Axel,
We looked into something like this but ultimately we decided against it.
One bad client could break the entire process (or one client that doesn't
support the log out protocol).
-Scott
On Fri, Apr 11, 2008 at 6:20 PM, Axel Mendoza Pupo <[EMAIL PROTECTED]>
wrote:
> i have found a solution to Single Sign Out and i want to share to upgrade
> it
> The solution involve the org.jasig.cas.web.LogoutController to send
> redirect view to each logout url on webapp.
> To do this I configure an LogoutRegistry to set the webapps logout urls
> and get the next url logout to redirect.
> in each web app I handle the logout url with a controller which get the
> session invalidated and redirect to CAS /logout who iterate by each logout
> url
> I not test this yet because my web apps isn't ready but I think this may
> work even when the user close the browser during logout request.
> Look the code and discuss about it.
> /****************************************************************
> public class UrlLogout {
> private String url;
>
> public String getUrl() {
> return url;
> }
>
> public void setUrl(String url) {
> this.url = url;
> }
> }
> /****************************************************************
> public class LogoutRegistry {
>
> private List<UrlLogout> urlsLogout;
> private Map sessionStateLogout = Collections.synchronizedMap(new
> HashMap());
>
> public String nextLogout(String sessionId){
> String url = null;
> Object v = sessionStateLogout.get(sessionId);
> int index = 0;
>
> if(v != null)
> index = (Integer)v;
>
> if(index < urlsLogout.size())
> url = ((UrlLogout) urlsLogout.get(index)).getUrl();
>
> index++;
> sessionStateLogout.put(sessionId,index);
>
> return url;
> }
>
> public void removeSessionState(String sessionId){
> sessionStateLogout.remove(sessionId);
> }
>
> public void setUrlsLogout(List<UrlLogout> urls){
> urlsLogout = urls;
> }
> }
> /****************************************************************
> public class CASLogoffController implements Controller{
>
> private CentralAuthenticationService centralAuthenticationService;
> /** CookieGenerator for TGT Cookie */
> @NotNull
> private CookieRetrievingCookieGenerator
> ticketGrantingTicketCookieGenerator;
> /** CookieGenerator for Warn Cookie */
> @NotNull
> private CookieRetrievingCookieGenerator warnCookieGenerator;
> /** Logout view name. */
> @NotNull
> private String logoutView;
>
> private LogoutRegistry logoutRegistry;
>
> public ModelAndView handleRequest(HttpServletRequest request,
> HttpServletResponse response) throws Exception {
> final String ticketGrantingTicketId =
> this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request);
> final String service = request.getParameter("service");
>
> if (ticketGrantingTicketId != null) {
> this.centralAuthenticationService
> destroyTicketGrantingTicket(ticketGrantingTicketId);
>
> this.ticketGrantingTicketCookieGenerator.removeCookie(response);
> this.warnCookieGenerator.removeCookie(response);
> }
>
> String sessionId = request.getSession().getId();
>
> String url = logoutRegistry.nextLogout(sessionId);
>
> if(url != null)
> return new ModelAndView(new RedirectView(url));
>
> logoutRegistry.removeSessionState(sessionId);
>
> return new ModelAndView(this.logoutView);
> }
>
> public void setTicketGrantingTicketCookieGenerator(final
> CookieRetrievingCookieGenerator ticketGrantingTicketCookieGenerator) {
> this.ticketGrantingTicketCookieGenerator =
> ticketGrantingTicketCookieGenerator;
> }
>
> public void setWarnCookieGenerator(final
> CookieRetrievingCookieGenerator warnCookieGenerator) {
> this.warnCookieGenerator = warnCookieGenerator;
> }
> /**
> * @param centralAuthenticationService The
> centralAuthenticationService to
> * set.
> */
> public void setCentralAuthenticationService(final
> CentralAuthenticationService centralAuthenticationService) {
> this.centralAuthenticationService =
> centralAuthenticationService;
> }
>
> public void setLogoutView(final String logoutView) {
> this.logoutView = logoutView;
> }
>
> public void setLogoutRegistry(LogoutRegistry logoutRegistry) {
> this.logoutRegistry = logoutRegistry;
> }
> }
> /****************************************************************
> <bean id="logoutController" class="CASLogoffController"
> p:centralAuthenticationService-ref="centralAuthenticationService"
> p:logoutView="casLogoutView"
> p:warnCookieGenerator-ref="warnCookieGenerator"
>
>
> p:ticketGrantingTicketCookieGenerator-ref="ticketGrantingTicketCookieGenerator"
> p:logoutRegistry-ref="logoutRegistry"/>
>
> <bean id="logoutRegistry" class="LogoutRegistry">
> <property name="urlsLogout">
> <list>
> <bean class="UrlLogout" p:url="
> http://localhost:8080/webapp1/logoff.htm"/>
> <bean class="UrlLogout" p:url="
> http://localhost:8080/webapp2/logoff.htm"/>
> </list>
> </property>
> </bean>
>
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
