From 5857589a44b4824f1baff184a909cdcf9fad42da Mon Sep 17 00:00:00 2001 From: "Marvin S. Addison" Date: Wed, 22 Sep 2010 18:28:43 +0000 Subject: [PATCH] CASC-33 Refactor logout valves for reduced code duplication. Improve logging. --- .../client/tomcat/AbstractLogoutHandler.java | 72 +++++++++++++++++++ .../cas/client/tomcat/LogoutHandler.java | 37 ++++++++++ .../client/tomcat/RegexUriLogoutHandler.java | 45 ++++++++++++ .../client/tomcat/StaticUriLogoutHandler.java | 45 ++++++++++++ .../client/tomcat/v6/AbstractLogoutValve.java | 58 +++------------ .../client/tomcat/v6/ProxyCallbackValve.java | 1 + .../tomcat/v6/RegExpBasedLogoutValve.java | 54 -------------- .../client/tomcat/v6/RegexUriLogoutValve.java | 48 +++++++++++++ .../tomcat/v6/StaticUriLogoutValve.java | 48 +++++++++++++ .../client/tomcat/v6/UrlBasedLogoutValve.java | 52 -------------- .../tomcat/v7/AbstractAuthenticator.java | 20 +++++- .../client/tomcat/v7/AbstractLogoutValve.java | 45 +++--------- .../tomcat/v7/Cas10CasAuthenticator.java | 6 ++ .../tomcat/v7/Cas20CasAuthenticator.java | 6 ++ .../tomcat/v7/Cas20ProxyCasAuthenticator.java | 6 ++ .../client/tomcat/v7/ProxyCallbackValve.java | 7 ++ .../tomcat/v7/RegExpBasedLogoutValve.java | 57 --------------- .../client/tomcat/v7/RegexUriLogoutValve.java | 46 ++++++++++++ .../client/tomcat/v7/Saml11Authenticator.java | 6 +- .../tomcat/v7/StaticUriLogoutValve.java | 46 ++++++++++++ .../client/tomcat/v7/UrlBasedLogoutValve.java | 60 ---------------- 21 files changed, 453 insertions(+), 312 deletions(-) create mode 100644 cas-client-integration-tomcat-common/src/main/java/org/jasig/cas/client/tomcat/AbstractLogoutHandler.java create mode 100644 cas-client-integration-tomcat-common/src/main/java/org/jasig/cas/client/tomcat/LogoutHandler.java create mode 100644 cas-client-integration-tomcat-common/src/main/java/org/jasig/cas/client/tomcat/RegexUriLogoutHandler.java create mode 100644 cas-client-integration-tomcat-common/src/main/java/org/jasig/cas/client/tomcat/StaticUriLogoutHandler.java delete mode 100644 cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/RegExpBasedLogoutValve.java create mode 100644 cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/RegexUriLogoutValve.java create mode 100644 cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/StaticUriLogoutValve.java delete mode 100644 cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/UrlBasedLogoutValve.java delete mode 100644 cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/RegExpBasedLogoutValve.java create mode 100644 cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/RegexUriLogoutValve.java create mode 100644 cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/StaticUriLogoutValve.java delete mode 100644 cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/UrlBasedLogoutValve.java diff --git a/cas-client-integration-tomcat-common/src/main/java/org/jasig/cas/client/tomcat/AbstractLogoutHandler.java b/cas-client-integration-tomcat-common/src/main/java/org/jasig/cas/client/tomcat/AbstractLogoutHandler.java new file mode 100644 index 0000000..f8b1fdc --- /dev/null +++ b/cas-client-integration-tomcat-common/src/main/java/org/jasig/cas/client/tomcat/AbstractLogoutHandler.java @@ -0,0 +1,72 @@ +/* + * Copyright 2010 The JA-SIG Collaborative. All rights reserved. See license + * distributed with this file and available online at + * http://www.ja-sig.org/products/cas/overview/license/index.html + */ +package org.jasig.cas.client.tomcat; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.jasig.cas.client.util.AbstractCasFilter; +import org.jasig.cas.client.validation.Assertion; + +/** + * Base class for all logout handlers. + * + * @author Marvin S. Addison + * @version $Revision$ + * + */ +public abstract class AbstractLogoutHandler implements LogoutHandler { + protected final Log log = LogFactory.getLog(getClass()); + + protected String redirectUrl; + + public void setRedirectUrl(final String redirectUrl) { + this.redirectUrl = redirectUrl; + } + + /** {@inheritDoc} */ + public void logout(final HttpServletRequest request, final HttpServletResponse response) { + this.log.debug("Processing logout request from CAS server."); + + Assertion assertion = null; + final HttpSession httpSession = request.getSession(false); + if (httpSession != null) { + assertion = (Assertion) httpSession.