CasLogoutSuccessHandler.java
package com.runchain.arch.util.security.cas;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import com.runchain.arch.util.id.UserUtil;
import com.runchain.arch.util.properties.PropertyFileUtil;
/**
* CAS注销处理
*
* @author HenryYan
*
*/
public class CasLogoutSuccessHandler implements LogoutSuccessHandler {
protected Logger logger = LoggerFactory.getLogger(getClass());
private String url = "";
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException,
ServletException {
logger.debug("request logout url: {}", request.getRequestURL());
if (StringUtils.EMPTY.equals(url)) {
url = PropertyFileUtil.get("cas.logout.url");
logger.debug("no url setted, use default url: {}", url);
}
// destroy user in session
HttpSession session = request.getSession();
Object user = session.getAttribute(UserUtil.USER);
if (user != null) {
logger.debug("remove user from session: {}", user);
session.removeAttribute(UserUtil.USER);
} else {
logger.warn("no user need to remove from session");
}
// redirect to logout page
response.sendRedirect(url);
}
public void setTargetUrl(String url) {
this.url = url;
}
}