CASC-220: Support front channel SLO logout
specific front logout parameter + Tomcat valves update
This commit is contained in:
LELEU Jerome
parent
47f825871e
commit
9b33321cc2
|
|
@ -23,7 +23,6 @@ import javax.servlet.*;
|
|||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
import org.jasig.cas.client.util.AbstractConfigurationFilter;
|
||||
import org.jasig.cas.client.util.CommonUtils;
|
||||
|
||||
|
|
@ -38,25 +37,21 @@ public final class SingleSignOutFilter extends AbstractConfigurationFilter {
|
|||
|
||||
private static final SingleSignOutHandler handler = new SingleSignOutHandler();
|
||||
|
||||
/** The prefix url of the CAS server */
|
||||
private String casServerUrlPrefix;
|
||||
|
||||
/** Parameter name that stores the state of the CAS server webflow for the callback */
|
||||
private String relayStateParameterName = SingleSignOutHandler.DEFAULT_RELAY_STATE_PARAMETER_NAME;
|
||||
|
||||
public void init(final FilterConfig filterConfig) throws ServletException {
|
||||
if (!isIgnoreInitConfiguration()) {
|
||||
handler.setArtifactParameterName(getPropertyFromInitParams(filterConfig, "artifactParameterName",
|
||||
SingleSignOutHandler.DEFAULT_ARTIFACT_PARAMETER_NAME));
|
||||
handler.setLogoutParameterName(getPropertyFromInitParams(filterConfig, "logoutParameterName",
|
||||
SingleSignOutHandler.DEFAULT_LOGOUT_PARAMETER_NAME));
|
||||
setRelayStateParameterName(getPropertyFromInitParams(filterConfig, "relayStateParameterName",
|
||||
handler.setFrontLogoutParameterName(getPropertyFromInitParams(filterConfig, "frontLogoutParameterName",
|
||||
SingleSignOutHandler.DEFAULT_FRONT_LOGOUT_PARAMETER_NAME));
|
||||
handler.setRelayStateParameterName(getPropertyFromInitParams(filterConfig, "relayStateParameterName",
|
||||
SingleSignOutHandler.DEFAULT_RELAY_STATE_PARAMETER_NAME));
|
||||
handler.setCasServerUrlPrefix(getPropertyFromInitParams(filterConfig, "casServerUrlPrefix", null));
|
||||
handler.setArtifactParameterOverPost(parseBoolean(getPropertyFromInitParams(filterConfig,
|
||||
"artifactParameterOverPost", "false")));
|
||||
handler.setEagerlyCreateSessions(parseBoolean(getPropertyFromInitParams(filterConfig,
|
||||
"eagerlyCreateSessions", "true")));
|
||||
setCasServerUrlPrefix(getPropertyFromInitParams(filterConfig, "casServerUrlPrefix", null));
|
||||
}
|
||||
handler.init();
|
||||
}
|
||||
|
|
@ -69,20 +64,22 @@ public final class SingleSignOutFilter extends AbstractConfigurationFilter {
|
|||
handler.setLogoutParameterName(name);
|
||||
}
|
||||
|
||||
public void setFrontLogoutParameterName(final String name) {
|
||||
handler.setFrontLogoutParameterName(name);
|
||||
}
|
||||
|
||||
public void setRelayStateParameterName(final String name) {
|
||||
this.relayStateParameterName = name;
|
||||
handler.setRelayStateParameterName(name);
|
||||
}
|
||||
|
||||
public void setCasServerUrlPrefix(final String casServerUrlPrefix) {
|
||||
handler.setCasServerUrlPrefix(casServerUrlPrefix);
|
||||
}
|
||||
|
||||
public void setSessionMappingStorage(final SessionMappingStorage storage) {
|
||||
handler.setSessionMappingStorage(storage);
|
||||
}
|
||||
|
||||
public void setCasServerUrlPrefix(final String casServerUrlPrefix) {
|
||||
CommonUtils.assertNotNull(casServerUrlPrefix, "casServerUrlPrefix cannot be null.");
|
||||
this.casServerUrlPrefix = casServerUrlPrefix;
|
||||
}
|
||||
|
||||
public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse,
|
||||
final FilterChain filterChain) throws IOException, ServletException {
|
||||
final HttpServletRequest request = (HttpServletRequest) servletRequest;
|
||||
|
|
@ -96,22 +93,10 @@ public final class SingleSignOutFilter extends AbstractConfigurationFilter {
|
|||
return;
|
||||
