org.jasig.portal
Class LogoutServlet

java.lang.Object
  extended by javax.servlet.GenericServlet
      extended by javax.servlet.http.HttpServlet
          extended by org.jasig.portal.LogoutServlet
All Implemented Interfaces:
java.io.Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig

public class LogoutServlet
extends javax.servlet.http.HttpServlet

Simple servlet to handle user logout. When a user logs out, their session gets invalidated and they are returned to the guest page.

Version:
$Revision: 1.14.4.1 $
Author:
Ken Weiner, kweiner@unicon.net, Don Fracapane, df7@columbia.edu
See Also:
Serialized Form

Field Summary
private static java.lang.String DEFAULT_REDIRECT
           
private static boolean INITIALIZED
           
private static org.apache.commons.logging.Log log
           
private static java.util.HashMap REDIRECT_MAP
           
 
Constructor Summary
LogoutServlet()
           
 
Method Summary
 void doGet(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          Process the incoming request and response.
private  java.lang.String getRedirectionUrl(javax.servlet.http.HttpServletRequest request)
          The redirect is determined based upon the context that passed authentication The LogoutServlet looks at each authenticated context and determines if a redirect exists for that context in the REDIRECT_MAP variable (loaded from security.properties file).
 void init()
          Initialize the LogoutServlet
 
Methods inherited from class javax.servlet.http.HttpServlet
doDelete, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service, service
 
Methods inherited from class javax.servlet.GenericServlet
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

log

private static final org.apache.commons.logging.Log log

INITIALIZED

private static boolean INITIALIZED

DEFAULT_REDIRECT

private static java.lang.String DEFAULT_REDIRECT

REDIRECT_MAP

private static java.util.HashMap REDIRECT_MAP
Constructor Detail

LogoutServlet

public LogoutServlet()
Method Detail

init

public void init()
          throws javax.servlet.ServletException
Initialize the LogoutServlet

Overrides:
init in class javax.servlet.GenericServlet
Throws:
javax.servlet.ServletException

doGet

public void doGet(javax.servlet.http.HttpServletRequest request,
                  javax.servlet.http.HttpServletResponse response)
           throws javax.servlet.ServletException,
                  java.io.IOException
Process the incoming request and response.

Overrides:
doGet in class javax.servlet.http.HttpServlet
Parameters:
request - HttpServletRequest object
response - HttpServletResponse object
Throws:
javax.servlet.ServletException
java.io.IOException

getRedirectionUrl

private java.lang.String getRedirectionUrl(javax.servlet.http.HttpServletRequest request)
The redirect is determined based upon the context that passed authentication The LogoutServlet looks at each authenticated context and determines if a redirect exists for that context in the REDIRECT_MAP variable (loaded from security.properties file). The redirect is returned for the first authenticated context that has an associated redirect string. If such a context is not found, we use the default DEFAULT_REDIRECT that was originally setup. NOTE: This will work or not work based upon the logic in the root context. At this time, all known security contexts extend the ChainingSecurityContext class. If a context has the variable stopWhenAuthenticated set to false, the user may be logged into multiple security contexts. If this is the case, the logout process currently implemented does not accommodate multiple logouts. As a reference implemention, the current implementation assumes only one security context has been authenticated. Modifications to perform multiple logouts should be considered when a concrete need arises and can be handled by this class or through a change in the ISecurityConext API where a context knows how to perform it's own logout.

Parameters:
request -
Returns:
String representing the redirection URL