From a0f8845ecf5fcd19f4fdd0bb932b45c38041ac1c Mon Sep 17 00:00:00 2001
From: Scott Battaglia <scott.battaglia@gmail.com>
Date: Mon, 11 Aug 2014 22:50:23 -0400
Subject: [PATCH] CASC-230 Call HttpServletRequest#logout() via Reflection to
 Improve Backwards Compatibility with Spring Security

---
 .../client/session/SingleSignOutHandler.java  | 28 +++++++++++++++----
 1 file changed, 22 insertions(+), 6 deletions(-)

diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/session/SingleSignOutHandler.java b/cas-client-core/src/main/java/org/jasig/cas/client/session/SingleSignOutHandler.java
index 5f8b46c..07264c3 100644
--- a/cas-client-core/src/main/java/org/jasig/cas/client/session/SingleSignOutHandler.java
+++ b/cas-client-core/src/main/java/org/jasig/cas/client/session/SingleSignOutHandler.java
@@ -18,11 +18,11 @@
  */
 package org.jasig.cas.client.session;
 
+import java.lang.reflect.Method;
 import java.util.Arrays;
 import java.util.List;
 import java.util.zip.Inflater;
 
-import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
@@ -78,6 +78,8 @@ public final class SingleSignOutHandler {
 
     private List<String> safeParameters;
 
+    private Method httpRequestLogoutMethod = retrieveHttpRequestLogoutMethod();
+
     public void setSessionMappingStorage(final SessionMappingStorage storage) {
         this.sessionMappingStorage = storage;
     }
@@ -306,11 +308,7 @@ public final class SingleSignOutHandler {
                 } catch (final IllegalStateException e) {
                     logger.debug("Error invalidating session.", e);
                 }
-                try {
-                    request.logout();
-                } catch (final ServletException e) {
-                    logger.debug("Error performing request.logout.");
-                }
+                executeHttpServletRequestLogoutIfPossible(request);
             }
         }
     }
@@ -345,4 +343,22 @@ public final class SingleSignOutHandler {
     private boolean isMultipartRequest(final HttpServletRequest request) {
         return request.getContentType() != null && request.getContentType().toLowerCase().startsWith("multipart");
     }
+
+    private void executeHttpServletRequestLogoutIfPossible(final HttpServletRequest request) {
+        if (this.httpRequestLogoutMethod != null) {
+            try {
+                this.httpRequestLogoutMethod.invoke(request);
+            } catch (final Exception e) {
+                logger.debug("Error performing request.logout.");
+            }
+        }
+    }
+
+    private static Method retrieveHttpRequestLogoutMethod() {
+        try {
+            return HttpServletRequest.class.getMethod("logout");
+        } catch (final NoSuchMethodException e) {
+            return null;
+        }
+    }
 }