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION); + if (assertion != null) { + httpSession.removeAttribute(AbstractCasFilter.CONST_CAS_ASSERTION); + } + } + + if (assertion != null) { + this.log.info("Successfully logged out " + assertion.getPrincipal()); + } else { + this.log.info("Session already ended."); + } + + final String redirectUrl = constructRedirectUrl(request); + if (redirectUrl != null) { + try { + this.log.debug("Redirecting to " + redirectUrl); + response.sendRedirect(redirectUrl); + } catch (Exception e) { + this.log.error("Error redirecting to " + redirectUrl, e); + } + } + } + + /** + * Constructs a url to redirect to. + * + * @param request the original request. + * @return the url to redirect to. CAN be NULL. + */ + protected String constructRedirectUrl(final HttpServletRequest request) { + return redirectUrl; + } +} diff --git a/cas-client-integration-tomcat-common/src/main/java/org/jasig/cas/client/tomcat/LogoutHandler.java b/cas-client-integration-tomcat-common/src/main/java/org/jasig/cas/client/tomcat/LogoutHandler.java new file mode 100644 index 0000000..ef3ac1c --- /dev/null +++ b/cas-client-integration-tomcat-common/src/main/java/org/jasig/cas/client/tomcat/LogoutHandler.java @@ -0,0 +1,37 @@ +/* + * Copyright 2010 The JA-SIG Collaborative. All rights reserved. See license + * distributed with this file and available online at + * http://www.ja-sig.org/products/cas/overview/license/index.html + */ +package org.jasig.cas.client.tomcat; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * Strategy pattern interface for ending a CAS authentication session. + * + * @author Marvin S. Addison + * @version $Revision$ + * + */ +public interface LogoutHandler { + /** + * Determines whether the given request is a logout request. + * + * @param request HTTP request. + * + * @return True if request is a logout request, false otherwise. + */ + boolean isLogoutRequest(HttpServletRequest request); + + /** + * Ends the current authenticated user session bound to the given request. + * The response is provided to allow the handler to customize the response + * behavior on logout as needed. + * + * @param request HTTP request. + * @param response HTTP response. + */ + void logout(HttpServletRequest request, HttpServletResponse response); +} diff --git a/cas-client-integration-tomcat-common/src/main/java/org/jasig/cas/client/tomcat/RegexUriLogoutHandler.java b/cas-client-integration-tomcat-common/src/main/java/org/jasig/cas/client/tomcat/RegexUriLogoutHandler.java new file mode 100644 index 0000000..27986a9 --- /dev/null +++ b/cas-client-integration-tomcat-common/src/main/java/org/jasig/cas/client/tomcat/RegexUriLogoutHandler.java @@ -0,0 +1,45 @@ +/* + * Copyright 2010 The JA-SIG Collaborative. All rights reserved. See license + * distributed with this file and available online at + * http://www.ja-sig.org/products/cas/overview/license/index.html + */ +package org.jasig.cas.client.tomcat; + +import java.util.regex.Pattern; + +import javax.servlet.http.HttpServletRequest; + +import org.jasig.cas.client.util.CommonUtils; + +/** + * Performs CAS logout when the request URI matches a regular expression. + * + * @author Marvin S. Addison + * @version $Revision$ + * + */ +public class RegexUriLogoutHandler extends AbstractLogoutHandler { + private String logoutUriRegex; + + private Pattern logoutUriPattern; + + /** + * @param regex Logout URI regular expression. CANNOT be null. + */ + public void setLogoutUriRegex(final String regex) { + this.logoutUriRegex = regex; + } + + /** + * Initalializes the component for use. + */ + public void init() { + CommonUtils.assertNotNull(this.logoutUriRegex, "A logout URI regular expression is required."); + this.logoutUriPattern = Pattern.compile(this.logoutUriRegex); + } + + /** {@inheritDoc} */ + public boolean isLogoutRequest(final HttpServletRequest request) { + return this.logoutUriPattern.matcher(request.getRequestURI()).matches(); + } +} diff --git a/cas-client-integration-tomcat-common/src/main/java/org/jasig/cas/client/tomcat/StaticUriLogoutHandler.java b/cas-client-integration-tomcat-common/src/main/java/org/jasig/cas/client/tomcat/StaticUriLogoutHandler.java new file mode 100644 index 0000000..1b21f4a --- /dev/null +++ b/cas-client-integration-tomcat-common/src/main/java/org/jasig/cas/client/tomcat/StaticUriLogoutHandler.java @@ -0,0 +1,45 @@ +/* + * Copyright 2010 The JA-SIG Collaborative. All rights reserved. See license + * distributed with this file and available online at + * http://www.ja-sig.org/products/cas/overview/license/index.html + */ +package org.jasig.cas.client.tomcat; + +import javax.servlet.http.HttpServletRequest; + +import org.jasig.cas.client.util.CommonUtils; + +/** + * Performs CAS logout when the request URI matches a fixed context-relative + * URI. + * + * @author Marvin S. Addison + * @version $Revision$ + * + */ +public class StaticUriLogoutHandler extends AbstractLogoutHandler { + private String logoutUri; + + /** + * The logout URI to watch for logout requests. + * + * @param logoutUri Logout URI. CANNOT be null. MUST be relative and start with "/" + */ + public void setLogoutUri(final String logoutUri) { + this.logoutUri = logoutUri; + } + + /** + * Initalializes