henryyan
6/20/2012 - 2:43 AM

CasLogoutSuccessHandler.java

CasLogoutSuccessHandler.java

package com.runchain.arch.util.security.cas;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;

import com.runchain.arch.util.id.UserUtil;
import com.runchain.arch.util.properties.PropertyFileUtil;

/**
 * CAS注销处理
 * 
 * @author HenryYan
 *
 */
public class CasLogoutSuccessHandler implements LogoutSuccessHandler {
	
	protected Logger logger = LoggerFactory.getLogger(getClass());

	private String url = "";

	@Override
	public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException,
			ServletException {

		logger.debug("request logout url: {}", request.getRequestURL());
		
		if (StringUtils.EMPTY.equals(url)) {
			url = PropertyFileUtil.get("cas.logout.url");
			logger.debug("no url setted, use default url: {}", url);
		}
		
		// destroy user in session
		HttpSession session = request.getSession();
		Object user = session.getAttribute(UserUtil.USER);
		if (user != null) {
			logger.debug("remove user from session: {}", user);
			session.removeAttribute(UserUtil.USER);
		} else {
			logger.warn("no user need to remove from session");
		}
		
		// redirect to logout page
		response.sendRedirect(url);
	}

	public void setTargetUrl(String url) {
		this.url = url;
	}
}