List of usage examples for org.springframework.security.web.authentication.logout LogoutHandler logout
void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication);
From source file:ch.astina.hesperid.web.services.springsecurity.internal.LogoutServiceImpl.java
public final void logout() { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); for (LogoutHandler handler : handlers) { handler.logout(requestGlobals.getHTTPServletRequest(), requestGlobals.getHTTPServletResponse(), auth); }//from w ww. j ava2 s. c om }
From source file:grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.java
@Override public void doFilter(final ServletRequest req, final ServletResponse res, final FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; if (!requiresLogout(request, response)) { chain.doFilter(request, response); return;/*from w w w.j a va 2 s . c om*/ } Authentication auth = SecurityContextHolder.getContext().getAuthentication(); log.debug("Logging out user '{}' and transferring to logout destination", auth); for (LogoutHandler handler : handlers) { handler.logout(request, response, auth); } logoutSuccessHandler.onLogoutSuccess(request, response, auth); }
From source file:org.codehaus.groovy.grails.plugins.springsecurity.MutableLogoutFilter.java
/** * {@inheritDoc}//w w w. j ava 2s .co m * @see org.springframework.security.web.authentication.logout.LogoutFilter#doFilter( * javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain) */ @Override public void doFilter(final ServletRequest req, final ServletResponse res, final FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; if (requiresLogout(request, response)) { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); if (logger.isDebugEnabled()) { logger.debug("Logging out user '" + auth + "' and transferring to logout destination"); } for (LogoutHandler handler : _handlers) { handler.logout(request, response, auth); } _logoutSuccessHandler.onLogoutSuccess(request, response, auth); return; } chain.doFilter(request, response); }
From source file:cn.imethan.common.security.session.ConcurrentSessionFilter.java
private void doLogout(HttpServletRequest request, HttpServletResponse response) { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); for (LogoutHandler handler : handlers) { handler.logout(request, response, auth); }// ww w . j av a 2 s. com }
From source file:com.application.model.dao.AuthenticationService.java
public void handleLogout(HttpServletRequest httpRequest) { ServletContext servletContext = httpRequest.getSession().getServletContext(); WebApplicationContext wac = WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext); LogoutHandler logoutHandler = wac.getBean(LogoutHandler.class); Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); // Response should not be used? logoutHandler.logout(httpRequest, null, authentication); }
From source file:de.itsvs.cwtrpc.security.RpcLogoutFilter.java
@Override protected void process(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { final Authentication authentication; boolean ok = false; authentication = SecurityContextHolder.getContext().getAuthentication(); if (!CwtRpcUtils.isRpcSessionInvalidationPolicySet(request)) { CwtRpcUtils.saveRpcSessionInvalidationPolicy(request, createRpcSessionInvalidationPolicy(request, response, authentication)); } else {/*from w ww .j ava 2 s.c o m*/ log.debug("RPC session invalidation policy " + "has already been applied."); } try { if (authentication != null) { if (log.isDebugEnabled()) { log.debug("Logging out user '" + authentication.getName() + "'"); } chain.doFilter(request, response); if (getLogoutHandlers() != null) { for (LogoutHandler handler : getLogoutHandlers()) { handler.logout(request, response, authentication); } } } else { if ((request.getRequestedSessionId() == null) || request.isRequestedSessionIdValid()) { log.debug("Request does not belong to " + "an authenticated session"); getLogoutFailureHandler().onLogoutFailure(request, response, new CwtRpcException("Request does not belong to " + "an authenticated session.")); return; } log.debug("Request does not include a valid " + "authentication. It seems to be a result of a " + "session timeout. Sending success response."); } /* * If session has not been invalidated up to now, this is the last * possibility to invalidate the session. The logout success hander * may send the response to the client. The session should be * invalidated before sending the response. */ if (isInvalidateSession()) { invalidateSession(request); } getLogoutSuccessHandler().onLogoutSuccess(request, response, authentication); ok = true; } finally { if (!ok && isInvalidateSession()) { invalidateSession(request); } } }
From source file:it.scoppelletti.programmerpower.web.security.SsoAuthenticationService.java
/** * Gestore del logout./*w w w . ja va2 s . co m*/ * * @param req Richiesta. * @param resp Risposta. * @param authentication Token autenticato. */ public void logout(HttpServletRequest req, HttpServletResponse resp, Authentication authentication) { String tgt; LogoutHandler logoutHandler; if (req == null) { throw new ArgumentNullException("req"); } if (resp == null) { throw new ArgumentNullException("resp"); } if (myCasClient == null) { throw new PropertyNotSetException(toString(), "casClient"); } myLogger.trace("Calling method logout."); if (myRememberMeServices instanceof LogoutHandler) { logoutHandler = (LogoutHandler) myRememberMeServices; try { logoutHandler.logout(req, resp, authentication); } catch (Exception ex) { myLogger.error(ApplicationException.toString(ex), ex); } } tgt = getTicketGrantingTicket(req, resp); if (Strings.isNullOrEmpty(tgt)) { return; } myCasClient.removeTicketGrantingTicket(req, resp); try { myCasClient.destroyTicketGrantingTicket(req, resp, tgt); } catch (Exception ex) { myLogger.error(ApplicationException.toString(ex), ex); } }
From source file:org.artifactory.webapp.servlet.AccessFilter.java
private void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { final String servletPath = RequestUtils.getServletPathFromRequest(request); // add no cache header to web app request RequestUtils.addAdditionalHeadersToWebAppRequest(request, response); String method = request.getMethod(); if ((servletPath == null || "/".equals(servletPath) || servletPath.length() == 0) && "get".equalsIgnoreCase(method)) { //We were called with an empty path - redirect to the app main page response.sendRedirect(HttpUtils.WEBAPP_URL_PATH_PREFIX + "/"); return;/* www . j ava 2 s .c o m*/ } //Reuse the authentication if it exists Authentication authentication = RequestUtils.getAuthentication(request); boolean isAuthenticated = authentication != null && authentication.isAuthenticated(); // Make sure this is called only once boolean reAuthRequired = reAuthenticationRequired(request, authentication); if (reAuthRequired) { /** * A re-authentication is required but we might still have data that needs to be invalidated (like the * web session) */ Map<String, LogoutHandler> logoutHandlers = ContextHelper.get().beansForType(LogoutHandler.class); for (LogoutHandler logoutHandler : logoutHandlers.values()) { logoutHandler.logout(request, response, authentication); } } boolean authenticationRequired = !isAuthenticated || reAuthRequired; SecurityContext securityContext = SecurityContextHolder.getContext(); if (authenticationRequired) { if (authFilter.acceptFilter(request)) { authenticateAndExecute(request, response, chain, securityContext); } else { useAnonymousIfPossible(request, response, chain, securityContext); } } else { log.debug("Using authentication {} from Http session.", authentication); useAuthentication(request, response, chain, authentication, securityContext); } }
From source file:org.springframework.security.web.authentication.logout.LogoutFilter.java
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { logger.debug("?? LogoutFilter.doFilter()......."); HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; if (requiresLogout(request, response)) { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); if (logger.isDebugEnabled()) { logger.debug("Logging out user '" + auth + "' and transferring to logout destination"); }// w w w . jav a 2 s. c om for (LogoutHandler handler : handlers) { handler.logout(request, response, auth); } logoutSuccessHandler.onLogoutSuccess(request, response, auth); return; } chain.doFilter(request, response); }