001/* 002 * (C) Copyright 2000-2003 Yale University. All rights reserved. 003 * 004 * THIS SOFTWARE IS PROVIDED "AS IS," AND ANY EXPRESS OR IMPLIED 005 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 006 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE EXPRESSLY 007 * DISCLAIMED. IN NO EVENT SHALL YALE UNIVERSITY OR ITS EMPLOYEES BE 008 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 009 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED, THE COSTS OF 010 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA OR 011 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 012 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 013 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 014 * SOFTWARE, EVEN IF ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH 015 * DAMAGE. 016 * 017 * Redistribution and use of this software in source or binary forms, 018 * with or without modification, are permitted, provided that the 019 * following conditions are met: 020 * 021 * 1. Any redistribution must include the above copyright notice and 022 * disclaimer and this list of conditions in any related documentation 023 * and, if feasible, in the redistributed software. 024 * 025 * 2. Any redistribution must include the acknowledgment, "This product 026 * includes software developed by Yale University," in any related 027 * documentation and, if feasible, in the redistributed software. 028 * 029 * 3. The names "Yale" and "Yale University" must not be used to endorse 030 * or promote products derived from this software. 031 */ 032 033package edu.yale.its.tp.cas.client.taglib; 034 035import java.io.IOException; 036 037import javax.servlet.http.HttpServletResponse; 038import javax.servlet.jsp.JspException; 039import javax.servlet.jsp.JspTagException; 040import javax.servlet.jsp.PageContext; 041import javax.servlet.jsp.tagext.TagSupport; 042 043/** 044 * <p> 045 * Logout tag for use with the Yale Central Authentication Service. Clears the indicated attribute and, if 'scope' is 046 * 'session', also invalidates the session. Finally, redirects to CAS's logout URL. 047 * </p> 048 * 049 * @author Shawn Bayern 050 */ 051public class LogoutTag extends TagSupport { 052 053 // ********************************************************************* 054 // Internal state 055 056 private static final long serialVersionUID = 1L; 057 058 private String var; // tag attribute 059 060 private String logoutUrl; // tag attribute 061 062 private int scope; // tag attribute 063 064 // ********************************************************************* 065 // Tag logic 066 067 @Override 068 public int doStartTag() throws JspException { 069 try { 070 071 // retrieve the response object 072 HttpServletResponse response = (HttpServletResponse) pageContext.getResponse(); 073 074 // kill the authentication information 075 pageContext.removeAttribute(var, scope); 076 077 // if scope is SESSION_SCOPE, invalidate the session 078 if (scope == PageContext.SESSION_SCOPE) 079 pageContext.getSession().invalidate(); 080 081 // send the redirect 082 response.sendRedirect(logoutUrl); 083 084 return SKIP_BODY; 085 086 } catch (IOException ex) { 087 throw new JspTagException(ex.getMessage()); 088 } 089 } 090 091 @Override 092 public int doEndTag() { 093 return SKIP_PAGE; 094 } 095 096 // ********************************************************************* 097 // Accessors 098 099 public void setVar(String var) { 100 this.var = var; 101 } 102 103 public void setScope(String scope) { 104 if (scope.equals("page")) 105 this.scope = PageContext.PAGE_SCOPE; 106 else if (scope.equals("request")) 107 this.scope = PageContext.REQUEST_SCOPE; 108 else if (scope.equals("session")) 109 this.scope = PageContext.SESSION_SCOPE; 110 else if (scope.equals("application")) 111 this.scope = PageContext.APPLICATION_SCOPE; 112 else 113 throw new IllegalArgumentException("invalid scope"); 114 } 115 116 public void setLogoutUrl(String logoutUrl) { 117 this.logoutUrl = logoutUrl; 118 } 119 120 // ********************************************************************* 121 // Constructor and lifecycle management 122 123 public LogoutTag() { 124 super(); 125 init(); 126 } 127 128 // Releases any resources we may have (or inherit) 129 @Override 130 public void release() { 131 super.release(); 132 init(); 133 } 134 135 // clears any internal state we might have 136 private void init() { 137 var = logoutUrl = null; 138 scope = PageContext.PAGE_SCOPE; 139 } 140}