Java tutorial
package com.lti.system; /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.acegisecurity.Authentication; import org.acegisecurity.context.SecurityContextHolder; import org.acegisecurity.ui.logout.LogoutHandler; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.springframework.util.Assert; import javax.servlet.http.Cookie; /** * Logs a principal out. * <p> * Polls a series of {@link LogoutHandler}s. The handlers should be specified in the order they are required. * Generally you will want to call logout handlers <code>TokenBasedRememberMeServices</code> and * <code>SecurityContextLogoutHandler</code> (in that order). * </p> * <p> * After logout, the URL specified by {@link #logoutSuccessUrl} will be shown. * </p> * <p> * <b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the * {@link org.acegisecurity.util.FilterToBeanProxy}. * </p> * * @author Ben Alex * @version $Id: MyLogoutFilter.java,v 1.3 2011/05/27 08:00:25 ltis Exp $ */ public class MyLogoutFilter implements Filter { //~ Static fields/initializers ===================================================================================== private static final Log logger = LogFactory.getLog(MyLogoutFilter.class); //~ Instance fields ================================================================================================ private String filterProcessesUrl = "/j_acegi_logout"; private String logoutSuccessUrl; private LogoutHandler[] handlers; //~ Constructors =================================================================================================== public MyLogoutFilter(String logoutSuccessUrl, LogoutHandler[] handlers) { Assert.hasText(logoutSuccessUrl, "LogoutSuccessUrl required"); Assert.notEmpty(handlers, "LogoutHandlers are required"); this.logoutSuccessUrl = logoutSuccessUrl; this.handlers = handlers; } //~ Methods ======================================================================================================== /** * Not used. Use IoC container lifecycle methods instead. */ public void destroy() { } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (!(request instanceof HttpServletRequest)) { throw new ServletException("Can only process HttpServletRequest"); } if (!(response instanceof HttpServletResponse)) { throw new ServletException("Can only process HttpServletResponse"); } HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; if (requiresLogout(httpRequest, httpResponse)) { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); if (logger.isDebugEnabled()) { logger.debug("Logging out user '" + auth + "' and redirecting to logout page"); } for (int i = 0; i < handlers.length; i++) { handlers[i].logout(httpRequest, httpResponse, auth); } Cookie cookie = new Cookie("jforumSSOCookie", null); cookie.setMaxAge(0); cookie.setPath("/jforum"); httpResponse.addCookie(cookie); cookie = new Cookie("jforumSSOGroupCookie", null); cookie.setMaxAge(0); cookie.setPath("/jforum"); httpResponse.addCookie(cookie); request.removeAttribute("legalDate"); sendRedirect(httpRequest, httpResponse, logoutSuccessUrl); return; } chain.doFilter(request, response); } /** * Not used. Use IoC container lifecycle methods instead. * * @param arg0 ignored * * @throws ServletException ignored */ public void init(FilterConfig arg0) throws ServletException { } /** * Allow subclasses to modify when a logout should take place. * * @param request the request * @param response the response * * @return <code>true</code> if logout should occur, <code>false</code> otherwise */ protected boolean requiresLogout(HttpServletRequest request, HttpServletResponse response) { String uri = request.getRequestURI(); int pathParamIndex = uri.indexOf(';'); if (pathParamIndex > 0) { // strip everything from the first semi-colon uri = uri.substring(0, pathParamIndex); } int queryParamIndex = uri.indexOf('?'); if (queryParamIndex > 0) { // strip everything from the first question mark uri = uri.substring(0, queryParamIndex); } if ("".equals(request.getContextPath())) { return uri.endsWith(filterProcessesUrl); } return uri.endsWith(request.getContextPath() + filterProcessesUrl); } /** * Allow subclasses to modify the redirection message. * * @param request the request * @param response the response * @param url the URL to redirect to * * @throws IOException in the event of any failure */ protected void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url) throws IOException { if (!url.startsWith("http://") && !url.startsWith("https://")) { url = request.getContextPath() + url; } response.sendRedirect(response.encodeRedirectURL(url)); } public void setFilterProcessesUrl(String filterProcessesUrl) { Assert.hasText(filterProcessesUrl, "FilterProcessesUrl required"); this.filterProcessesUrl = filterProcessesUrl; } protected String getFilterProcessesUrl() { return filterProcessesUrl; } }