the component for use. + */ + public void init() { + CommonUtils.assertNotNull(this.logoutUri, "logoutUri cannot be null."); + CommonUtils.assertTrue(this.logoutUri.startsWith("/"), "logoutUri must start with \"/\""); + } + + /** {@inheritDoc} */ + public boolean isLogoutRequest(final HttpServletRequest request) { + return this.logoutUri.equals(request.getRequestURI()); + } + +} diff --git a/cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/AbstractLogoutValve.java b/cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/AbstractLogoutValve.java index 1bb37a3..2a7b9ee 100644 --- a/cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/AbstractLogoutValve.java +++ b/cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/AbstractLogoutValve.java @@ -7,11 +7,9 @@ package org.jasig.cas.client.tomcat.v6; import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; -import org.jasig.cas.client.util.AbstractCasFilter; -import org.jasig.cas.client.validation.Assertion; +import org.jasig.cas.client.tomcat.LogoutHandler; import javax.servlet.ServletException; -import javax.servlet.http.HttpSession; import java.io.IOException; /** @@ -19,62 +17,22 @@ import java.io.IOException; * from the session. * * @author Scott Battaglia + * @author Marvin S. Addison * @version $Revision$ $Date$ * @since 3.1.12 */ public abstract class AbstractLogoutValve extends AbstractLifecycleValve { - - protected String redirectUrl; - - public void setRedirectUrl(final String redirectUrl) { - this.redirectUrl = redirectUrl; - } - public final void invoke(final Request request, final Response response) throws IOException, ServletException { - if (!isLogoutRequest(request)) { + if (getLogoutHandler().isLogoutRequest(request)) { + getLogoutHandler().logout(request, response); + // Do not proceed up valve chain + return; + } else { this.log.debug("URI is not a logout request: " + request.getRequestURI()); getNext().invoke(request, response); - return; } - this.log.debug("Processing logout request from CAS server."); - - Assertion assertion = null; - final HttpSession httpSession = request.getSession(false); - if (httpSession != null) { - assertion = (Assertion) httpSession.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION); - if (assertion != null) { - httpSession.removeAttribute(AbstractCasFilter.CONST_CAS_ASSERTION); - } - } - - if (assertion != null) { - this.log.info("Successfully logged out " + assertion.getPrincipal()); - } else { - this.log.info("Session already ended."); - } - - final String redirectUrl = constructRedirectUrl(request); - if (redirectUrl != null) { - response.sendRedirect(redirectUrl); - } - } - - /** - * Constructs a url to redirect to. - * - * @param request the original request. - * @return the url to redirect to. CAN be NULL. - */ - protected String constructRedirectUrl(final Request request) { - return redirectUrl; } - /** - * Determines if this is a request to destroy the container-managed single sign on session. - * - * @param request the request. CANNOT be NULL. - * @return true if it is a logout request, false otherwise. - */ - protected abstract boolean isLogoutRequest(Request request); + protected abstract LogoutHandler getLogoutHandler(); } diff --git a/cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/ProxyCallbackValve.java b/cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/ProxyCallbackValve.java index 29183ff..439049f 100644 --- a/cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/ProxyCallbackValve.java +++ b/cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/ProxyCallbackValve.java @@ -63,6 +63,7 @@ public final class ProxyCallbackValve extends AbstractLifecycleValve { public void invoke(final Request request, final Response response) throws IOException, ServletException { if (this.proxyCallbackUrl.equals(request.getRequestURI())) { + this.log.debug("Processing proxy callback request."); CommonUtils.readAndRespondToProxyReceptorRequest(request, response, PROXY_GRANTING_TICKET_STORAGE); return; } diff --git a/cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/RegExpBasedLogoutValve.java b/cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/RegExpBasedLogoutValve.java deleted file mode 100644 index 4dee54b..0000000 --- a/cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/RegExpBasedLogoutValve.java +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright 2007 The JA-SIG Collaborative. All rights reserved. See license - * distributed with this file and available online at - * http://www.ja-sig.org/products/cas/overview/license/index.html - */ -package org.jasig.cas.client.tomcat.v6; - -import org.apache.catalina.LifecycleException; -import org.apache.catalina.connector.Request; -import org.jasig.cas.client.util.CommonUtils; - -import