} else if (handler.isFrontChannelLogoutRequest(request)) {
|
||||
handler.destroySession(request);
|
||||
// relay state value
|
||||
final String relayStateValue = CommonUtils.safeGetParameter(request, this.relayStateParameterName);
|
||||
// if we have a state value -> redirect to the CAS server to continue the logout process
|
||||
if (StringUtils.isNotBlank(relayStateValue)) {
|
||||
final StringBuffer buffer = new StringBuffer();
|
||||
buffer.append(casServerUrlPrefix);
|
||||
if (!this.casServerUrlPrefix.endsWith("/")) {
|
||||
buffer.append("/");
|
||||
}
|
||||
buffer.append("logout?_eventId=next&");
|
||||
buffer.append(this.relayStateParameterName);
|
||||
buffer.append("=");
|
||||
buffer.append(CommonUtils.urlEncode(relayStateValue));
|
||||
final String redirectUrl = buffer.toString();
|
||||
logger.debug("Redirecting back to the CAS server: {}", redirectUrl);
|
||||
CommonUtils.sendRedirect(response, redirectUrl);
|
||||
// redirection url to the CAS server
|
||||
final String redirectionUrl = handler.computeRedirectionToServer(request);
|
||||
if (redirectionUrl != null) {
|
||||
CommonUtils.sendRedirect(response, redirectionUrl);
|
||||
}
|
||||
return;
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletRequest;
|
|||
import javax.servlet.http.HttpSession;
|
||||
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
import org.jasig.cas.client.util.CommonUtils;
|
||||
import org.jasig.cas.client.util.XmlUtils;
|
||||
import org.slf4j.Logger;
|
||||
|
|
@ -46,6 +47,7 @@ public final class SingleSignOutHandler {
|
|||
|
||||
public final static String DEFAULT_ARTIFACT_PARAMETER_NAME = "ticket";
|
||||
public final static String DEFAULT_LOGOUT_PARAMETER_NAME = "logoutRequest";
|
||||
public final static String DEFAULT_FRONT_LOGOUT_PARAMETER_NAME = "SAMLRequest";
|
||||
public final static String DEFAULT_RELAY_STATE_PARAMETER_NAME = "RelayState";
|
||||
|
||||
/** Logger instance */
|
||||
|
|
@ -57,12 +59,18 @@ public final class SingleSignOutHandler {
|
|||
/** The name of the artifact parameter. This is used to capture the session identifier. */
|
||||
private String artifactParameterName = DEFAULT_ARTIFACT_PARAMETER_NAME;
|
||||
|
||||
/** Parameter name that stores logout request */
|
||||
/** Parameter name that stores logout request for back channel SLO */
|
||||
private String logoutParameterName = DEFAULT_LOGOUT_PARAMETER_NAME;
|
||||
|
||||
/** Parameter name that stores logout request for front channel SLO */
|
||||
private String frontLogoutParameterName = DEFAULT_FRONT_LOGOUT_PARAMETER_NAME;
|
||||
|
||||
/** Parameter name that stores the state of the CAS server webflow for the callback */
|
||||
private String relayStateParameterName = DEFAULT_RELAY_STATE_PARAMETER_NAME;
|
||||
|
||||
/** The prefix url of the CAS server */
|
||||
private String casServerUrlPrefix;
|
||||
|
||||
private boolean artifactParameterOverPost = false;
|
||||
|
||||
private boolean eagerlyCreateSessions = true;
|
||||
|
|
@ -89,12 +97,26 @@ public final class SingleSignOutHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param name Name of parameter containing CAS logout request message.
|
||||
* @param name Name of parameter containing CAS logout request message for back channel SLO.
|
||||
*/
|
||||
public void setLogoutParameterName(final String name) {
|
||||
this.logoutParameterName = name;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param casServerUrlPrefix The prefix url of the CAS server.
|
||||
*/
|
||||
public void setCasServerUrlPrefix(final String casServerUrlPrefix) {
|
||||
this.casServerUrlPrefix = casServerUrlPrefix;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param name Name of parameter containing CAS logout request message for front channel SLO.
