The newest JASIG CAS Client includes a filter that is compatible with Spring
Security for handling Single Sign Out.
-Scott
On Tue, Apr 22, 2008 at 5:41 PM, Axel Mendoza Pupo <[EMAIL PROTECTED]>
wrote:
> I found this filter in the Spring forum to receive the serviceId, I work
> with acegi 1.04 with some modifications to store the serviced and with
> the Updater facade I can expire the session having the serviced. If you
> use the Jasig client then inject the session map, get the session with
> serviceId and invalidate. In CAS 3.2.1 the POST request to logout is
> done sucefully. Note that if you use Acegi this filter most be before
> AutenticationProcessingFilter to receive the request first, the same to
> any filter who process the service url.
>
> public class CASSamlLogoutFilter implements Filter, InitializingBean{
>
> private String filterProcessesUrl;
> private Updater updater;
>
> public void setUpdater(Updater updater) {
> this.updater = updater;
> }
>
> public void setFilterProcessesUrl( String s )
> {
> this.filterProcessesUrl = s;
> }
>
> public void afterPropertiesSet() throws Exception
> {
>
> Assert.hasLength(this.filterProcessesUrl,"filterProcessesUrl must be
> specified");
> Assert.notNull(updater, "updater most be set");
> }
>
> public void init( FilterConfig config ) throws ServletException
> { }
>
> public void destroy() { }
>
> public void doFilter(
> ServletRequest request, ServletResponse response,
> FilterChain chain )
> throws ServletException, IOException
> {
> if(! (request instanceof HttpServletRequest) )
> {
> throw new ServletException("Can only process
> HttpServletRequest");
> }
>
> if(! (response instanceof HttpServletResponse) )
> {
> throw new ServletException("Can only process
> HttpServletResponse");
> }
>
> HttpServletRequest httpRequest =
> (HttpServletRequest) request;
> HttpServletResponse httpResponse =
> (HttpServletResponse) response;
>
> if( processLogout(httpRequest) )
> {
> return;
> }
>
> chain.doFilter(request, response);
> }
>
> protected boolean processLogout( HttpServletRequest
> request )
> throws IOException
> {
> if(! request.getMethod().equalsIgnoreCase("POST") )
> {
> return false;
> }
>
> String uri = request.getRequestURI();
>
> // strip everything after the first semi-colon
> int pathParamIndex = uri.indexOf(';');
> if( pathParamIndex > 0 )
> {
> uri = uri.substring(0, pathParamIndex);
> }
>
> if(! uri.endsWith(request.getContextPath() +
> this.filterProcessesUrl) )
> {
> return false;
> }
>
> String sTicket = null;
>
> BufferedReader reader = request.getReader();
>
> String line = null;
> while( (line = reader.readLine()) != null )
> {//URLDecoder.decode(arg0)
> if( line.startsWith("logoutRequest=") )
> {
> int start =
> line.indexOf("%3Csamlp%3ASessionIndex%3E");
> int end =
> line.indexOf("%3C%2Fsamlp%3ASessionIndex%3E");
>
> if( start > -1 && start < end )
> {
> sTicket = line.substring(
> start +
> "%3Csamlp%3ASessionIndex%3E".length(),
> end);
> }
> }
> }
>
> reader.close();
>
> if( sTicket != null )
> {
> updater.expirarSession(sTicket);
> }
>
> return true;
> }
>
> }
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
