org.gluu.oxauth.client.session.SignOutHandler.java Source code

Java tutorial

Introduction

Here is the source code for org.gluu.oxauth.client.session.SignOutHandler.java

Source

/*
 * oxTrust is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.
 *
 * Copyright (c) 2014, Gluu
 */

package org.gluu.oxauth.client.session;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.ws.rs.core.MediaType;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.gluu.oxauth.client.util.Configuration;
import org.jboss.resteasy.client.ClientRequest;
import org.jboss.resteasy.client.ClientResponse;

/**
 * Listener to detect when an HTTP session is destroyed and remove it from the map of
 * managed sessions.  Also allows for the programmatic removal of sessions.
 * <p>
 * Enables the CAS Single Sign out feature.
 *
 * @author Yuriy Movchan
 * @version 0.1, 03/20/2013
 */
public final class SignOutHandler {

    protected final Log log = LogFactory.getLog(getClass());

    private static class SignOutHandlerSingleton {
        static SignOutHandler INSTANCE = new SignOutHandler();
    }

    private SignOutHandler() {
    }

    public static SignOutHandler instance() {
        return SignOutHandlerSingleton.INSTANCE;
    }

    public String getOAuthLogoutUrl(final HttpServletRequest servletRequest) {
        final HttpServletRequest request = (HttpServletRequest) servletRequest;
        final HttpSession session = request.getSession(false);

        if (session == null) {
            log.trace("There is no exising session");
            return null;
        }

        OAuthData oAuthData = (OAuthData) session.getAttribute(Configuration.SESSION_OAUTH_DATA);
        if (oAuthData == null) {
            log.trace("There is no OAuthData in the session");
            return null;
        }

        // TODO: Validate access token
        ClientRequest clientRequest = new ClientRequest(
                Configuration.instance().getPropertyValue(Configuration.OAUTH_PROPERTY_LOGOUT_URL));

        clientRequest.queryParameter(Configuration.OAUTH_ID_TOKEN_HINT, oAuthData.getAccessToken());
        clientRequest.queryParameter(Configuration.OAUTH_POST_LOGOUT_REDIRECT_URI, constructRedirectUrl(request));

        // Remove OAuth data from session
        session.removeAttribute(Configuration.SESSION_OAUTH_DATA);

        try {
            return clientRequest.getUri();
        } catch (Exception ex) {
            log.error("Failed to prepare OAuth log out URL", ex);
        }

        return null;
    }

    protected final String constructRedirectUrl(final HttpServletRequest request) {
        log.trace("Starting constructRedirectUrl");
        String redirectUri = null;
        String[] redirectUriParameters = (String[]) request.getParameterMap()
                .get(Configuration.OAUTH_POST_LOGOUT_REDIRECT_URI);
        if (redirectUriParameters != null && redirectUriParameters.length > 0) {
            redirectUri = redirectUriParameters[0];
        }

        log.trace("redirectUri from request = " + redirectUri);
        if (redirectUri == null || redirectUri.equals("")) {
            int serverPort = request.getServerPort();
            if ((serverPort == 80) || (serverPort == 443)) {
                redirectUri = String.format("%s://%s%s", request.getScheme(), request.getServerName(),
                        "/identity/authentication/finishlogout");
            } else {
                redirectUri = String.format("%s://%s:%s%s", request.getScheme(), request.getServerName(),
                        request.getServerPort(), "/identity");
            }

        }
        log.trace("Final redirectUri = " + redirectUri);
        return redirectUri;
    }
}