java.util.regex.Pattern; - -/** - * Matches a number of urls (based on the regular expression) for handling - * log out. - * - * @author Scott Battaglia - * @version $Revision$ $Date$ - * @since 3.1.12 - */ -public final class RegExpBasedLogoutValve extends AbstractLogoutValve { - private static final String NAME = RegExpBasedLogoutValve.class.getName(); - - private String regexpUri; - - private Pattern regexpUriPattern; - - public void setRegexpUri(final String regexpUri) { - this.regexpUri = regexpUri; - } - - public void start() throws LifecycleException { - super.start(); - - try { - CommonUtils.assertNotNull(this.regexpUri, "A Regular Expression must be provided."); - - this.regexpUriPattern = Pattern.compile(this.regexpUri); - } catch (final Exception e) { - throw new LifecycleException(e); - } - this.log.info("Startup completed."); - } - - protected boolean isLogoutRequest(final Request request) { - return this.regexpUriPattern.matcher(request.getRequestURI()).matches(); - } - - /** {@inheritDoc} */ - protected String getName() { - return NAME; - } -} diff --git a/cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/RegexUriLogoutValve.java b/cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/RegexUriLogoutValve.java new file mode 100644 index 0000000..cbb7bee --- /dev/null +++ b/cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/RegexUriLogoutValve.java @@ -0,0 +1,48 @@ +/* + * Copyright 2007 The JA-SIG Collaborative. All rights reserved. See license + * distributed with this file and available online at + * http://www.ja-sig.org/products/cas/overview/license/index.html + */ +package org.jasig.cas.client.tomcat.v6; + +import org.apache.catalina.LifecycleException; +import org.jasig.cas.client.tomcat.LogoutHandler; +import org.jasig.cas.client.tomcat.RegexUriLogoutHandler; + +/** + * Performs CAS logout when the request URI matches a regular expression. + * + * @author Scott Battaglia + * @author Marvin S. Addison + * @version $Revision$ $Date$ + * @since 3.1.12 + */ +public final class RegexUriLogoutValve extends AbstractLogoutValve { + private static final String NAME = RegexUriLogoutValve.class.getName(); + + private RegexUriLogoutHandler logoutHandler = new RegexUriLogoutHandler(); + + public void setRedirectUrl(final String redirectUrl) { + this.logoutHandler.setRedirectUrl(redirectUrl); + } + + public void setLogoutUriRegex(final String regex) { + this.logoutHandler.setLogoutUriRegex(regex); + } + + public void start() throws LifecycleException { + super.start(); + this.logoutHandler.init(); + this.log.info("Startup completed."); + } + + /** {@inheritDoc} */ + protected String getName() { + return NAME; + } + + /** {@inheritDoc} */ + protected LogoutHandler getLogoutHandler() { + return logoutHandler; + } +} diff --git a/cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/StaticUriLogoutValve.java b/cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/StaticUriLogoutValve.java new file mode 100644 index 0000000..75799dd --- /dev/null +++ b/cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/StaticUriLogoutValve.java @@ -0,0 +1,48 @@ +/* + * Copyright 2007 The JA-SIG Collaborative. All rights reserved. See license + * distributed with this file and available online at + * http://www.ja-sig.org/products/cas/overview/license/index.html + */ +package org.jasig.cas.client.tomcat.v6; + +import org.apache.catalina.LifecycleException; +import org.jasig.cas.client.tomcat.LogoutHandler; +import org.jasig.cas.client.tomcat.StaticUriLogoutHandler; + +/** + * Monitors a specific request URI for logout requests. + * + * @author Scott Battaglia + * @author Marvin S. Addison + * @version $Revision$ $Date$ + * @since 3.1.12 + */ +public final class StaticUriLogoutValve extends AbstractLogoutValve { + private static final String NAME = StaticUriLogoutValve.class.getName(); + + private StaticUriLogoutHandler logoutHandler = new StaticUriLogoutHandler(); + + public void setRedirectUrl(final String redirectUrl) { + this.logoutHandler.setRedirectUrl(redirectUrl); + } + + public void setLogoutUri(final String logoutUri) { + this.logoutHandler.setLogoutUri(logoutUri); + } + + public void start() throws LifecycleException { + super.start(); + this.logoutHandler.init(); + this.log.info("Startup completed."); + } + + /** {@inheritDoc} */ + protected String getName() { + return NAME; + } + + /** {@inheritDoc} */ + protected LogoutHandler getLogoutHandler() { + return logoutHandler; + } +} diff --git a/cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/UrlBasedLogoutValve.java b/cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/UrlBasedLogoutValve.java deleted file mode 100644 index 8b741bb..0000000 --- a/cas-client-integration-tomcat-v6/src/main/java/org/jasig/cas/client/tomcat/v6/UrlBasedLogoutValve.