CASC-230 Call HttpServletRequest#logout() via Reflection to Improve Backwards Compatibility with Spring Security

2014-08-11 22:50:23 -04:00 · 2014-08-11 22:50:23 -04:00 · a0f8845ecf
parent aa3e07bd79
commit a0f8845ecf
1 changed files with 22 additions and 6 deletions
--- a/cas-client-core/src/main/java/org/jasig/cas/client/session/SingleSignOutHandler.java
+++ b/cas-client-core/src/main/java/org/jasig/cas/client/session/SingleSignOutHandler.java
@ -18,11 +18,11 @@
 */
 package org.jasig.cas.client.session;

+import java.lang.reflect.Method;
 import java.util.Arrays;
 import java.util.List;
 import java.util.zip.Inflater;

-import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
@ -78,6 +78,8 @@ public final class SingleSignOutHandler {

    private List<String> safeParameters;

+    private Method httpRequestLogoutMethod = retrieveHttpRequestLogoutMethod();
+
    public void setSessionMappingStorage(final SessionMappingStorage storage) {
        this.sessionMappingStorage = storage;
    }
@ -306,11 +308,7 @@ public final class SingleSignOutHandler {
                } catch (final IllegalStateException e) {
                    logger.debug("Error invalidating session.", e);
                }
-                try {
-                    request.logout();
-                } catch (final ServletException e) {
-                    logger.debug("Error performing request.logout.");
-                }
+                executeHttpServletRequestLogoutIfPossible(request);
            }
        }
    }
@ -345,4 +343,22 @@ public final class SingleSignOutHandler {
    private boolean isMultipartRequest(final HttpServletRequest request) {
        return request.getContentType() != null && request.getContentType().toLowerCase().startsWith("multipart");
    }
+
+    private void executeHttpServletRequestLogoutIfPossible(final HttpServletRequest request) {
+        if (this.httpRequestLogoutMethod != null) {
+            try {
+                this.httpRequestLogoutMethod.invoke(request);
+            } catch (final Exception e) {
+                logger.debug("Error performing request.logout.");
+            }
+        }
+    }
+
+    private static Method retrieveHttpRequestLogoutMethod() {
+        try {
+            return HttpServletRequest.class.getMethod("logout");
+        } catch (final NoSuchMethodException e) {
+            return null;
+        }
+    }
 }