|
||||
*/
|
||||
public void setFrontLogoutParameterName(final String name) {
|
||||
this.frontLogoutParameterName = name;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param name Name of parameter containing the state of the CAS server webflow.
|
||||
*/
|
||||
|
|
@ -112,8 +134,10 @@ public final class SingleSignOutHandler {
|
|||
public void init() {
|
||||
CommonUtils.assertNotNull(this.artifactParameterName, "artifactParameterName cannot be null.");
|
||||
CommonUtils.assertNotNull(this.logoutParameterName, "logoutParameterName cannot be null.");
|
||||
CommonUtils.assertNotNull(this.frontLogoutParameterName, "frontLogoutParameterName cannot be null.");
|
||||
CommonUtils.assertNotNull(this.sessionMappingStorage, "sessionMappingStorage cannot be null.");
|
||||
CommonUtils.assertNotNull(this.relayStateParameterName, "relayStateParameterName cannot be null.");
|
||||
CommonUtils.assertNotNull(this.casServerUrlPrefix, "casServerUrlPrefix cannot be null.");
|
||||
|
||||
if (this.artifactParameterOverPost) {
|
||||
this.safeParameters = Arrays.asList(this.logoutParameterName, this.artifactParameterName);
|
||||
|
|
@ -157,7 +181,7 @@ public final class SingleSignOutHandler {
|
|||
*/
|
||||
public boolean isFrontChannelLogoutRequest(final HttpServletRequest request) {
|
||||
return "GET".equals(request.getMethod())
|
||||
&& CommonUtils.isNotBlank(CommonUtils.safeGetParameter(request, this.logoutParameterName));
|
||||
&& CommonUtils.isNotBlank(CommonUtils.safeGetParameter(request, this.frontLogoutParameterName));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -220,11 +244,13 @@ public final class SingleSignOutHandler {
|
|||
* @param request HTTP request containing a CAS logout message.
|
||||
*/
|
||||
public void destroySession(final HttpServletRequest request) {
|
||||
String logoutMessage = CommonUtils.safeGetParameter(request, this.logoutParameterName,
|
||||
this.safeParameters);
|
||||
// front channel request -> the message needs to be base64 decoded + decompressed
|
||||
String logoutMessage;
|
||||
// front channel logout -> the message needs to be base64 decoded + decompressed
|
||||
if ("GET".equals(request.getMethod())) {
|
||||
logoutMessage = uncompressLogoutMessage(logoutMessage);
|
||||
logoutMessage = uncompressLogoutMessage(CommonUtils.safeGetParameter(request,
|
||||
this.frontLogoutParameterName));
|
||||
} else {
|
||||
logoutMessage = CommonUtils.safeGetParameter(request, this.logoutParameterName, this.safeParameters);
|
||||
}
|
||||
logger.trace("Logout request:\n{}", logoutMessage);
|
||||
|
||||
|
|
@ -251,6 +277,34 @@ public final class SingleSignOutHandler {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Compute the redirection url to the CAS server when it's a front channel SLO
|
||||
* (depending on the relay state parameter).
|
||||
*
|
||||
* @param request The HTTP request.
|
||||
* @return the redirection url to the CAS server.
