1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.syncope.client.ui.commons.resources.saml2sp4ui;
20
21 import javax.servlet.http.Cookie;
22 import javax.servlet.http.HttpServletRequest;
23 import javax.servlet.http.HttpServletResponse;
24 import javax.ws.rs.HttpMethod;
25 import org.apache.syncope.client.ui.commons.BaseSession;
26 import org.apache.syncope.client.ui.commons.SAML2SP4UIConstants;
27 import org.apache.syncope.common.lib.saml2.SAML2Constants;
28 import org.apache.syncope.common.lib.saml2.SAML2Request;
29 import org.apache.syncope.common.lib.saml2.SAML2Response;
30 import org.apache.syncope.common.rest.api.service.SAML2SP4UIService;
31 import org.apache.wicket.RestartResponseException;
32 import org.apache.wicket.Session;
33 import org.apache.wicket.markup.html.WebPage;
34 import org.apache.wicket.request.mapper.parameter.PageParameters;
35
36 public abstract class LogoutResource extends AbstractSAML2SP4UIResource {
37
38 private static final long serialVersionUID = 4865223550672539533L;
39
40 protected abstract Class<? extends WebPage> getLogoutPageClass();
41
42 protected ResourceResponse doLogout(final SAML2Response saml2Response) {
43 SAML2SP4UIService service = BaseSession.class.cast(Session.get()).getAnonymousService(SAML2SP4UIService.class);
44 service.validateLogoutResponse(saml2Response);
45
46 throw new RestartResponseException(getLogoutPageClass(), new PageParameters());
47 }
48
49 @Override
50 protected ResourceResponse newResourceResponse(final Attributes attributes) {
51 HttpServletRequest request = (HttpServletRequest) attributes.getRequest().getContainerRequest();
52 HttpServletResponse response = (HttpServletResponse) attributes.getResponse().getContainerResponse();
53
54 switch (request.getMethod()) {
55 case HttpMethod.GET:
56 String samlResponse = request.getParameter(SAML2Constants.SAML_RESPONSE);
57 String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
58 if (samlResponse == null) {
59
60 Cookie idpEntityID = new Cookie(
61 SAML2SP4UIConstants.SAML2SP4UI_IDP_ENTITY_ID,
62 request.getParameter(SAML2SP4UIConstants.SAML2SP4UI_IDP_ENTITY_ID));
63 idpEntityID.setMaxAge(-1);
64 response.addCookie(idpEntityID);
65
66 SAML2SP4UIService service =
67 BaseSession.class.cast(Session.get()).getService(SAML2SP4UIService.class);
68 SAML2Request logoutRequest = service.createLogoutRequest(
69 spEntityID(attributes), SAML2SP4UIConstants.URL_CONTEXT);
70
71 Session.get().invalidate();
72
73 return send(logoutRequest);
74 } else {
75
76 return doLogout(buildResponse(attributes, samlResponse, relayState));
77 }
78
79 case HttpMethod.POST:
80 return doLogout(extract(attributes));
81
82 default:
83 throw new UnsupportedOperationException("Only GET and POST are supported");
84 }
85 }
86 }