/** * Destroys the current HTTP session for the given CAS logout request. * * @param request HTTP request containing a CAS logout message. */ public void destroySession(final HttpServletRequest request) { final String logoutMessage = CommonUtils.safeGetParameter(request, this.logoutParameterName); if (log.isTraceEnabled()) { log.trace ("Logout request:\n" + logoutMessage); } final String token = XmlUtils.getTextForElement(logoutMessage, "SessionIndex"); if (CommonUtils.isNotBlank(token)) { final HttpSession session = this.sessionMappingStorage.removeSessionByMappingId(token); if (session != null) { String sessionID = session.getId(); if (log.isDebugEnabled()) { log.debug ("Invalidating session [" + sessionID + "] for token [" + token + "]"); } try { session.invalidate(); } catch (final IllegalStateException e) { log.debug("Error invalidating session.", e); } } } } }
final String token = XmlUtils.getTextForElement(logoutMessage, "SessionIndex"); if (CommonUtils.isNotBlank(token)) { final HttpSession session = this.sessionMappingStorage.removeSessionByMappingId(token);
@Test public void tokenRequestFailsIfNoSession() { handler.setEagerlyCreateSessions(false); request.setSession(null); request.setParameter(ARTIFACT_PARAMETER_NAME, TICKET); request.setQueryString(ARTIFACT_PARAMETER_NAME + "=" + TICKET); assertTrue(handler.process(request, response)); final SessionMappingStorage storage = handler.getSessionMappingStorage(); assertNull(storage.removeSessionByMappingId(TICKET)); }
@Test public void tokenRequestOK() { final MockHttpSession session = new MockHttpSession(); request.setSession(session); request.setParameter(ARTIFACT_PARAMETER_NAME, TICKET); request.setQueryString(ARTIFACT_PARAMETER_NAME + "=" + TICKET); assertTrue(handler.process(request, response)); final SessionMappingStorage storage = handler.getSessionMappingStorage(); assertEquals(session, storage.removeSessionByMappingId(TICKET)); }
@Test public void tokenRequestFailsIfBadParameter() { final MockHttpSession session = new MockHttpSession(); request.setSession(session); request.setParameter(ANOTHER_PARAMETER, TICKET); request.setQueryString(ANOTHER_PARAMETER + "=" + TICKET); assertTrue(handler.process(request, response)); final SessionMappingStorage storage = handler.getSessionMappingStorage(); assertNull(storage.removeSessionByMappingId(TICKET)); }
@Test public void tokenRequest() throws IOException, ServletException { request.setParameter(Protocol.CAS2.getArtifactParameterName(), TICKET); request.setQueryString(Protocol.CAS2.getArtifactParameterName() + "=" + TICKET); final MockHttpSession session = new MockHttpSession(); request.setSession(session); filter.doFilter(request, response, filterChain); assertEquals(session, SingleSignOutFilter.getSingleSignOutHandler().getSessionMappingStorage().removeSessionByMappingId(TICKET)); }
@Test public void backChannelRequest() throws IOException, ServletException { request.setParameter(ConfigurationKeys.LOGOUT_PARAMETER_NAME.getDefaultValue(), LogoutMessageGenerator.generateBackChannelLogoutMessage(TICKET)); request.setMethod("POST"); final MockHttpSession session = new MockHttpSession(); SingleSignOutFilter.getSingleSignOutHandler().getSessionMappingStorage().addSessionById(TICKET, session); filter.doFilter(request, response, filterChain); assertNull(SingleSignOutFilter.getSingleSignOutHandler().getSessionMappingStorage().removeSessionByMappingId(TICKET)); }
assertTrue(auth.getAuthorities().contains(new GeoServerRole(derivedRole))); assertNotNull(GeoServerCasAuthenticationFilter.getHandler().getSessionMappingStorage() .removeSessionByMappingId(ticket)); helper.ssoLogout(); assertEquals(1, auth.getAuthorities().size()); assertNotNull(GeoServerCasAuthenticationFilter.getHandler().getSessionMappingStorage() .removeSessionByMappingId(ticket)); helper.ssoLogout(); assertTrue(auth.getAuthorities().contains(GeoServerRole.ADMIN_ROLE)); assertNotNull(GeoServerCasAuthenticationFilter.getHandler().getSessionMappingStorage() .removeSessionByMappingId(ticket)); helper.ssoLogout(); assertNull(SecurityContextHolder.getContext().getAuthentication()); assertNull(GeoServerCasAuthenticationFilter.getHandler().getSessionMappingStorage() .removeSessionByMappingId(ticket)); updateUser("ug1", username, true); helper.ssoLogout(); assertNull(SecurityContextHolder.getContext().getAuthentication()); assertNull(GeoServerCasAuthenticationFilter.getHandler().getSessionMappingStorage() .removeSessionByMappingId(ticket)); helper.ssoLogout(); assertNotNull(proxyTicket); assertNotNull(GeoServerCasAuthenticationFilter.getHandler().getSessionMappingStorage() .removeSessionByMappingId(ticket));
@Test public void frontChannelRequest() throws IOException, ServletException { final String logoutMessage = LogoutMessageGenerator.generateFrontChannelLogoutMessage(TICKET); request.setParameter(ConfigurationKeys.LOGOUT_PARAMETER_NAME.getDefaultValue(), logoutMessage); request.setQueryString(ConfigurationKeys.LOGOUT_PARAMETER_NAME.getDefaultValue() + "=" + logoutMessage); request.setMethod("GET"); final MockHttpSession session = new MockHttpSession(); SingleSignOutFilter.getSingleSignOutHandler().getSessionMappingStorage().addSessionById(TICKET, session); filter.doFilter(request, response, filterChain); assertNull(SingleSignOutFilter.getSingleSignOutHandler().getSessionMappingStorage().removeSessionByMappingId(TICKET)); assertNull(response.getRedirectedUrl()); }
@Test public void frontChannelRequestRelayState() throws IOException, ServletException { final String logoutMessage = LogoutMessageGenerator.generateFrontChannelLogoutMessage(TICKET); request.setParameter(ConfigurationKeys.LOGOUT_PARAMETER_NAME.getDefaultValue(), logoutMessage); request.setParameter(ConfigurationKeys.RELAY_STATE_PARAMETER_NAME.getDefaultValue(), RELAY_STATE); request.setQueryString(ConfigurationKeys.LOGOUT_PARAMETER_NAME.getDefaultValue() + "=" + logoutMessage + "&" + ConfigurationKeys.RELAY_STATE_PARAMETER_NAME.getDefaultValue() + "=" + RELAY_STATE); request.setMethod("GET"); final MockHttpSession session = new MockHttpSession(); SingleSignOutFilter.getSingleSignOutHandler().getSessionMappingStorage().addSessionById(TICKET, session); filter.doFilter(request, response, filterChain); assertNull(SingleSignOutFilter.getSingleSignOutHandler().getSessionMappingStorage().removeSessionByMappingId(TICKET)); } }
.removeSessionByMappingId(ticket)); helper.ssoLogout();
.removeSessionByMappingId(proxyTicket)); helper.ssoLogout();