001/* 002 * (C) Copyright 2000-2003 Yale University. All rights reserved. 003 * 004 * THIS SOFTWARE IS PROVIDED "AS IS," AND ANY EXPRESS OR IMPLIED 005 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 006 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE EXPRESSLY 007 * DISCLAIMED. IN NO EVENT SHALL YALE UNIVERSITY OR ITS EMPLOYEES BE 008 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 009 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED, THE COSTS OF 010 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA OR 011 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 012 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 013 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 014 * SOFTWARE, EVEN IF ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH 015 * DAMAGE. 016 * 017 * Redistribution and use of this software in source or binary forms, 018 * with or without modification, are permitted, provided that the 019 * following conditions are met: 020 * 021 * 1. Any redistribution must include the above copyright notice and 022 * disclaimer and this list of conditions in any related documentation 023 * and, if feasible, in the redistributed software. 024 * 025 * 2. Any redistribution must include the acknowledgment, "This product 026 * includes software developed by Yale University," in any related 027 * documentation and, if feasible, in the redistributed software. 028 * 029 * 3. The names "Yale" and "Yale University" must not be used to endorse 030 * or promote products derived from this software. 031 */ 032 033package edu.yale.its.tp.cas.client.taglib; 034 035import java.io.IOException; 036 037import javax.servlet.http.HttpServletResponse; 038import javax.servlet.jsp.JspException; 039import javax.servlet.jsp.JspTagException; 040import javax.servlet.jsp.PageContext; 041import javax.servlet.jsp.tagext.TagSupport; 042 043/** 044 * <p> 045 * Logout tag for use with the Yale Central Authentication Service. Clears the indicated attribute and, if 'scope' is 046 * 'session', also invalidates the session. Finally, redirects to CAS's logout URL. 047 * </p> 048 * 049 * @author Shawn Bayern 050 */ 051public class LogoutTag extends TagSupport { 052 053 // ********************************************************************* 054 // Internal state 055 056 private String var; // tag attribute 057 058 private String logoutUrl; // tag attribute 059 060 private int scope; // tag attribute 061 062 // ********************************************************************* 063 // Tag logic 064 065 public int doStartTag() throws JspException { 066 try { 067 068 // retrieve the response object 069 HttpServletResponse response = (HttpServletResponse) pageContext.getResponse(); 070 071 // kill the authentication information 072 pageContext.removeAttribute(var, scope); 073 074 // if scope is SESSION_SCOPE, invalidate the session 075 if (scope == PageContext.SESSION_SCOPE) 076 pageContext.getSession().invalidate(); 077 078 // send the redirect 079 response.sendRedirect(logoutUrl); 080 081 return SKIP_BODY; 082 083 } catch (IOException ex) { 084 throw new JspTagException(ex.getMessage()); 085 } 086 } 087 088 public int doEndTag() { 089 return SKIP_PAGE; 090 } 091 092 // ********************************************************************* 093 // Accessors 094 095 public void setVar(String var) { 096 this.var = var; 097 } 098 099 public void setScope(String scope) { 100 if (scope.equals("page")) 101 this.scope = PageContext.PAGE_SCOPE; 102 else if (scope.equals("request")) 103 this.scope = PageContext.REQUEST_SCOPE; 104 else if (scope.equals("session")) 105 this.scope = PageContext.SESSION_SCOPE; 106 else if (scope.equals("application")) 107 this.scope = PageContext.APPLICATION_SCOPE; 108 else 109 throw new IllegalArgumentException("invalid scope"); 110 } 111 112 public void setLogoutUrl(String logoutUrl) { 113 this.logoutUrl = logoutUrl; 114 } 115 116 // ********************************************************************* 117 // Constructor and lifecycle management 118 119 public LogoutTag() { 120 super(); 121 init(); 122 } 123 124 // Releases any resources we may have (or inherit) 125 public void release() { 126 super.release(); 127 init(); 128 } 129 130 // clears any internal state we might have 131 private void init() { 132 var = logoutUrl = null; 133 scope = PageContext.PAGE_SCOPE; 134 } 135}