1 | |
|
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
|
8 | |
|
9 | |
|
10 | |
|
11 | |
|
12 | |
|
13 | |
|
14 | |
|
15 | |
|
16 | |
package org.kuali.student.security.filter; |
17 | |
|
18 | |
import java.io.IOException; |
19 | |
|
20 | |
import javax.servlet.FilterChain; |
21 | |
import javax.servlet.ServletException; |
22 | |
import javax.servlet.http.HttpServletRequest; |
23 | |
import javax.servlet.http.HttpServletResponse; |
24 | |
|
25 | |
import org.springframework.security.Authentication; |
26 | |
import org.springframework.security.context.SecurityContextHolder; |
27 | |
import org.springframework.security.ui.FilterChainOrder; |
28 | |
import org.springframework.security.ui.SpringSecurityFilter; |
29 | |
import org.springframework.security.ui.logout.LogoutHandler; |
30 | |
import org.springframework.security.ui.logout.SecurityContextLogoutHandler; |
31 | |
import org.springframework.security.util.RedirectUtils; |
32 | |
import org.springframework.security.util.UrlUtils; |
33 | |
import org.springframework.util.Assert; |
34 | |
import org.springframework.util.StringUtils; |
35 | |
|
36 | |
|
37 | |
|
38 | |
|
39 | |
|
40 | |
|
41 | |
|
42 | |
public class KSLogoutFilter extends SpringSecurityFilter { |
43 | |
|
44 | 0 | private String filterProcessesUrl = "/j_spring_security_logout"; |
45 | 0 | private String logoutSuccessUrl = "/"; |
46 | |
private LogoutHandler[] handlers; |
47 | |
private boolean useRelativeContext; |
48 | 0 | String invalidateSession = "true"; |
49 | |
|
50 | 0 | public KSLogoutFilter(){ |
51 | 0 | handlers = new SecurityContextLogoutHandler[1]; |
52 | 0 | SecurityContextLogoutHandler sclh = new SecurityContextLogoutHandler(); |
53 | 0 | if ("true".equals(invalidateSession)) { |
54 | 0 | sclh.setInvalidateHttpSession(true); |
55 | |
} else { |
56 | 0 | sclh.setInvalidateHttpSession(false); |
57 | |
} |
58 | 0 | handlers[0] = sclh; |
59 | 0 | } |
60 | |
|
61 | 0 | public KSLogoutFilter(String logoutSuccessUrl, LogoutHandler[] handlers) { |
62 | 0 | Assert.notEmpty(handlers, "LogoutHandlers are required"); |
63 | 0 | this.logoutSuccessUrl = logoutSuccessUrl; |
64 | 0 | Assert.isTrue(UrlUtils.isValidRedirectUrl(logoutSuccessUrl), logoutSuccessUrl + " isn't a valid redirect URL"); |
65 | 0 | this.handlers = handlers; |
66 | 0 | } |
67 | |
|
68 | |
public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, |
69 | |
ServletException { |
70 | |
|
71 | 0 | if (requiresLogout(request, response)) { |
72 | 0 | Authentication auth = SecurityContextHolder.getContext().getAuthentication(); |
73 | |
|
74 | 0 | if (logger.isDebugEnabled()) { |
75 | 0 | logger.debug("Logging out user '" + auth + "' and redirecting to logout page"); |
76 | |
} |
77 | |
|
78 | 0 | for (int i = 0; i < handlers.length; i++) { |
79 | 0 | handlers[i].logout(request, response, auth); |
80 | |
} |
81 | |
|
82 | 0 | String targetUrl = determineTargetUrl(request, response); |
83 | |
|
84 | 0 | sendRedirect(request, response, targetUrl); |
85 | |
|
86 | 0 | return; |
87 | |
} |
88 | |
|
89 | 0 | chain.doFilter(request, response); |
90 | 0 | } |
91 | |
|
92 | |
|
93 | |
|
94 | |
|
95 | |
|
96 | |
|
97 | |
|
98 | |
|
99 | |
|
100 | |
protected boolean requiresLogout(HttpServletRequest request, HttpServletResponse response) { |
101 | 0 | String uri = request.getRequestURI(); |
102 | 0 | int pathParamIndex = uri.indexOf(';'); |
103 | |
|
104 | 0 | if (pathParamIndex > 0) { |
105 | |
|
106 | 0 | uri = uri.substring(0, pathParamIndex); |
107 | |
} |
108 | |
|
109 | 0 | int queryParamIndex = uri.indexOf('?'); |
110 | |
|
111 | 0 | if (queryParamIndex > 0) { |
112 | |
|
113 | 0 | uri = uri.substring(0, queryParamIndex); |
114 | |
} |
115 | |
|
116 | 0 | if ("".equals(request.getContextPath())) { |
117 | 0 | return uri.endsWith(filterProcessesUrl); |
118 | |
} |
119 | |
|
120 | |
|
121 | |
|
122 | |
|
123 | |
|
124 | 0 | return uri.endsWith(filterProcessesUrl); |
125 | |
} |
126 | |
|
127 | |
|
128 | |
|
129 | |
|
130 | |
|
131 | |
|
132 | |
|
133 | |
|
134 | |
|
135 | |
|
136 | |
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) { |
137 | 0 | String targetUrl = request.getParameter("logoutSuccessUrl"); |
138 | |
|
139 | 0 | if(!StringUtils.hasLength(targetUrl)) { |
140 | 0 | targetUrl = getLogoutSuccessUrl(); |
141 | |
} |
142 | |
|
143 | 0 | if (!StringUtils.hasLength(targetUrl)) { |
144 | 0 | targetUrl = request.getHeader("Referer"); |
145 | |
} |
146 | |
|
147 | 0 | if (!StringUtils.hasLength(targetUrl)) { |
148 | 0 | targetUrl = "/"; |
149 | |
} |
150 | |
|
151 | 0 | return targetUrl; |
152 | |
} |
153 | |
|
154 | |
|
155 | |
|
156 | |
|
157 | |
|
158 | |
|
159 | |
|
160 | |
|
161 | |
|
162 | |
|
163 | |
protected void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url) |
164 | |
throws IOException { |
165 | |
|
166 | 0 | RedirectUtils.sendRedirect(request, response, url, useRelativeContext); |
167 | 0 | } |
168 | |
|
169 | |
public void setFilterProcessesUrl(String filterProcessesUrl) { |
170 | 0 | Assert.hasText(filterProcessesUrl, "FilterProcessesUrl required"); |
171 | 0 | Assert.isTrue(UrlUtils.isValidRedirectUrl(filterProcessesUrl), filterProcessesUrl + " isn't a valid redirect URL"); |
172 | 0 | this.filterProcessesUrl = filterProcessesUrl; |
173 | 0 | } |
174 | |
|
175 | |
protected String getLogoutSuccessUrl() { |
176 | 0 | return logoutSuccessUrl; |
177 | |
} |
178 | |
|
179 | |
protected String getFilterProcessesUrl() { |
180 | 0 | return filterProcessesUrl; |
181 | |
} |
182 | |
|
183 | |
public void setUseRelativeContext(boolean useRelativeContext) { |
184 | 0 | this.useRelativeContext = useRelativeContext; |
185 | 0 | } |
186 | |
|
187 | |
public int getOrder() { |
188 | 0 | return FilterChainOrder.LOGOUT_FILTER; |
189 | |
} |
190 | |
|
191 | |
} |