001: /*
002: * Copyright 2007 The Kuali Foundation.
003: *
004: * Licensed under the Educational Community License, Version 1.0 (the "License");
005: * you may not use this file except in compliance with the License.
006: * You may obtain a copy of the License at
007: *
008: * http://www.opensource.org/licenses/ecl1.php
009: *
010: * Unless required by applicable law or agreed to in writing, software
011: * distributed under the License is distributed on an "AS IS" BASIS,
012: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013: * See the License for the specific language governing permissions and
014: * limitations under the License.
015: */
016: package edu.yale.its.tp.cas.servlet;
017:
018: import java.io.IOException;
019:
020: import javax.servlet.ServletConfig;
021: import javax.servlet.ServletContext;
022: import javax.servlet.ServletException;
023: import javax.servlet.http.Cookie;
024: import javax.servlet.http.HttpServlet;
025: import javax.servlet.http.HttpServletRequest;
026: import javax.servlet.http.HttpServletResponse;
027:
028: import edu.yale.its.tp.cas.ticket.GrantorCache;
029: import edu.yale.its.tp.cas.ticket.TicketGrantingTicket;
030:
031: /**
032: * Lets users explicitly log out from the Central Authentication Servlet.
033: */
034: public class Logout extends HttpServlet {
035:
036: // *********************************************************************
037: // KFSConstants
038:
039: private static final String TGC_ID = "CASTGC";
040:
041: // *********************************************************************
042: // Private state
043:
044: private ServletContext app;
045: private GrantorCache tgcCache;
046: private String logoutPage;
047:
048: // *********************************************************************
049: // Initialization
050:
051: public void init(ServletConfig config) throws ServletException {
052: // retrieve the context and the caches
053: app = config.getServletContext();
054: tgcCache = (GrantorCache) app.getAttribute("tgcCache");
055:
056: // retrieve a relative URL for the login form
057: logoutPage = app
058: .getInitParameter("edu.yale.its.tp.cas.logoutPage");
059: if (logoutPage == null)
060: throw new ServletException(
061: "need edu.yale.its.tp.cas.logoutPage");
062: }
063:
064: // *********************************************************************
065: // Request handling
066:
067: public void doGet(HttpServletRequest request,
068: HttpServletResponse response) throws ServletException,
069: IOException {
070:
071: // avoid caching (in the stupidly numerous ways we must)
072: response.setHeader("pragma", "no-cache");
073: response.setHeader("Cache-Control", "no-cache");
074: response.setHeader("Cache-Control", "no-store");
075: response.setDateHeader("Expires", 0);
076:
077: // see if the user sent us a valid TGC
078: Cookie[] cookies = request.getCookies();
079: if (cookies != null) {
080: for (int i = 0; i < cookies.length; i++) {
081: if (cookies[i].getName().equals(TGC_ID)) {
082: TicketGrantingTicket t = (TicketGrantingTicket) tgcCache
083: .getTicket(cookies[i].getValue());
084: if (t == null)
085: continue;
086:
087: // ticket found!
088: tgcCache.deleteTicket(cookies[i].getValue());
089: destroyTgc(request, response);
090: }
091: }
092: }
093:
094: // forward to the UI to reassure the user
095: app.getRequestDispatcher(logoutPage).forward(request, response);
096: }
097:
098: /** Destroys the browser's TGC. */
099: private void destroyTgc(HttpServletRequest request,
100: HttpServletResponse response) {
101: Cookie tgcOverwrite = new Cookie(TGC_ID, "destroyed");
102: tgcOverwrite.setPath(request.getContextPath());
103: tgcOverwrite.setMaxAge(0);
104: tgcOverwrite.setSecure(true);
105: response.addCookie(tgcOverwrite);
106: }
107:
108: }
|