Task #3862: CasLogoutSuccessHandler append referer to logout url, the

user gets back to the right arsnova

Task #3862: CasLogoutSuccessHandler append referer to logout url, the
user gets back to the right arsnova
3ee9f011 · Julian Hochstetter · 33886f66 · 3ee9f011 · 3ee9f011 · 3ee9f011
Commit 3ee9f011 authored 12 years ago by Julian Hochstetter
--- a/src/main/java/de/thm/arsnova/CASLogoutSuccessHandler.java
+++ b/src/main/java/de/thm/arsnova/CASLogoutSuccessHandler.java
+package de.thm.arsnova;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.DefaultRedirectStrategy;
+import org.springframework.security.web.RedirectStrategy;
+import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
+
+public class CASLogoutSuccessHandler implements LogoutSuccessHandler {
+
+	public static final Logger logger = LoggerFactory.getLogger(CASLogoutSuccessHandler.class);
+	
+	private String casUrl;
+	private String defaultTarget;
+
+	private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
+
+	@Override
+	public void onLogoutSuccess(HttpServletRequest request,
+			HttpServletResponse response, Authentication authentication)
+			throws IOException, ServletException {
+		
+		String referer = request.getHeader("referer");
+        if (response.isCommitted()) {
+            logger.info("Response has already been committed. Unable to redirect to target");
+            return;
+        }
+		redirectStrategy.sendRedirect(request, response, 
+				(casUrl + "/logout?url=") + (referer != null ? referer : defaultTarget));
+
+	}
+
+	public void setCasUrl(String casUrl) {
+		this.casUrl = casUrl;
+	}
+
+	public void setDefaultTarget(String defaultTarget) {
+		this.defaultTarget = defaultTarget;
+	}
+}
--- a/src/main/java/de/thm/arsnova/LoginController.java
+++ b/src/main/java/de/thm/arsnova/LoginController.java
@@ -118,6 +118,7 @@ public class LoginController {
 	public View doLogout(final HttpServletRequest request) {
 		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 		request.getSession().invalidate();
+		SecurityContextHolder.clearContext();
 		if (auth instanceof CasAuthenticationToken) {
 			return new RedirectView("/j_spring_cas_security_logout");
 		}

--- a/src/main/webapp/WEB-INF/spring/spring-security.xml
+++ b/src/main/webapp/WEB-INF/spring/spring-security.xml
@@ -116,14 +116,17 @@
    
 	<bean id="requestSingleLogoutFilter"
 	    class="org.springframework.security.web.authentication.logout.LogoutFilter"
-	    p:filterProcessesUrl="/j_spring_cas_security_logout" >
-		<constructor-arg value="${security.cas-server-url}/logout?url=${security.arsnova-url}"/>
-	    <constructor-arg>
-	      <bean class=
-	          "org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
-	    </constructor-arg>
+	    p:filterProcessesUrl="/j_spring_cas_security_logout">
+	    <constructor-arg ref="casLogoutSuccessHandler" />
+		<constructor-arg>
+	      <bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
+	    </constructor-arg>	    
 	</bean>

+	<bean id="casLogoutSuccessHandler" class="de.thm.arsnova.CASLogoutSuccessHandler"
+	    p:casUrl="${security.cas-server-url}"
+	    p:defaultTarget="${security.arsnova-url}"/>
+	
 	<bean id="successHandler" class="de.thm.arsnova.LoginAuthenticationSucessHandler"
 	    p:targetUrl="#auth/checkLogin"/>