001/* 002 * (C) Copyright 2006-2007 Nuxeo SAS (http://nuxeo.com/) and contributors. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the GNU Lesser General Public License 006 * (LGPL) version 2.1 which accompanies this distribution, and is available at 007 * http://www.gnu.org/licenses/lgpl.html 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * Contributors: 015 * Nuxeo - initial API and implementation 016 * 017 * $Id$ 018 */ 019 020package org.nuxeo.ecm.webapp.action; 021 022import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.DISABLE_REDIRECT_REQUEST_KEY; 023import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.FORCE_ANONYMOUS_LOGIN; 024import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.LOGOUT_PAGE; 025 026import java.io.IOException; 027import java.io.Serializable; 028import java.security.Principal; 029import java.util.HashMap; 030import java.util.Map; 031 032import javax.faces.context.ExternalContext; 033import javax.faces.context.FacesContext; 034import javax.servlet.http.HttpServletRequest; 035import javax.servlet.http.HttpServletResponse; 036 037import org.jboss.seam.ScopeType; 038import org.jboss.seam.annotations.Name; 039import org.jboss.seam.annotations.Scope; 040import org.nuxeo.common.utils.URIUtils; 041import org.nuxeo.ecm.core.api.NuxeoPrincipal; 042import org.nuxeo.ecm.platform.ui.web.util.BaseURL; 043import org.nuxeo.ecm.webapp.base.InputController; 044 045/** 046 * Logs the user in/out. 047 * 048 * @author <a href="mailto:rcaraghin@nuxeo.com">Razvan Caraghin</a> 049 */ 050@Name("loginLogoutAction") 051@Scope(ScopeType.STATELESS) 052public class LogoutAction extends InputController implements Serializable { 053 054 private static final long serialVersionUID = 1L; 055 056 public String login() { 057 return navigationContext.goHome(); 058 } 059 060 /** 061 * Logs the user out. Invalidates the HTTP session so that it cannot be used anymore. 062 * 063 * @return the next page that is going to be displayed 064 */ 065 public static String logout() throws IOException { 066 Map<String, String> parameters = new HashMap<String, String>(); 067 FacesContext context = FacesContext.getCurrentInstance(); 068 ExternalContext eContext = context.getExternalContext(); 069 Object req = eContext.getRequest(); 070 Object resp = eContext.getResponse(); 071 HttpServletRequest request = null; 072 if (req instanceof HttpServletRequest) { 073 request = (HttpServletRequest) req; 074 } 075 HttpServletResponse response = null; 076 if (resp instanceof HttpServletResponse) { 077 response = (HttpServletResponse) resp; 078 } 079 Principal principal = request.getUserPrincipal(); 080 if (principal instanceof NuxeoPrincipal) { 081 NuxeoPrincipal nuxeoPrincipal = (NuxeoPrincipal) principal; 082 if (nuxeoPrincipal.isAnonymous()) { 083 parameters.put(FORCE_ANONYMOUS_LOGIN, "true"); 084 } 085 } 086 if (response != null && request != null && !context.getResponseComplete()) { 087 String baseURL = BaseURL.getBaseURL(request) + LOGOUT_PAGE; 088 request.setAttribute(DISABLE_REDIRECT_REQUEST_KEY, true); 089 baseURL = URIUtils.addParametersToURIQuery(baseURL, parameters); 090 response.sendRedirect(baseURL); 091 context.responseComplete(); 092 } 093 return null; 094 } 095 096}