|
||||
*/
|
||||
public String computeRedirectionToServer(final HttpServletRequest request) {
|
||||
// relay state value
|
||||
final String relayStateValue = CommonUtils.safeGetParameter(request, this.relayStateParameterName);
|
||||
// if we have a state value -> redirect to the CAS server to continue the logout process
|
||||
if (StringUtils.isNotBlank(relayStateValue)) {
|
||||
final StringBuffer buffer = new StringBuffer();
|
||||
buffer.append(casServerUrlPrefix);
|
||||
if (!this.casServerUrlPrefix.endsWith("/")) {
|
||||
buffer.append("/");
|
||||
}
|
||||
buffer.append("logout?_eventId=next&");
|
||||
buffer.append(this.relayStateParameterName);
|
||||
buffer.append("=");
|
||||
buffer.append(CommonUtils.urlEncode(relayStateValue));
|
||||
final String redirectUrl = buffer.toString();
|
||||
logger.debug("Redirection url to the CAS server: {}", redirectUrl);
|
||||
return redirectUrl;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
private boolean isMultipartRequest(final HttpServletRequest request) {
|
||||
return request.getContentType() != null && request.getContentType().toLowerCase().startsWith("multipart");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,12 +19,12 @@ public final class LogoutMessageGenerator {
|
|||
+ "IssueInstant=\"\"><saml:NameID xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">@NOT_USED@"
|
||||
+ "</saml:NameID><samlp:SessionIndex>%s</samlp:SessionIndex></samlp:LogoutRequest>";
|
||||
|
||||
public static String generateLogoutMessage(String sessionIndex) {
|
||||
public static String generateBackChannelLogoutMessage(String sessionIndex) {
|
||||
return String.format(LOGOUT_REQUEST_TEMPLATE, sessionIndex);
|
||||
}
|
||||
|
||||
public static String generateCompressedLogoutMessage(String sessionIndex) {
|
||||
final String logoutMessage = generateLogoutMessage(sessionIndex);
|
||||
public static String generateFrontChannelLogoutMessage(String sessionIndex) {
|
||||
final String logoutMessage = generateBackChannelLogoutMessage(sessionIndex);
|
||||
final Deflater deflater = new Deflater();
|
||||
deflater.setInput(logoutMessage.getBytes(Charset.forName("ASCII")));
|
||||
deflater.finish();
|
||||
|
|
|
|||
|
|
@ -79,7 +79,8 @@ public class SingleSignOutFilterTests {
|
|||
|
||||
@Test
|
||||
public void backChannelRequest() throws IOException, ServletException {
|
||||
request.setParameter(SingleSignOutHandler.DEFAULT_LOGOUT_PARAMETER_NAME, LogoutMessageGenerator.generateLogoutMessage(TICKET));
|
||||
request.setParameter(SingleSignOutHandler.DEFAULT_LOGOUT_PARAMETER_NAME,
|
||||
LogoutMessageGenerator.generateBackChannelLogoutMessage(TICKET));
|
||||
request.setMethod("POST");
|
||||
final MockHttpSession session = new MockHttpSession();
|
||||
SingleSignOutFilter.getSingleSignOutHandler().getSessionMappingStorage().addSessionById(TICKET, session);
|
||||
|
|
@ -89,9 +90,9 @@ public class SingleSignOutFilterTests {
|
|||
|
||||
@Test
|
||||
public void frontChannelRequest() throws IOException, ServletException {
|
||||
final String logoutMessage = LogoutMessageGenerator.generateCompressedLogoutMessage(TICKET);
|
||||
request.setParameter(SingleSignOutHandler.DEFAULT_LOGOUT_PARAMETER_NAME, logoutMessage);
|
||||
request.setQueryString(SingleSignOutHandler.DEFAULT_LOGOUT_PARAMETER_NAME + "=" + logoutMessage);
|
||||
final String logoutMessage = LogoutMessageGenerator.generateFrontChannelLogoutMessage(TICKET);
|
||||
request.setParameter(SingleSignOutHandler.DEFAULT_FRONT_LOGOUT_PARAMETER_NAME, logoutMessage);
|
||||
request.setQueryString(SingleSignOutHandler.DEFAULT_FRONT_LOGOUT_PARAMETER_NAME + "=" + logoutMessage);
|
||||
request.setMethod("GET");
|
||||
final MockHttpSession session = new MockHttpSession();
|
||||
SingleSignOutFilter.getSingleSignOutHandler().getSessionMappingStorage().addSessionById(TICKET, session);
|
||||
|
|
