org.jasig.portal
Class LogoutServlet
java.lang.Object
javax.servlet.GenericServlet
javax.servlet.http.HttpServlet
org.jasig.portal.LogoutServlet
- All Implemented Interfaces:
- java.io.Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig
public class LogoutServlet
- extends javax.servlet.http.HttpServlet
Simple servlet to handle user logout. When a user
logs out, their session gets invalidated and they
are returned to the guest page.
- Version:
- $Revision: 1.14.4.1 $
- Author:
- Ken Weiner, kweiner@unicon.net, Don Fracapane, df7@columbia.edu
- See Also:
- Serialized Form
Method Summary |
void |
doGet(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Process the incoming request and response. |
private java.lang.String |
getRedirectionUrl(javax.servlet.http.HttpServletRequest request)
The redirect is determined based upon the context that passed authentication
The LogoutServlet looks at each authenticated context and determines if a
redirect exists for that context in the REDIRECT_MAP variable (loaded from
security.properties file). |
void |
init()
Initialize the LogoutServlet |
Methods inherited from class javax.servlet.http.HttpServlet |
doDelete, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service, service |
Methods inherited from class javax.servlet.GenericServlet |
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
log
private static final org.apache.commons.logging.Log log
INITIALIZED
private static boolean INITIALIZED
DEFAULT_REDIRECT
private static java.lang.String DEFAULT_REDIRECT
REDIRECT_MAP
private static java.util.HashMap REDIRECT_MAP
LogoutServlet
public LogoutServlet()
init
public void init()
throws javax.servlet.ServletException
- Initialize the LogoutServlet
- Overrides:
init
in class javax.servlet.GenericServlet
- Throws:
javax.servlet.ServletException
doGet
public void doGet(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
throws javax.servlet.ServletException,
java.io.IOException
- Process the incoming request and response.
- Overrides:
doGet
in class javax.servlet.http.HttpServlet
- Parameters:
request
- HttpServletRequest objectresponse
- HttpServletResponse object
- Throws:
javax.servlet.ServletException
java.io.IOException
getRedirectionUrl
private java.lang.String getRedirectionUrl(javax.servlet.http.HttpServletRequest request)
- The redirect is determined based upon the context that passed authentication
The LogoutServlet looks at each authenticated context and determines if a
redirect exists for that context in the REDIRECT_MAP variable (loaded from
security.properties file). The redirect is returned for the first authenticated
context that has an associated redirect string. If such a context is not found,
we use the default DEFAULT_REDIRECT that was originally setup.
NOTE:
This will work or not work based upon the logic in the root context. At this time,
all known security contexts extend the ChainingSecurityContext class. If a context
has the variable stopWhenAuthenticated set to false, the user may be logged into
multiple security contexts. If this is the case, the logout process currently
implemented does not accommodate multiple logouts. As a reference implemention,
the current implementation assumes only one security context has been authenticated.
Modifications to perform multiple logouts should be considered when a concrete
need arises and can be handled by this class or through a change in the
ISecurityConext API where a context knows how to perform it's own logout.
- Parameters:
request
-
- Returns:
- String representing the redirection URL