/** * <p> * JASPIC 1.1 specification: if there is an {@code AuthConfigProvider} for the {@code HttpServlet} layer and * application context, then @{@code logout} must acquire a {@code ServerAuthContext} and call {@code cleanSubject} * on the acquired context. * </p> * <p> * The specified {@code Subject} should be non-null and should be the {@code Subject} returning from the most recent * call to {@code validateRequest}. In our case, that {@code Subject} is set in the underlying security context, so * we must retrieve it from there before calling {@code cleanSubject}. * </p> * <p> * Once {@code cleanSubject} returns, {@code logout} must perform the regular (non-JASPIC) {@code logout} processing. * </p> */ @Override public void logout() { if (!isAuthenticated()) return; // call cleanSubject() if there is an AuthConfigProvider for the HttpServlet layer and appContext. String appContext = this.buildAppContext(); if (AuthConfigFactory.getFactory().getConfigProvider(layer, appContext, null) != null) { Subject authenticatedSubject = this.getAuthenticatedSubject(); MessageInfo messageInfo = this.buildMessageInfo(); this.manager.cleanSubject(messageInfo, authenticatedSubject, layer, appContext, handler); } // following the return from cleanSubject(), logout must perform the regular logout processing. super.logout(); }
/** * <p> * JASPIC 1.1 specification: if there is an {@code AuthConfigProvider} for the {@code HttpServlet} layer and * application context, then @{@code logout} must acquire a {@code ServerAuthContext} and call {@code cleanSubject} * on the acquired context. * </p> * <p> * The specified {@code Subject} should be non-null and should be the {@code Subject} returning from the most recent * call to {@code validateRequest}. In our case, that {@code Subject} is set in the underlying security context, so * we must retrieve it from there before calling {@code cleanSubject}. * </p> * <p> * Once {@code cleanSubject} returns, {@code logout} must perform the regular (non-JASPIC) {@code logout} processing. * </p> */ @Override public void logout() { if (!isAuthenticated()) return; // call cleanSubject() if there is an AuthConfigProvider for the HttpServlet layer and appContext. String appContext = this.buildAppContext(); if (AuthConfigFactory.getFactory().getConfigProvider(layer, appContext, null) != null) { Subject authenticatedSubject = this.getAuthenticatedSubject(); MessageInfo messageInfo = this.buildMessageInfo(); this.manager.cleanSubject(messageInfo, authenticatedSubject, layer, appContext, handler); } // following the return from cleanSubject(), logout must perform the regular logout processing. super.logout(); }
/** * <p> * JASPIC 1.1 specification: if there is an {@code AuthConfigProvider} for the {@code HttpServlet} layer and * application context, then @{@code logout} must acquire a {@code ServerAuthContext} and call {@code cleanSubject} * on the acquired context. * </p> * <p> * The specified {@code Subject} should be non-null and should be the {@code Subject} returning from the most recent * call to {@code validateRequest}. In our case, that {@code Subject} is set in the underlying security context, so * we must retrieve it from there before calling {@code cleanSubject}. * </p> * <p> * Once {@code cleanSubject} returns, {@code logout} must perform the regular (non-JASPIC) {@code logout} processing. * </p> */ @Override public void logout() { if (!isAuthenticated()) return; // call cleanSubject() if there is an AuthConfigProvider for the HttpServlet layer and appContext. String appContext = this.buildAppContext(); if (AuthConfigFactory.getFactory().getConfigProvider(layer, appContext, null) != null) { Subject authenticatedSubject = this.getAuthenticatedSubject(); MessageInfo messageInfo = this.buildMessageInfo(); this.manager.cleanSubject(messageInfo, authenticatedSubject, layer, appContext, handler); } // following the return from cleanSubject(), logout must perform the regular logout processing. super.logout(); }