@ -102,10 +103,10 @@ public class SingleSignOutFilterTests {
|
|||
|
||||
@Test
|
||||
public void frontChannelRequestRelayState() throws IOException, ServletException {
|
||||
final String logoutMessage = LogoutMessageGenerator.generateCompressedLogoutMessage(TICKET);
|
||||
request.setParameter(SingleSignOutHandler.DEFAULT_LOGOUT_PARAMETER_NAME, logoutMessage);
|
||||
final String logoutMessage = LogoutMessageGenerator.generateFrontChannelLogoutMessage(TICKET);
|
||||
request.setParameter(SingleSignOutHandler.DEFAULT_FRONT_LOGOUT_PARAMETER_NAME, logoutMessage);
|
||||
request.setParameter(SingleSignOutHandler.DEFAULT_RELAY_STATE_PARAMETER_NAME, RELAY_STATE);
|
||||
request.setQueryString(SingleSignOutHandler.DEFAULT_LOGOUT_PARAMETER_NAME + "=" + logoutMessage + "&" +
|
||||
request.setQueryString(SingleSignOutHandler.DEFAULT_FRONT_LOGOUT_PARAMETER_NAME + "=" + logoutMessage + "&" +
|
||||
SingleSignOutHandler.DEFAULT_RELAY_STATE_PARAMETER_NAME + "=" + RELAY_STATE);
|
||||
request.setMethod("GET");
|
||||
final MockHttpSession session = new MockHttpSession();
|
||||
|
|
|
|||
|
|
@ -37,15 +37,23 @@ public final class SingleSignOutHandlerTests {
|
|||
|
||||
private final static String ANOTHER_PARAMETER = "anotherParameter";
|
||||
private final static String TICKET = "ST-xxxxxxxx";
|
||||
private final static String URL = "http://mycasserver";
|
||||
|
||||
private SingleSignOutHandler handler;
|
||||
private MockHttpServletRequest request;
|
||||
private final static String logoutParameterName = "logoutRequest";
|
||||
private final static String logoutParameterName = "logoutRequest2";
|
||||
private final static String frontLogoutParameterName = "SAMLRequest2";
|
||||
private final static String relayStateParameterName = "RelayState2";
|
||||
private final static String artifactParameterName = "ticket2";
|
||||
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
handler = new SingleSignOutHandler();
|
||||
handler.setLogoutParameterName(logoutParameterName);
|
||||
handler.setFrontLogoutParameterName(frontLogoutParameterName);
|
||||
handler.setRelayStateParameterName(relayStateParameterName);
|
||||
handler.setArtifactParameterName(artifactParameterName);
|
||||
handler.setCasServerUrlPrefix(URL);
|
||||
handler.init();
|
||||
request = new MockHttpServletRequest();
|
||||
}
|
||||
|
|
@ -74,9 +82,9 @@ public final class SingleSignOutHandlerTests {
|
|||
|
||||
@Test
|
||||
public void isFrontChannelLogoutRequest() {
|
||||
request.setParameter(logoutParameterName, TICKET);
|
||||
request.setParameter(frontLogoutParameterName, TICKET);
|
||||
request.setMethod("GET");
|
||||
request.setQueryString(logoutParameterName + "=" + TICKET);
|
||||
request.setQueryString(frontLogoutParameterName + "=" + TICKET);
|
||||
|
||||
assertTrue(handler.isFrontChannelLogoutRequest(request));
|
||||
}
|
||||
|
|
@ -94,8 +102,8 @@ public final class SingleSignOutHandlerTests {
|
|||
public void recordSessionKOIfNoSession() {
|
||||
handler.setEagerlyCreateSessions(false);
|
||||
request.setSession(null);
|
||||
request.setParameter(SingleSignOutHandler.DEFAULT_ARTIFACT_PARAMETER_NAME, TICKET);
|
||||
request.setQueryString(SingleSignOutHandler.DEFAULT_ARTIFACT_PARAMETER_NAME + "=" + TICKET);
|
||||
request.setParameter(artifactParameterName, TICKET);
|
||||
request.setQueryString(artifactParameterName + "=" + TICKET);
|
||||
handler.recordSession(request);
|
||||
final SessionMappingStorage storage = handler.getSessionMappingStorage();
|
||||
assertNull(storage.removeSessionByMappingId(TICKET));
|
||||
|
|
@ -105,8 +113,8 @@ public final class SingleSignOutHandlerTests {
|
|||
public void recordSessionOK() {
|
||||
final MockHttpSession session = new MockHttpSession();
|
||||
request.setSession(session);
|
||||
request.setParameter(SingleSignOutHandler.DEFAULT_ARTIFACT_PARAMETER_NAME, TICKET);
|
||||
request.setQueryString(SingleSignOutHandler.DEFAULT_ARTIFACT_PARAMETER_NAME + "=" + TICKET);