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright 2007 The JA-SIG Collaborative. All rights reserved. See license - * distributed with this file and available online at - * http://www.ja-sig.org/products/cas/overview/license/index.html - */ -package org.jasig.cas.client.tomcat.v6; - -import org.apache.catalina.LifecycleException; -import org.apache.catalina.connector.Request; -import org.jasig.cas.client.util.CommonUtils; - -/** - * Monitors a specific url for logout requests. - * - * @author Scott Battaglia - * @version $Revision$ $Date$ - * @since 3.1.12 - */ -public final class UrlBasedLogoutValve extends AbstractLogoutValve { - private static final String NAME = UrlBasedLogoutValve.class.getName(); - - private String logoutUri; - - /** - * The logout url to watch for logout requests. - * - * @param logoutUri the url. CANNOT be null. MUST be relative and start with "/" - */ - public void setLogoutUri(final String logoutUri) { - this.logoutUri = logoutUri; - } - - public void start() throws LifecycleException { - super.start(); - try { - CommonUtils.assertNotNull(this.logoutUri, "logoutUri cannot be null."); - CommonUtils.assertTrue(this.logoutUri.startsWith("/"), "logoutUri must start with \"/\""); - } catch (final IllegalArgumentException e) { - throw new LifecycleException(e); - } - this.log.info("Startup completed."); - } - - protected boolean isLogoutRequest(final Request request) { - return this.logoutUri.equals(request.getRequestURI()); - } - - /** {@inheritDoc} */ - protected String getName() { - return NAME; - } -} diff --git a/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/AbstractAuthenticator.java b/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/AbstractAuthenticator.java index 88d63e4..178efe6 100644 --- a/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/AbstractAuthenticator.java +++ b/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/AbstractAuthenticator.java @@ -8,6 +8,7 @@ package org.jasig.cas.client.tomcat.v7; import org.apache.catalina.LifecycleEvent; import org.apache.catalina.LifecycleException; import org.apache.catalina.LifecycleListener; +import org.apache.catalina.LifecycleState; import org.apache.catalina.Realm; import org.apache.catalina.authenticator.AuthenticatorBase; import org.apache.catalina.connector.Request; @@ -70,7 +71,7 @@ public abstract class AbstractAuthenticator extends AuthenticatorBase implements protected void startInternal() throws LifecycleException { super.startInternal(); - this.log.debug("Starting..."); + this.log.debug(getName() + " starting."); final Realm realm = this.context.getRealm(); try { CommonUtils.assertTrue(realm instanceof CasRealm, "Expected CasRealm but got " + realm.getInfo()); @@ -152,7 +153,7 @@ public abstract class AbstractAuthenticator extends AuthenticatorBase implements /** {@inheritDoc} */ public void lifecycleEvent(final LifecycleEvent event) { if (AFTER_START_EVENT.equals(event.getType())) { - this.log.debug("Processing lifecycle event " + AFTER_START_EVENT); + this.log.debug(getName() + " processing lifecycle event " + AFTER_START_EVENT); this.delegate.setTicketValidator(getTicketValidator()); this.delegate.setArtifactParameterName(getArtifactParameterName()); this.delegate.setServiceParameterName(getServiceParameterName()); @@ -161,6 +162,19 @@ public abstract class AbstractAuthenticator extends AuthenticatorBase implements /** {@inheritDoc} */ public String getInfo() { - return getClass().getName() + "/1.0"; + return getName() + "/1.0"; } + + /** {@inheritDoc} */ + protected synchronized void setState(LifecycleState state, Object data) { + super.setState(state, data); + if (LifecycleState.STARTED.equals(state)) { + this.log.info(getName() + " started."); + } + } + + /** + * @return Authenticator descriptive name. + */ + protected abstract String getName(); } diff --git a/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/AbstractLogoutValve.java b/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/AbstractLogoutValve.java index 3a6c7f0..71b779b 100644 --- a/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/AbstractLogoutValve.java +++ b/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/AbstractLogoutValve.java @@ -10,10 +10,9 @@ import org.apache.catalina.connector.Response; import org.apache.catalina.valves.ValveBase; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.jasig.cas.client.util.AbstractCasFilter; +import org.jasig.cas.client.tomcat.LogoutHandler; import javax.servlet.ServletException; -import javax.servlet.http.HttpSession; import java.io.IOException; /** @@ -21,47 +20,23 @@ import java.io.IOException; * from the session. * * @author Scott Battaglia + * @author Marvin S. Addison * @version $Revision$ $Date$ * @since 3.1.12 */ public abstract class AbstractLogoutValve extends