View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.syncope.client.ui.commons.resources.oidcc4ui;
20  
21  import javax.servlet.http.HttpServletRequest;
22  import javax.ws.rs.core.HttpHeaders;
23  import javax.ws.rs.core.Response;
24  import org.apache.commons.lang3.StringUtils;
25  import org.apache.syncope.client.ui.commons.BaseSession;
26  import org.apache.syncope.client.ui.commons.annotations.Resource;
27  import org.apache.syncope.client.ui.commons.panels.OIDCC4UIConstants;
28  import org.apache.syncope.common.lib.oidc.OIDCRequest;
29  import org.apache.syncope.common.rest.api.service.OIDCC4UIService;
30  import org.apache.wicket.Session;
31  import org.apache.wicket.request.resource.AbstractResource;
32  
33  @Resource(
34          key = OIDCC4UIConstants.URL_CONTEXT + ".beforeLogout",
35          path = "/" + OIDCC4UIConstants.URL_CONTEXT + "/before-logout")
36  public class BeforeLogoutResource extends AbstractResource {
37  
38      private static final long serialVersionUID = 273797583932923564L;
39  
40      @Override
41      protected ResourceResponse newResourceResponse(final Attributes attributes) {
42          HttpServletRequest request = (HttpServletRequest) attributes.getRequest().getContainerRequest();
43          String postLogoutRedirectURI = StringUtils.substringBefore(
44                  request.getRequestURL().toString(), "/before-logout") + "/logout";
45  
46          OIDCC4UIService service = BaseSession.class.cast(Session.get()).getService(OIDCC4UIService.class);
47          OIDCRequest logoutRequest = service.createLogoutRequest(postLogoutRedirectURI);
48  
49          ResourceResponse response = new ResourceResponse();
50          response.setStatusCode(Response.Status.FOUND.getStatusCode());
51          response.getHeaders().addHeader(HttpHeaders.CACHE_CONTROL, "no-cache, no-store");
52          response.getHeaders().addHeader("Pragma", "no-cache");
53          response.getHeaders().addHeader(HttpHeaders.LOCATION, logoutRequest.getLocation());
54  
55          Session.get().invalidate();
56  
57          return response;
58      }
59  }