|
||||
request.setParameter(artifactParameterName, TICKET);
|
||||
request.setQueryString(artifactParameterName + "=" + TICKET);
|
||||
handler.recordSession(request);
|
||||
final SessionMappingStorage storage = handler.getSessionMappingStorage();
|
||||
assertEquals(session, storage.removeSessionByMappingId(TICKET));
|
||||
|
|
@ -114,7 +122,7 @@ public final class SingleSignOutHandlerTests {
|
|||
|
||||
@Test
|
||||
public void destorySessionPOSTKONoSessionIndex() {
|
||||
final String logoutMessage = LogoutMessageGenerator.generateLogoutMessage("");
|
||||
final String logoutMessage = LogoutMessageGenerator.generateBackChannelLogoutMessage("");
|
||||
request.setParameter(logoutParameterName, logoutMessage);
|
||||
request.setMethod("POST");
|
||||
final MockHttpSession session = new MockHttpSession();
|
||||
|
|
@ -125,7 +133,7 @@ public final class SingleSignOutHandlerTests {
|
|||
|
||||
@Test
|
||||
public void destorySessionPOST() {
|
||||
final String logoutMessage = LogoutMessageGenerator.generateLogoutMessage(TICKET);
|
||||
final String logoutMessage = LogoutMessageGenerator.generateBackChannelLogoutMessage(TICKET);
|
||||
request.setParameter(logoutParameterName, logoutMessage);
|
||||
request.setMethod("POST");
|
||||
final MockHttpSession session = new MockHttpSession();
|
||||
|
|
@ -136,9 +144,9 @@ public final class SingleSignOutHandlerTests {
|
|||
|
||||
@Test
|
||||
public void destorySessionGETNoSessionIndex() {
|
||||
final String logoutMessage = LogoutMessageGenerator.generateCompressedLogoutMessage("");
|
||||
request.setParameter(logoutParameterName, logoutMessage);
|
||||
request.setQueryString(logoutParameterName + "=" + logoutMessage);
|
||||
final String logoutMessage = LogoutMessageGenerator.generateFrontChannelLogoutMessage("");
|
||||
request.setParameter(frontLogoutParameterName, logoutMessage);
|
||||
request.setQueryString(frontLogoutParameterName + "=" + logoutMessage);
|
||||
request.setMethod("GET");
|
||||
final MockHttpSession session = new MockHttpSession();
|
||||
handler.getSessionMappingStorage().addSessionById(TICKET, session);
|
||||
|
|
@ -148,13 +156,26 @@ public final class SingleSignOutHandlerTests {
|
|||
|
||||
@Test
|
||||
public void destorySessionGET() {
|
||||
final String logoutMessage = LogoutMessageGenerator.generateCompressedLogoutMessage(TICKET);
|
||||
request.setParameter(logoutParameterName, logoutMessage);
|
||||
request.setQueryString(logoutParameterName + "=" + logoutMessage);
|
||||
final String logoutMessage = LogoutMessageGenerator.generateFrontChannelLogoutMessage(TICKET);
|
||||
request.setParameter(frontLogoutParameterName, logoutMessage);
|
||||
request.setQueryString(frontLogoutParameterName + "=" + logoutMessage);
|
||||
request.setMethod("GET");
|
||||
final MockHttpSession session = new MockHttpSession();
|
||||
handler.getSessionMappingStorage().addSessionById(TICKET, session);
|
||||
handler.destroySession(request);
|
||||
assertTrue(session.isInvalid());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void computeRedirectionNoRelayState() {
|
||||
assertNull(handler.computeRedirectionToServer(request));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void computeRedirection() {
|
||||
request.setParameter(relayStateParameterName, TICKET);
|
||||
request.setQueryString(relayStateParameterName + "=" + TICKET);
|
||||
assertEquals(URL + "/logout?_eventId=next&" + relayStateParameterName + "=" + TICKET,
|
||||
handler.computeRedirectionToServer(request));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ import org.apache.catalina.connector.Request;
|
|||
import org.apache.catalina.connector.Response;
|
||||
import org.jasig.cas.client.session.SessionMappingStorage;
|
||||
import org.jasig.cas.client.session.SingleSignOutHandler;
|
||||
import org.jasig.cas.client.util.CommonUtils;