ValveBase { - protected final Log log = LogFactory.getLog(getClass()); public final void invoke(final Request request, final Response response) throws IOException, ServletException { - - if (!isLogoutRequest(request)) { - log.debug("Current request URI [ " + request.getRequestURI() + "] is not a logout request."); - getNext().invoke(request, response); + if (getLogoutHandler().isLogoutRequest(request)) { + getLogoutHandler().logout(request, response); + // Do not proceed up valve chain return; - } - - final HttpSession httpSession = request.getSession(false); - - if (httpSession != null) { - httpSession.removeAttribute(AbstractCasFilter.CONST_CAS_ASSERTION); - } - - final String redirectUrl = constructRedirectUrl(request); - - if (redirectUrl != null) { - response.sendRedirect(redirectUrl); + } else { + this.log.debug("URI is not a logout request: " + request.getRequestURI()); + getNext().invoke(request, response); } } - - /** - * Determines if this is a request to destroy the container-managed single sign on session. - * - * @param request the request. CANNOT be NULL. - * @return true if it is a logout request, false otherwise. - */ - protected abstract boolean isLogoutRequest(Request request); - - /** - * Constructs a url to redirect to. - * - * @param request the original request. - * @return the url to redirect to. CAN be NULL. - */ - protected abstract String constructRedirectUrl(Request request); + + protected abstract LogoutHandler getLogoutHandler(); } diff --git a/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/Cas10CasAuthenticator.java b/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/Cas10CasAuthenticator.java index cc941af..e582a04 100644 --- a/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/Cas10CasAuthenticator.java +++ b/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/Cas10CasAuthenticator.java @@ -18,6 +18,8 @@ import org.jasig.cas.client.validation.TicketValidator; */ public final class Cas10CasAuthenticator extends AbstractCasAuthenticator { public static final String AUTH_METHOD = "CAS10"; + + private static final String NAME = Cas10CasAuthenticator.class.getName(); private Cas10TicketValidator ticketValidator; @@ -29,6 +31,10 @@ public final class Cas10CasAuthenticator extends AbstractCasAuthenticator { return AUTH_METHOD; } + protected String getName() { + return NAME; + } + protected void startInternal() throws LifecycleException { super.startInternal(); this.ticketValidator = new Cas10TicketValidator(getCasServerUrlPrefix()); diff --git a/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/Cas20CasAuthenticator.java b/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/Cas20CasAuthenticator.java index 051fb32..ecf3781 100644 --- a/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/Cas20CasAuthenticator.java +++ b/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/Cas20CasAuthenticator.java @@ -18,6 +18,8 @@ import org.jasig.cas.client.validation.TicketValidator; */ public final class Cas20CasAuthenticator extends AbstractCasAuthenticator { public static final String AUTH_METHOD = "CAS20"; + + private static final String NAME = Cas20CasAuthenticator.class.getName(); private Cas20ServiceTicketValidator ticketValidator; @@ -29,6 +31,10 @@ public final class Cas20CasAuthenticator extends AbstractCasAuthenticator { return AUTH_METHOD; } + protected String getName() { + return NAME; + } + protected void startInternal() throws LifecycleException { super.startInternal(); this.ticketValidator = new Cas20ServiceTicketValidator(getCasServerUrlPrefix()); diff --git a/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/Cas20ProxyCasAuthenticator.java b/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/Cas20ProxyCasAuthenticator.java index 7b8b618..00b537a 100644 --- a/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/Cas20ProxyCasAuthenticator.java +++ b/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/Cas20ProxyCasAuthenticator.java @@ -20,6 +20,8 @@ import org.jasig.cas.client.validation.TicketValidator; public final class Cas20ProxyCasAuthenticator extends AbstractCasAuthenticator { public static final String AUTH_METHOD = "CAS20-PROXY"; + private static final String NAME = Cas20ProxyCasAuthenticator.class.getName(); + private Cas20ProxyTicketValidator ticketValidator; private boolean acceptAnyProxy; @@ -42,6 +44,10 @@ public final class Cas20ProxyCasAuthenticator extends AbstractCasAuthenticator { return AUTH_METHOD; } + protected String getName() { + return NAME; + } + protected void startInternal() throws LifecycleException { super.startInternal(); this.ticketValidator = new Cas20ProxyTicketValidator(getCasServerUrlPrefix()); diff --git a/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/ProxyCallbackValve.java