From 9010b2a5b5345a63f948ab7f2b0454981f996d64 Mon Sep 17 00:00:00 2001
From: Julian Hochstetter <julian.hochstetter@mni.thm.de>
Date: Fri, 7 Sep 2012 10:52:09 +0200
Subject: [PATCH] add logout and cas single sign out mechanism

---
 .../webapp/WEB-INF/spring/spring-security.xml | 25 +++++++++++++------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/src/main/webapp/WEB-INF/spring/spring-security.xml b/src/main/webapp/WEB-INF/spring/spring-security.xml
index ce404288b..4fdafe318 100644
--- a/src/main/webapp/WEB-INF/spring/spring-security.xml
+++ b/src/main/webapp/WEB-INF/spring/spring-security.xml
@@ -19,18 +19,18 @@
 		<sec:custom-filter ref="casAuthenticationFilter" position="CAS_FILTER" />
 		<sec:openid-login user-service-ref="openidUserDetailsService"
 			default-target-url="${security.openid-target-url}" />
-		<sec:logout invalidate-session="true" logout-url="/logout" logout-success-url="/j_spring_cas_security_logout"/>
     	<sec:custom-filter ref="singleSignOutFilter" before="CAS_FILTER"/>
-    	<sec:anonymous enabled="false" />
-	</sec:http>
+		<sec:logout invalidate-session="true" logout-url="/logout" />
+    	<sec:custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/>    
+    </sec:http>
 
-	<sec:authentication-manager alias="casAuthenticationManager">
+	<sec:authentication-manager alias="authenticationManager">
 		<sec:authentication-provider ref="casAuthenticationProvider" />
 	</sec:authentication-manager>	
 	
 	<bean id="casAuthenticationFilter"
 		class="org.springframework.security.cas.web.CasAuthenticationFilter"
-		p:authenticationManager-ref="casAuthenticationManager" />
+		p:authenticationManager-ref="authenticationManager" />
 
 	<bean id="casEntryPoint"
 		class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"
@@ -48,11 +48,22 @@
 		p:serviceProperties-ref="casServiceProperties"		
 		p:authenticationUserDetailsService-ref="casUserDetailsService" 
 		p:ticketValidator-ref="casTicketValidator" />
-
+	
 	<bean id="casUserDetailsService" class="de.thm.arsnova.CasUserDetailsService" />
 	<bean id="casTicketValidator" class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator">
 		<constructor-arg value="${security.cas-server-url}" />
 	</bean>
 
-	<bean id="singleSignOutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" />	  
+	<bean id="singleSignOutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" />
+	<bean id="requestSingleLogoutFilter"
+	    class="org.springframework.security.web.authentication.logout.LogoutFilter"
+	    p:filterProcessesUrl="/j_spring_cas_security_logout" >
+	    <constructor-arg>
+	        <bean class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler"
+	            p:targetUrlParameter="${security.cas-server-url}/logout?service=${security.arsnova-url}" />
+	    </constructor-arg>
+	    <constructor-arg>
+	        <bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
+	    </constructor-arg>
+	</bean>
 </beans>
-- 
GitLab