001/* 002 * (C) Copyright 2006-2007 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Nuxeo - initial API and implementation 018 * 019 * $Id$ 020 */ 021 022package org.nuxeo.ecm.webapp.action; 023 024import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.DISABLE_REDIRECT_REQUEST_KEY; 025import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.FORCE_ANONYMOUS_LOGIN; 026import static org.nuxeo.ecm.platform.ui.web.auth.NXAuthConstants.LOGOUT_PAGE; 027 028import java.io.IOException; 029import java.io.Serializable; 030import java.security.Principal; 031import java.util.HashMap; 032import java.util.Map; 033 034import javax.faces.context.ExternalContext; 035import javax.faces.context.FacesContext; 036import javax.servlet.http.HttpServletRequest; 037import javax.servlet.http.HttpServletResponse; 038 039import org.jboss.seam.ScopeType; 040import org.jboss.seam.annotations.Name; 041import org.jboss.seam.annotations.Scope; 042import org.nuxeo.common.utils.URIUtils; 043import org.nuxeo.ecm.core.api.NuxeoPrincipal; 044import org.nuxeo.ecm.platform.ui.web.util.BaseURL; 045import org.nuxeo.ecm.webapp.base.InputController; 046 047/** 048 * Logs the user in/out. 049 * 050 * @author <a href="mailto:rcaraghin@nuxeo.com">Razvan Caraghin</a> 051 */ 052@Name("loginLogoutAction") 053@Scope(ScopeType.STATELESS) 054public class LogoutAction extends InputController implements Serializable { 055 056 private static final long serialVersionUID = 1L; 057 058 public String login() { 059 return navigationContext.goHome(); 060 } 061 062 /** 063 * Logs the user out. Invalidates the HTTP session so that it cannot be used anymore. 064 * 065 * @return the next page that is going to be displayed 066 */ 067 public static String logout() throws IOException { 068 Map<String, String> parameters = new HashMap<String, String>(); 069 FacesContext context = FacesContext.getCurrentInstance(); 070 ExternalContext eContext = context.getExternalContext(); 071 Object req = eContext.getRequest(); 072 Object resp = eContext.getResponse(); 073 HttpServletRequest request = null; 074 if (req instanceof HttpServletRequest) { 075 request = (HttpServletRequest) req; 076 } 077 HttpServletResponse response = null; 078 if (resp instanceof HttpServletResponse) { 079 response = (HttpServletResponse) resp; 080 } 081 Principal principal = request.getUserPrincipal(); 082 if (principal instanceof NuxeoPrincipal) { 083 NuxeoPrincipal nuxeoPrincipal = (NuxeoPrincipal) principal; 084 if (nuxeoPrincipal.isAnonymous()) { 085 parameters.put(FORCE_ANONYMOUS_LOGIN, "true"); 086 } 087 } 088 if (response != null && request != null && !context.getResponseComplete()) { 089 String baseURL = BaseURL.getBaseURL(request) + LOGOUT_PAGE; 090 request.setAttribute(DISABLE_REDIRECT_REQUEST_KEY, true); 091 baseURL = URIUtils.addParametersToURIQuery(baseURL, parameters); 092 response.sendRedirect(baseURL); 093 context.responseComplete(); 094 } 095 return null; 096 } 097 098}