth.CmsSessionId;
18  import org.argeo.cms.auth.CurrentUser;
19  import org.argeo.cms.auth.HttpRequestCallback;
20  import org.argeo.cms.auth.HttpRequestCallbackHandler;
21  
22  /** Externally authenticate an http session. */
23  public class CmsLogoutServlet extends HttpServlet {
24  	private static final long serialVersionUID = 2478080654328751539L;
25  
26  	@Override
27  	protected void doGet(HttpServletRequest request, HttpServletResponse response)
28  			throws ServletException, IOException {
29  		doPost(request, response);
30  	}
31  
32  	@Override
33  	protected void doPost(HttpServletRequest request, HttpServletResponse response)
34  			throws ServletException, IOException {
35  		LoginContext lc = null;
36  		try {
37  			lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request, response) {
38  				public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
39  					for (Callback callback : callbacks) {
40  						if (callback instanceof HttpRequestCallback) {
41  							((HttpRequestCallback) callback).setRequest(request);
42  							((HttpRequestCallback) callback).setResponse(response);
43  						}
44  					}
45  				}
46  			});
47  			lc.login();
48  
49  			Subject subject = lc.getSubject();
50  			CmsSessionId cmsSessionId = extractFrom(subject.getPrivateCredentials(CmsSessionId.class));
51  			if (cmsSessionId != null) {// logged in
52  				CurrentUser.logoutCmsSession(subject);
53  			}
54  
55  		} catch (LoginException e) {
56  			// ignore
57  		}
58  
59  		String redirectTo = redirectTo(request);
60  		if (redirectTo != null)
61  			response.sendRedirect(redirectTo);
62  	}
63  
64  	protected <T> T extractFrom(Set<T> creds) {
65  		if (creds.size() > 0)
66  			return creds.iterator().next();
67  		else
68  			return null;
69  	}
70  
71  	protected String redirectTo(HttpServletRequest request) {
72  		return null;
73  	}
74  }