Source Code Cross Referenced for SecurityContextLogoutHandler.java in  » Security » acegi-security » org » acegisecurity » ui » logout » Java Source Code / Java DocumentationJava Source Code and Java Documentation

01:        /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
02:         *
03:         * Licensed under the Apache License, Version 2.0 (the "License");
04:         * you may not use this file except in compliance with the License.
05:         * You may obtain a copy of the License at
06:         *
07:         *     http://www.apache.org/licenses/LICENSE-2.0
08:         *
09:         * Unless required by applicable law or agreed to in writing, software
10:         * distributed under the License is distributed on an "AS IS" BASIS,
11:         * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12:         * See the License for the specific language governing permissions and
13:         * limitations under the License.
14:         */
15:
16:        package org.acegisecurity.ui.logout;
17:
18:        import org.acegisecurity.Authentication;
19:
20:        import org.acegisecurity.context.SecurityContextHolder;
21:        import org.springframework.util.Assert;
22:
23:        import javax.servlet.http.HttpServletRequest;
24:        import javax.servlet.http.HttpServletResponse;
25:        import javax.servlet.http.HttpSession;
26:
27:        /**
28:         * Performs a logout by modifying the
29:         * {@link org.acegisecurity.context.SecurityContextHolder}.
30:         * 
31:         * <p>
32:         * Will also invalidate the {@link HttpSession} if
33:         * {@link #isInvalidateHttpSession()} is <code>true</code> and the session is
34:         * not <code>null</code>.
35:         * 
36:         * @author Ben Alex
37:         * @version $Id: SecurityContextLogoutHandler.java 1784 2007-02-24 21:00:24Z
38:         * luke_t $
39:         */
40:        public class SecurityContextLogoutHandler implements  LogoutHandler {
41:            // ~ Methods
42:            // ========================================================================================================
43:
44:            private boolean invalidateHttpSession = true;
45:
46:            /**
47:             * Requires the request to be passed in.
48:             * 
49:             * @param request from which to obtain a HTTP session (cannot be null)
50:             * @param response not used (can be <code>null</code>)
51:             * @param authentication not used (can be <code>null</code>)
52:             */
53:            public void logout(HttpServletRequest request,
54:                    HttpServletResponse response, Authentication authentication) {
55:                Assert.notNull(request, "HttpServletRequest required");
56:                if (invalidateHttpSession) {
57:                    HttpSession session = request.getSession(false);
58:                    if (session != null) {
59:                        session.invalidate();
60:                    }
61:                }
62:
63:                SecurityContextHolder.clearContext();
64:            }
65:
66:            public boolean isInvalidateHttpSession() {
67:                return invalidateHttpSession;
68:            }
69:
70:            /**
71:             * Causes the {@link HttpSession} to be invalidated when this
72:             * {@link LogoutHandler} is invoked. Defaults to true.
73:             * 
74:             * @param invalidateHttpSession true if you wish the session to be
75:             * invalidated (default) or false if it should not be
76:             */
77:            public void setInvalidateHttpSession(boolean invalidateHttpSession) {
78:                this.invalidateHttpSession = invalidateHttpSession;
79:            }
80:
81:        }