Reformatted LogoutFilter.

2007-08-27 16:56:33 +00:00 · 2007-08-27 16:56:33 +00:00 · 82599a72ba
parent f8689b18b2
commit 82599a72ba
1 changed files with 105 additions and 115 deletions
--- a/core/src/main/java/org/acegisecurity/ui/logout/LogoutFilter.java
+++ b/core/src/main/java/org/acegisecurity/ui/logout/LogoutFilter.java
@ -35,145 +35,135 @@ import org.springframework.util.Assert;
 /**
 * Logs a principal out.
 * <p>
- * Polls a series of {@link LogoutHandler}s. The handlers should be specified
+ * Polls a series of {@link LogoutHandler}s. The handlers should be specified in the order they are required.
- * in the order they are required. Generally you will want to call logout
+ * Generally you will want to call logout handlers <code>TokenBasedRememberMeServices</code> and
 * handlers <code>TokenBasedRememberMeServices</code> and
 * <code>SecurityContextLogoutHandler</code> (in that order).
 * </p>
 * <p>
 * After logout, the URL specified by {@link #logoutSuccessUrl} will be shown.
 * </p>
 * <p>
- * <b>Do not use this class directly.</b> Instead configure
+ * <b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the
- * <code>web.xml</code> to use the {@link
+ * {@link org.acegisecurity.util.FilterToBeanProxy}.
 * org.acegisecurity.util.FilterToBeanProxy}.
 * </p>
- * 
+ *
 * @author Ben Alex
 * @version $Id$
 */
 public class LogoutFilter implements Filter {
-	// ~ Static fields/initializers
+    //~ Static fields/initializers =====================================================================================
 	// =====================================================================================
-	private static final Log logger = LogFactory.getLog(LogoutFilter.class);
+    private static final Log logger = LogFactory.getLog(LogoutFilter.class);
-	// ~ Instance fields
+    //~ Instance fields ================================================================================================
 	// ================================================================================================
-	private String filterProcessesUrl = "/j_acegi_logout";
+    private String filterProcessesUrl = "/j_acegi_logout";
    private String logoutSuccessUrl;
    private LogoutHandler[] handlers;
-	private String logoutSuccessUrl;
+    //~ Constructors ===================================================================================================
-	private LogoutHandler[] handlers;
+    public LogoutFilter(String logoutSuccessUrl, LogoutHandler[] handlers) {
        Assert.hasText(logoutSuccessUrl, "LogoutSuccessUrl required");
        Assert.notEmpty(handlers, "LogoutHandlers are required");
        this.logoutSuccessUrl = logoutSuccessUrl;
        this.handlers = handlers;
    }
-	// ~ Constructors
+    //~ Methods ========================================================================================================
 	// ===================================================================================================
-	public LogoutFilter(String logoutSuccessUrl, LogoutHandler[] handlers) {
+    /**
-		Assert.hasText(logoutSuccessUrl, "LogoutSuccessUrl required");
+     * Not used. Use IoC container lifecycle methods instead.
-		Assert.notEmpty(handlers, "LogoutHandlers are required");
+     */
-		this.logoutSuccessUrl = logoutSuccessUrl;
+    public void destroy() {
-		this.handlers = handlers;
+    }
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
            ServletException {
        if (!(request instanceof HttpServletRequest)) {
            throw new ServletException("Can only process HttpServletRequest");
        }
        if (!(response instanceof HttpServletResponse)) {
            throw new ServletException("Can only process HttpServletResponse");
        }
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        if (requiresLogout(httpRequest, httpResponse)) {
            Authentication auth = SecurityContextHolder.getContext().getAuthentication();
            if (logger.isDebugEnabled()) {
                logger.debug("Logging out user '" + auth + "' and redirecting to logout page");
            }
            for (int i = 0; i < handlers.length; i++) {
                handlers[i].logout(httpRequest, httpResponse, auth);
            }
            sendRedirect(httpRequest, httpResponse, logoutSuccessUrl);
            return;
        }
        chain.doFilter(request, response);
    }
    /**
     * Not used. Use IoC container lifecycle methods instead.
     *
     * @param arg0 ignored
     *
     * @throws ServletException ignored
     */
    public void init(FilterConfig arg0) throws ServletException {
 	}
-	// ~ Methods
+    /**
-	// ========================================================================================================
+     * Allow subclasses to modify when a logout should take place.
