001/*
002 *  (C) Copyright 2000-2003 Yale University. All rights reserved.
003 *
004 *  THIS SOFTWARE IS PROVIDED "AS IS," AND ANY EXPRESS OR IMPLIED
005 *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
006 *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE EXPRESSLY
007 *  DISCLAIMED. IN NO EVENT SHALL YALE UNIVERSITY OR ITS EMPLOYEES BE
008 *  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
009 *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED, THE COSTS OF
010 *  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA OR
011 *  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
012 *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
013 *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
014 *  SOFTWARE, EVEN IF ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH
015 *  DAMAGE.
016 *
017 *  Redistribution and use of this software in source or binary forms,
018 *  with or without modification, are permitted, provided that the
019 *  following conditions are met:
020 *
021 *  1. Any redistribution must include the above copyright notice and
022 *  disclaimer and this list of conditions in any related documentation
023 *  and, if feasible, in the redistributed software.
024 *
025 *  2. Any redistribution must include the acknowledgment, "This product
026 *  includes software developed by Yale University," in any related
027 *  documentation and, if feasible, in the redistributed software.
028 *
029 *  3. The names "Yale" and "Yale University" must not be used to endorse
030 *  or promote products derived from this software.
031 */
032
033package edu.yale.its.tp.cas.client.taglib;
034
035import java.io.IOException;
036
037import javax.servlet.http.HttpServletResponse;
038import javax.servlet.jsp.JspException;
039import javax.servlet.jsp.JspTagException;
040import javax.servlet.jsp.PageContext;
041import javax.servlet.jsp.tagext.TagSupport;
042
043/**
044 * <p>
045 * Logout tag for use with the Yale Central Authentication Service. Clears the indicated attribute and, if 'scope' is
046 * 'session', also invalidates the session. Finally, redirects to CAS's logout URL.
047 * </p>
048 *
049 * @author Shawn Bayern
050 */
051public class LogoutTag extends TagSupport {
052
053    // *********************************************************************
054    // Internal state
055
056    private String var; // tag attribute
057
058    private String logoutUrl; // tag attribute
059
060    private int scope; // tag attribute
061
062    // *********************************************************************
063    // Tag logic
064
065    public int doStartTag() throws JspException {
066        try {
067
068            // retrieve the response object
069            HttpServletResponse response = (HttpServletResponse) pageContext.getResponse();
070
071            // kill the authentication information
072            pageContext.removeAttribute(var, scope);
073
074            // if scope is SESSION_SCOPE, invalidate the session
075            if (scope == PageContext.SESSION_SCOPE)
076                pageContext.getSession().invalidate();
077
078            // send the redirect
079            response.sendRedirect(logoutUrl);
080
081            return SKIP_BODY;
082
083        } catch (IOException ex) {
084            throw new JspTagException(ex.getMessage());
085        }
086    }
087
088    public int doEndTag() {
089        return SKIP_PAGE;
090    }
091
092    // *********************************************************************
093    // Accessors
094
095    public void setVar(String var) {
096        this.var = var;
097    }
098
099    public void setScope(String scope) {
100        if (scope.equals("page"))
101            this.scope = PageContext.PAGE_SCOPE;
102        else if (scope.equals("request"))
103            this.scope = PageContext.REQUEST_SCOPE;
104        else if (scope.equals("session"))
105            this.scope = PageContext.SESSION_SCOPE;
106        else if (scope.equals("application"))
107            this.scope = PageContext.APPLICATION_SCOPE;
108        else
109            throw new IllegalArgumentException("invalid scope");
110    }
111
112    public void setLogoutUrl(String logoutUrl) {
113        this.logoutUrl = logoutUrl;
114    }
115
116    // *********************************************************************
117    // Constructor and lifecycle management
118
119    public LogoutTag() {
120        super();
121        init();
122    }
123
124    // Releases any resources we may have (or inherit)
125    public void release() {
126        super.release();
127        init();
128    }
129
130    // clears any internal state we might have
131    private void init() {
132        var = logoutUrl = null;
133        scope = PageContext.PAGE_SCOPE;
134    }
135}