b/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/ProxyCallbackValve.java index 378bc2a..72eff06 100644 --- a/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/ProxyCallbackValve.java +++ b/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/ProxyCallbackValve.java @@ -9,6 +9,8 @@ import org.apache.catalina.LifecycleException; import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; import org.apache.catalina.valves.ValveBase; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.jasig.cas.client.proxy.ProxyGrantingTicketStorage; import org.jasig.cas.client.util.CommonUtils; @@ -29,6 +31,9 @@ import java.io.IOException; public final class ProxyCallbackValve extends ValveBase { private static ProxyGrantingTicketStorage PROXY_GRANTING_TICKET_STORAGE; + + /** Logger instance */ + private final Log log = LogFactory.getLog(getClass()); private String proxyGrantingTicketStorageClass; @@ -58,10 +63,12 @@ public final class ProxyCallbackValve extends ValveBase { } catch (final Exception e) { throw new LifecycleException(e); } + this.log.info("Startup completed."); } public void invoke(final Request request, final Response response) throws IOException, ServletException { if (this.proxyCallbackUrl.equals(request.getRequestURI())) { + this.log.debug("Processing proxy callback request."); CommonUtils.readAndRespondToProxyReceptorRequest(request, response, PROXY_GRANTING_TICKET_STORAGE); return; } diff --git a/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/RegExpBasedLogoutValve.java b/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/RegExpBasedLogoutValve.java deleted file mode 100644 index 27fba48..0000000 --- a/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/RegExpBasedLogoutValve.java +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright 2007 The JA-SIG Collaborative. All rights reserved. See license - * distributed with this file and available online at - * http://www.ja-sig.org/products/cas/overview/license/index.html - */ -package org.jasig.cas.client.tomcat.v7; - -import org.apache.catalina.LifecycleException; -import org.apache.catalina.connector.Request; -import org.jasig.cas.client.util.CommonUtils; - -import java.util.regex.Pattern; - -/** - * Matches a number of urls (based on the regular expression) for handling - * log out. - * - * @author Scott Battaglia - * @version $Revision$ $Date$ - * @since 3.1.12 - */ -public final class RegExpBasedLogoutValve extends AbstractLogoutValve { - - private String regexpUri; - - private Pattern regexpUriPattern; - - private String redirectUrl; - - public void setRegexpUri(final String regexpUri) { - this.regexpUri = regexpUri; - } - - public void setRedirectUrl(final String redirectUrl) { - this.redirectUrl = redirectUrl; - } - - protected void startInternal() throws LifecycleException { - super.startInternal(); - - try { - CommonUtils.assertNotNull(this.regexpUri, "A Regular Expression must be provided."); - - this.regexpUriPattern = Pattern.compile(this.regexpUri); - } catch (final Exception e) { - throw new LifecycleException(e); - } - } - - protected boolean isLogoutRequest(final Request request) { - return this.regexpUriPattern.matcher(request.getRequestURI()).matches(); - } - - protected String constructRedirectUrl(final Request request) { - return this.redirectUrl; - } -} diff --git a/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/RegexUriLogoutValve.java b/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/RegexUriLogoutValve.java new file mode 100644 index 0000000..c247433 --- /dev/null +++ b/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/RegexUriLogoutValve.java @@ -0,0 +1,46 @@ +/* + * Copyright 2007 The JA-SIG Collaborative. All rights reserved. See license + * distributed with this file and available online at + * http://www.ja-sig.org/products/cas/overview/license/index.html + */ +package org.jasig.cas.client.tomcat.v7; + +import org.apache.catalina.LifecycleException; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.jasig.cas.client.tomcat.LogoutHandler; +import org.jasig.cas.client.tomcat.RegexUriLogoutHandler; + +/** + * Performs CAS logout when the request URI matches a regular expression. + * + * @author Scott Battaglia + * @author Marvin S. Addison + * @version $Revision$ $Date$ + * @since 3.1.12 + */ +public final class RegexUriLogoutValve extends AbstractLogoutValve { + /** Logger instance */ + private final Log log = LogFactory.getLog(getClass()); + + private RegexUriLogoutHandler logoutHandler = new RegexUriLogoutHandler(); + + public void setRedirectUrl(final String redirectUrl) { + this.logoutHandler.setRedirectUrl(redirectUrl); + } + + public void setLogoutUriRegex(final String regex) { + this.logoutHandler.setLogoutUriRegex(regex); + } + + protected void startInternal() throws LifecycleException { + super.startInternal(); + this.logoutHandler.init(); + this.log.info("Startup completed."); + } + + /** {@inheritDoc} */ + protected LogoutHandler getLogoutHandler() { + return logoutHandler; + } +} diff --git a/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/Saml11Authenticator.java b/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/Saml11Authenticator.java index 60da7d3..0644d30 100644 --- a/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/Saml11Authenticator.java +++ b/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/Saml11Authenticator.java @@ -17,8 +17,9 @@ import org.jasig.cas.client.validation.TicketValidator; * */ public final class Saml11Authenticator extends AbstractAuthenticator { - public static final String AUTH_METHOD = "SAML11"; + + private static final String NAME = Saml11Authenticator.class.getName(); private Saml11TicketValidator ticketValidator; @@ -63,4 +64,7 @@ public final class Saml11Authenticator extends AbstractAuthenticator { return "TARGET"; } + protected String getName() { + return NAME; + } } diff --git a/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/StaticUriLogoutValve.java b/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/StaticUriLogoutValve.java new file mode 100644 index 0000000..456c54d --- /dev/null +++ b/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/StaticUriLogoutValve.java @@ -0,0 +1,46 @@ +/* + * Copyright 2007 The JA-SIG Collaborative. All rights reserved. See license + * distributed with this file and available online at + * http://www.ja-sig.org/products/cas/overview/license/index.html + */ +package org.jasig.cas.client.tomcat.v7; + +import org.apache.catalina.LifecycleException; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.jasig.cas.client.tomcat.LogoutHandler; +import org.jasig.cas.client.tomcat.StaticUriLogoutHandler; + +/** + * Monitors a specific request URI for logout requests. + * + * @author Scott Battaglia + * @author Marvin S. Addison + * @version $Revision$ $Date$ + * @since 3.1.12 + */ +public final class StaticUriLogoutValve extends AbstractLogoutValve { + /** Logger instance */ + private final Log log = LogFactory.getLog(getClass()); + + private StaticUriLogoutHandler logoutHandler = new StaticUriLogoutHandler(); + + public void setRedirectUrl(final String redirectUrl) { + this.logoutHandler.setRedirectUrl(redirectUrl); + } + + public void setLogoutUri(final String logoutUri) { + this.logoutHandler.setLogoutUri(logoutUri); + } + + protected void startInternal() throws LifecycleException { + super.startInternal(); + this.logoutHandler.init(); + this.log.info("Startup completed."); + } + + /** {@inheritDoc} */ + protected LogoutHandler getLogoutHandler() { + return logoutHandler; + } +} diff --git a/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/UrlBasedLogoutValve.java b/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/UrlBasedLogoutValve.java deleted file mode 100644 index 2108345..0000000 --- a/cas-client-integration-tomcat-v7/src/main/java/org/jasig/cas/client/tomcat/v7/UrlBasedLogoutValve.java +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright 2007 The JA-SIG Collaborative. All rights reserved. See license - * distributed with this file and available online at - * http://www.ja-sig.org/products/cas/overview/license/index.html - */ -package org.jasig.cas.client.tomcat.v7; - -import org.apache.catalina.LifecycleException; -import org.apache.catalina.connector.Request; -import org.jasig.cas.client.util.CommonUtils; - -/** - * Monitors a specific url for logout requests. - * - * @author Scott Battaglia - * @version $Revision$ $Date$ - * @since 3.1.12 - */ -public final class UrlBasedLogoutValve extends AbstractLogoutValve { - - private String logoutUri; - - private String redirectUrl; - - /** - * The logout url to watch for logout requests. - * - * @param logoutUri the url. CANNOT be null. MUST be relative and start with "/" - */ - public void setLogoutUri(final String logoutUri) { - this.logoutUri = logoutUri; - } - - /** - * Optional url to redirect to after logout is complete. - * - * @param redirectUrl the url. CAN be NULL. - */ - public void setRedirectUrl(final String redirectUrl) { - this.redirectUrl = redirectUrl; - } - - protected void startInternal() throws LifecycleException { - super.startInternal(); - try { - CommonUtils.assertNotNull(this.logoutUri, "logoutUri cannot be null."); - CommonUtils.assertTrue(this.logoutUri.startsWith("/"), "logoutUri must start with \"/\""); - } catch (final IllegalArgumentException e) { - throw new LifecycleException(e); - } - } - - protected boolean isLogoutRequest(final Request request) { - return this.logoutUri.equals(request.getRequestURI()); - } - - protected String constructRedirectUrl(final Request request) { - return redirectUrl; - } -}