cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gonza...@apache.org
Subject [cxf-fediz] branch 1.4.x-fixes updated: FEDIZ-212: fix logout when no httpSession present
Date Tue, 14 Nov 2017 17:49:35 GMT
This is an automated email from the ASF dual-hosted git repository.

gonzalad pushed a commit to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git


The following commit(s) were added to refs/heads/1.4.x-fixes by this push:
     new 3d814e0  FEDIZ-212: fix logout when no httpSession present
3d814e0 is described below

commit 3d814e0b92536d7096afb79c4115a0b5f3780f86
Author: gonzalad <adr_gonzalez@yahoo.fr>
AuthorDate: Tue Nov 14 18:49:33 2017 +0100

    FEDIZ-212: fix logout when no httpSession present
    
    * FEDIZ-212: fix logout when no httpSession present
    
    Add allowAnonymousLogout attribute.
    
    When this attribute is explicitly set to true, if a non-logged-in user
    tries to logout, logout process continues without raising a OAuthServiceException.
    
    Otherwise, it works as before : OIDC throws a OAuthServiceException if a non
    logged-in user tries to logout.
---
 .../fediz/service/oidc/logout/LogoutService.java   | 27 ++++++++++++++--------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutService.java
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutService.java
index 7dff3b8..997d43d 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutService.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutService.java
@@ -58,6 +58,7 @@ public class LogoutService extends JoseJwtConsumer {
     private FedizSubjectCreator subjectCreator = new FedizSubjectCreator();
     private BackChannelLogoutHandler backChannelLogoutHandler;
     private List<LogoutHandler> logoutHandlers;
+    private boolean allowAnonymousLogout;
 
     @POST
     public Response initiateLogoutPost(MultivaluedMap<String, String> params) {
@@ -71,18 +72,22 @@ public class LogoutService extends JoseJwtConsumer {
     protected Response doInitiateLogout(MultivaluedMap<String, String> params) {
 
         IdToken idTokenHint = getIdTokenHint(params);
-        OidcUserSubject subject = subjectCreator.createUserSubject(mc, params);
-
         Client client = getClient(params, idTokenHint);
-        if (backChannelLogoutHandler != null) {
-            backChannelLogoutHandler.handleLogout(client, subject, idTokenHint);
-        }
-        if (logoutHandlers != null) {
 
-            for (LogoutHandler handler : logoutHandlers) {
-                handler.handleLogout(client, subject);
+        if (!allowAnonymousLogout || mc.getSecurityContext().getUserPrincipal() != null)
{
+            OidcUserSubject subject = subjectCreator.createUserSubject(mc, params);
+
+            if (backChannelLogoutHandler != null) {
+                backChannelLogoutHandler.handleLogout(client, subject, idTokenHint);
+            }
+            if (logoutHandlers != null) {
+
+                for (LogoutHandler handler : logoutHandlers) {
+                    handler.handleLogout(client, subject);
+                }
             }
         }
+
         // Clear OIDC session now
         mc.getHttpServletRequest().getSession().invalidate();
 
@@ -113,7 +118,7 @@ public class LogoutService extends JoseJwtConsumer {
         String clientLogoutUriParam = params.getFirst(CLIENT_LOGOUT_URI);
         if (uris.length > 1) {
             if (clientLogoutUriParam == null
-                || !new HashSet<>(Arrays.asList(uris)).contains(clientLogoutUriParam))
{
+                    || !new HashSet<>(Arrays.asList(uris)).contains(clientLogoutUriParam))
{
                 throw new BadRequestException();
             }
             uriStr = clientLogoutUriParam;
@@ -177,6 +182,10 @@ public class LogoutService extends JoseJwtConsumer {
         this.backChannelLogoutHandler = handler;
     }
 
+    public void setAllowAnonymousLogout(boolean allowAnonymousLogout) {
+        this.allowAnonymousLogout = allowAnonymousLogout;
+    }
+
     public void close() {
         if (backChannelLogoutHandler != null) {
             backChannelLogoutHandler.close();

-- 
To stop receiving notification emails like this one, please contact
['"commits@cxf.apache.org" <commits@cxf.apache.org>'].

Mime
View raw message