|
||||
|
||||
/**
|
||||
* Handles logout request messages sent from the CAS server by ending the current
|
||||
|
|
@ -52,6 +53,18 @@ public class SingleSignOutValve extends AbstractLifecycleValve implements Sessio
|
|||
handler.setLogoutParameterName(name);
|
||||
}
|
||||
|
||||
public void setFrontLogoutParameterName(final String name) {
|
||||
handler.setFrontLogoutParameterName(name);
|
||||
}
|
||||
|
||||
public void setRelayStateParameterName(final String name) {
|
||||
handler.setRelayStateParameterName(name);
|
||||
}
|
||||
|
||||
public void setCasServerUrlPrefix(final String casServerUrlPrefix) {
|
||||
handler.setCasServerUrlPrefix(casServerUrlPrefix);
|
||||
}
|
||||
|
||||
public void setSessionMappingStorage(final SessionMappingStorage storage) {
|
||||
handler.setSessionMappingStorage(storage);
|
||||
}
|
||||
|
|
@ -68,10 +81,18 @@ public class SingleSignOutValve extends AbstractLifecycleValve implements Sessio
|
|||
if (this.handler.isTokenRequest(request)) {
|
||||
this.handler.recordSession(request);
|
||||
request.getSessionInternal(true).addSessionListener(this);
|
||||
} else if (this.handler.isLogoutRequest(request)) {
|
||||
} else if (this.handler.isBackChannelLogoutRequest(request)) {
|
||||
this.handler.destroySession(request);
|
||||
// Do not proceed up valve chain
|
||||
return;
|
||||
} else if (this.handler.isFrontChannelLogoutRequest(request)) {
|
||||
this.handler.destroySession(request);
|
||||
// redirection url to the CAS server
|
||||
final String redirectionUrl = handler.computeRedirectionToServer(request);
|
||||
if (redirectionUrl != null) {
|
||||
CommonUtils.sendRedirect(response, redirectionUrl);
|
||||
}
|
||||
return;
|
||||
} else {
|
||||
logger.debug("Ignoring URI {}", request.getRequestURI());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ import org.apache.catalina.connector.Response;
|
|||
import org.apache.catalina.valves.ValveBase;
|
||||
import org.jasig.cas.client.session.SessionMappingStorage;
|
||||
import org.jasig.cas.client.session.SingleSignOutHandler;
|
||||
import org.jasig.cas.client.util.CommonUtils;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
|
|
@ -56,6 +57,18 @@ public class SingleSignOutValve extends ValveBase implements SessionListener {
|
|||
handler.setLogoutParameterName(name);
|
||||
}
|
||||
|
||||
public void setFrontLogoutParameterName(final String name) {
|
||||
handler.setFrontLogoutParameterName(name);
|
||||
}
|
||||
|
||||
public void setRelayStateParameterName(final String name) {
|
||||
handler.setRelayStateParameterName(name);
|
||||
}
|
||||
|
||||
public void setCasServerUrlPrefix(final String casServerUrlPrefix) {
|
||||
handler.setCasServerUrlPrefix(casServerUrlPrefix);
|
||||
}
|
||||
|
||||
public void setSessionMappingStorage(final SessionMappingStorage storage) {
|
||||
handler.setSessionMappingStorage(storage);
|
||||
}
|
||||
|
|
@ -65,10 +78,18 @@ public class SingleSignOutValve extends ValveBase implements SessionListener {
|
|||
if (this.handler.isTokenRequest(request)) {
|
||||
this.handler.recordSession(request);
|
||||
request.getSessionInternal(true).addSessionListener(this);
|
||||
} else if (this.handler.isLogoutRequest(request)) {
|
||||
} else if (this.handler.isBackChannelLogoutRequest(request)) {
|
||||
this.handler.destroySession(request);
|
||||
// Do not proceed up valve chain
|
||||
return;
|
||||
} else if (this.handler.isFrontChannelLogoutRequest(request)) {
|
||||
this.handler.destroySession(request);
|
||||
// redirection url to the CAS server
|
||||
final String redirectionUrl = handler.computeRedirectionToServer(request);
|
||||
if (redirectionUrl != null) {
|
||||
CommonUtils.sendRedirect(response, redirectionUrl);
|
||||
}
|
||||
return;
|
||||
} else {
|
||||
logger.debug("Ignoring URI {}", request.getRequestURI());
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue