1 /**
2 * This file Copyright (c) 2003-2014 Magnolia International
3 * Ltd. (http://www.magnolia-cms.com). All rights reserved.
4 *
5 *
6 * This file is dual-licensed under both the Magnolia
7 * Network Agreement and the GNU General Public License.
8 * You may elect to use one or the other of these licenses.
9 *
10 * This file is distributed in the hope that it will be
11 * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12 * implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14 * Redistribution, except as permitted by whichever of the GPL
15 * or MNA you select, is prohibited.
16 *
17 * 1. For the GPL license (GPL), you can redistribute and/or
18 * modify this file under the terms of the GNU General
19 * Public License, Version 3, as published by the Free Software
20 * Foundation. You should have received a copy of the GNU
21 * General Public License, Version 3 along with this program;
22 * if not, write to the Free Software Foundation, Inc., 51
23 * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24 *
25 * 2. For the Magnolia Network Agreement (MNA), this file
26 * and the accompanying materials are made available under the
27 * terms of the MNA which accompanies this distribution, and
28 * is available at http://www.magnolia-cms.com/mna.html
29 *
30 * Any modifications to this file must keep this entire header
31 * intact.
32 *
33 */
34 package info.magnolia.cms.security;
35
36 import info.magnolia.audit.AuditLoggingUtil;
37 import info.magnolia.cms.filters.MgnlFilterChain;
38 import info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter;
39 import info.magnolia.context.Context;
40 import info.magnolia.context.MgnlContext;
41 import info.magnolia.context.UserContext;
42
43 import java.io.IOException;
44
45 import javax.servlet.FilterChain;
46 import javax.servlet.FilterConfig;
47 import javax.servlet.ServletContext;
48 import javax.servlet.ServletException;
49 import javax.servlet.http.HttpServletRequest;
50 import javax.servlet.http.HttpServletResponse;
51
52 import org.slf4j.Logger;
53 import org.slf4j.LoggerFactory;
54
55 /**
56 * Performing the logout operation if the parameter {@value #PARAMETER_LOGOUT} is present.
57 */
58 public class LogoutFilter extends OncePerRequestAbstractMgnlFilter {
59 private static final Logger log = LoggerFactory.getLogger(LogoutFilter.class);
60
61 public static final String PARAMETER_LOGOUT = "mgnlLogout";
62
63 private ServletContext servletContext;
64
65 @Override
66 public void init(FilterConfig filterConfig) throws ServletException {
67 this.servletContext = filterConfig.getServletContext();
68 }
69
70 /**
71 * Check if a request parameter PARAMETER_LOGOUT is set. If so logout user,
72 * unset the context and restart the filter chain.
73 */
74 @Override
75 public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
76 if (null != request.getParameter(PARAMETER_LOGOUT)) {
77 Context ctx = MgnlContext.getInstance();
78 if (ctx instanceof UserContext) {
79 // log before actual op, to preserve username for logging
80 AuditLoggingUtil.log((UserContext)ctx);
81 ((UserContext) ctx).logout();
82 }
83
84 if(request.getSession(false) != null){
85 request.getSession().invalidate();
86 }
87 if (chain instanceof MgnlFilterChain) {
88 ((MgnlFilterChain) chain).reset();
89 }
90
91 response.sendRedirect(resolveLogoutRedirectLink(request));
92 }
93
94 chain.doFilter(request, response);
95 }
96
97 protected String resolveLogoutRedirectLink(HttpServletRequest request){
98 return request.getRequestURL().toString();
99 }
100 }