Merge pull request #80 from battags/CASC-230

CASC-230 Call HttpServletRequest#logout() via Reflection to Improve Back...
2014-08-13 10:13:28 -04:00 · 2014-08-13 10:13:28 -04:00 · db53818de7
parent ecef8dd722 b34c4e104f
commit db53818de7
1 changed files with 38 additions and 5 deletions
--- a/cas-client-core/src/main/java/org/jasig/cas/client/session/SingleSignOutHandler.java
+++ b/cas-client-core/src/main/java/org/jasig/cas/client/session/SingleSignOutHandler.java
@ -78,6 +78,8 @@ public final class SingleSignOutHandler {

    private List<String> safeParameters;

+    private LogoutStrategy logoutStrategy = isServlet30() ? new Servlet30LogoutStrategy() : new Servlet25LogoutStrategy();
+
    public void setSessionMappingStorage(final SessionMappingStorage storage) {
        this.sessionMappingStorage = storage;
    }
@ -306,11 +308,7 @@ public final class SingleSignOutHandler {
                } catch (final IllegalStateException e) {
                    logger.debug("Error invalidating session.", e);
                }
-                try {
-                    request.logout();
-                } catch (final ServletException e) {
-                    logger.debug("Error performing request.logout.");
-                }
+                this.logoutStrategy.logout(request);
            }
        }
    }
@ -345,4 +343,39 @@ public final class SingleSignOutHandler {
    private boolean isMultipartRequest(final HttpServletRequest request) {
        return request.getContentType() != null && request.getContentType().toLowerCase().startsWith("multipart");
    }
+
+    private static boolean isServlet30() {
+        try {
+            return HttpServletRequest.class.getMethod("logout") != null;
+        } catch (final NoSuchMethodException e) {
+            return false;
+        }
+    }
+
+
+    /**
+     * Abstracts the ways we can force logout with the Servlet spec.
+     */
+    private interface LogoutStrategy {
+
+        void logout(HttpServletRequest request);
+    }
+
+    private class Servlet25LogoutStrategy implements LogoutStrategy {
+
+        public void logout(final HttpServletRequest request) {
+            // nothing additional to do here
+        }
+    }
+
+    private class Servlet30LogoutStrategy implements LogoutStrategy {
+
+        public void logout(final HttpServletRequest request) {
+            try {
+                request.logout();
+            } catch (final ServletException e) {
+                logger.debug("Error performing request.logout.");
+            }
+        }
+    }
 }