Repository: cxf Updated Branches: refs/heads/master af577d218 -> 15ad9bd7e
[CXF-5633] Prototyping Logout Service Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/15ad9bd7 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/15ad9bd7 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/15ad9bd7 Branch: refs/heads/master Commit: 15ad9bd7ea4eddf225d6ad2a774c95e2f4d6ce0e Parents: af577d2 Author: Sergey Beryozkin <[email protected]> Authored: Tue Apr 1 17:05:02 2014 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Tue Apr 1 17:05:02 2014 +0100 ---------------------------------------------------------------------- .../rs/security/saml/sso/LogoutResponse.java | 38 +++++++++++ .../cxf/rs/security/saml/sso/LogoutService.java | 72 ++++++++++++++++++++ 2 files changed, 110 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/15ad9bd7/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/LogoutResponse.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/LogoutResponse.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/LogoutResponse.java new file mode 100644 index 0000000..b702f9c --- /dev/null +++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/LogoutResponse.java @@ -0,0 +1,38 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.saml.sso; + +public class LogoutResponse { + + private String principalName; + private String mainApplicationAddress; + + public LogoutResponse(String principalName, String mainApplicationAddress) { + this.principalName = principalName; + this.mainApplicationAddress = mainApplicationAddress; + } + + public String getPrincipalName() { + return principalName; + } + public String getMainApplicationAddress() { + return mainApplicationAddress; + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/15ad9bd7/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/LogoutService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/LogoutService.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/LogoutService.java new file mode 100644 index 0000000..1dad97a --- /dev/null +++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/LogoutService.java @@ -0,0 +1,72 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.saml.sso; + +import java.util.ResourceBundle; +import java.util.logging.Logger; + +import javax.ws.rs.CookieParam; +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.Cookie; + +import org.apache.cxf.common.i18n.BundleUtils; +import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.jaxrs.utils.ExceptionUtils; +import org.apache.cxf.rs.security.saml.sso.state.SPStateManager; +import org.apache.cxf.security.SecurityContext; + +@Path("logout") +public class LogoutService { + protected static final Logger LOG = LogUtils.getL7dLogger(LogoutService.class); + protected static final ResourceBundle BUNDLE = BundleUtils.getBundle(LogoutService.class); + private SPStateManager stateProvider; + + private String mainApplicationAddress; + + @GET + public LogoutResponse logout(@CookieParam(SSOConstants.SECURITY_CONTEXT_TOKEN) Cookie context, + @Context SecurityContext sc) { + if (context == null || sc.getUserPrincipal() == null || sc.getUserPrincipal().getName() == null) { + reportError("MISSING_RESPONSE_STATE"); + throw ExceptionUtils.toBadRequestException(null, null); + } + stateProvider.removeResponseState(context.getValue()); + // Use View Handler to tell the user that the logout has been successful, + // optionally linking to the main application address - the user may click on it + // and will be redirected to IDP and the process will start again + return new LogoutResponse(sc.getUserPrincipal().getName(), mainApplicationAddress); + } + + protected void reportError(String code) { + org.apache.cxf.common.i18n.Message errorMsg = + new org.apache.cxf.common.i18n.Message(code, BUNDLE); + LOG.warning(errorMsg.toString()); + } + + public void setStateProvider(SPStateManager stateProvider) { + this.stateProvider = stateProvider; + } + + public void setMainApplicationAddress(String mainApplicationAddress) { + this.mainApplicationAddress = mainApplicationAddress; + } + +}