     *
     * @param request the request
     * @param response the response
     *
     * @return <code>true</code> if logout should occur, <code>false</code> otherwise
     */
    protected boolean requiresLogout(HttpServletRequest request, HttpServletResponse response) {
        String uri = request.getRequestURI();
        int pathParamIndex = uri.indexOf(';');
-	/**
+        if (pathParamIndex > 0) {
-	 * Not used. Use IoC container lifecycle methods instead.
+            // strip everything after the first semi-colon
-	 */
+            uri = uri.substring(0, pathParamIndex);
-	public void destroy() {
+        }
 	}
-	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
+        if ("".equals(request.getContextPath())) {
-			ServletException {
+            return uri.endsWith(filterProcessesUrl);
-		if (!(request instanceof HttpServletRequest)) {
+        }
 			throw new ServletException("Can only process HttpServletRequest");
 		}
-		if (!(response instanceof HttpServletResponse)) {
+        return uri.endsWith(request.getContextPath() + filterProcessesUrl);
-			throw new ServletException("Can only process HttpServletResponse");
+    }
 		}
-		HttpServletRequest httpRequest = (HttpServletRequest) request;
+    /**
-		HttpServletResponse httpResponse = (HttpServletResponse) response;
+     * Allow subclasses to modify the redirection message.
     *
     * @param request  the request
     * @param response the response
     * @param url      the URL to redirect to
     *
     * @throws IOException in the event of any failure
     */
    protected void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url)
            throws IOException {
        if (!url.startsWith("http://") && !url.startsWith("https://")) {
            url = request.getContextPath() + url;
        }
-		if (requiresLogout(httpRequest, httpResponse)) {
+        response.sendRedirect(response.encodeRedirectURL(url));
-			Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+    }
 			if (logger.isDebugEnabled()) {
 				logger.debug("Logging out user '" + auth + "' and redirecting to logout page");
 			}
 			for (int i = 0; i < handlers.length; i++) {
 				handlers[i].logout(httpRequest, httpResponse, auth);
 			}
 			sendRedirect(httpRequest, httpResponse, logoutSuccessUrl);
 			return;
 		}
 		chain.doFilter(request, response);
 	}
 	/**
 	 * Not used. Use IoC container lifecycle methods instead.
 	 * 
 	 * @param arg0 ignored
 	 * 
 	 * @throws ServletException ignored
 	 */
 	public void init(FilterConfig arg0) throws ServletException {
 	}
 	/**
 	 * Allow subclasses to modify when a logout should tak eplace.
 	 * 
 	 * @param request the request
 	 * @param response the response
 	 * 
 	 * @return <code>true</code> if logout should occur, <code>false</code>
 	 * otherwise
 	 */
 	protected boolean requiresLogout(HttpServletRequest request, HttpServletResponse response) {
 		String uri = request.getRequestURI();
 		int pathParamIndex = uri.indexOf(';');
 		if (pathParamIndex > 0) {
 			// strip everything after the first semi-colon
 			uri = uri.substring(0, pathParamIndex);
 		}
 		if ("".equals(request.getContextPath())) {
 			return uri.endsWith(filterProcessesUrl);
 		}
 		return uri.endsWith(request.getContextPath() + filterProcessesUrl);
 	}
 	/**
 	 * Allow subclasses to modify the redirection message.
 	 * 
 	 * @param request the request
 	 * @param response the response
 	 * @param url the URL to redirect to
 	 * 
 	 * @throws IOException in the event of any failure
 	 */
 	protected void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url)
 			throws IOException {
 		if (!url.startsWith("http://") && !url.startsWith("https://")) {
 			url = request.getContextPath() + url;
 		}
 		response.sendRedirect(response.encodeRedirectURL(url));
 	}
 	public void setFilterProcessesUrl(String filterProcessesUrl) {
 		Assert.hasText(filterProcessesUrl, "FilterProcessesUrl required");
 		this.filterProcessesUrl = filterProcessesUrl;
 	}
    public void setFilterProcessesUrl(String filterProcessesUrl) {
        Assert.hasText(filterProcessesUrl, "FilterProcessesUrl required");
        this.filterProcessesUrl = filterProcessesUrl;
    }
 }