Java Code Examples for org.jasig.cas.web.support.WebUtils#getLogoutRequests()

The following examples show how to use org.jasig.cas.web.support.WebUtils#getLogoutRequests() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: FrontChannelLogoutActionTests.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Test
public void verifyLogoutOneLogoutRequestNotAttempted() throws Exception {
    final LogoutRequest logoutRequest = new DefaultLogoutRequest(TICKET_ID,
            new SimpleWebApplicationServiceImpl(TEST_URL),
            new URL(TEST_URL));
    final Event event = getLogoutEvent(Arrays.asList(logoutRequest));

    assertEquals(FrontChannelLogoutAction.REDIRECT_APP_EVENT, event.getId());
    final List<LogoutRequest> list = WebUtils.getLogoutRequests(this.requestContext);
    assertEquals(1, list.size());
    final String url = (String) event.getAttributes().get(FrontChannelLogoutAction.DEFAULT_FLOW_ATTRIBUTE_LOGOUT_URL);
    assertTrue(url.startsWith(TEST_URL + "?" + FrontChannelLogoutAction.DEFAULT_LOGOUT_PARAMETER + "="));
    final byte[] samlMessage = CompressionUtils.decodeBase64ToByteArray(
            URLDecoder.decode(StringUtils.substringAfter(url, "?" + FrontChannelLogoutAction.DEFAULT_LOGOUT_PARAMETER + "="), "UTF-8"));
    final Inflater decompresser = new Inflater();
    decompresser.setInput(samlMessage);
    final byte[] result = new byte[1000];
    decompresser.inflate(result);
    decompresser.end();
    final String message = new String(result);
    assertTrue(message.startsWith("<samlp:LogoutRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ID=\""));
    assertTrue(message.contains("<samlp:SessionIndex>" + TICKET_ID + "</samlp:SessionIndex>"));
}
 
Example 2
Source File: FrontChannelLogoutActionTests.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Test
public void verifyLogoutUrlForServiceIsUsed() throws Exception {
    final RegisteredService svc = getRegisteredService();
    when(this.servicesManager.findServiceBy(any(SingleLogoutService.class))).thenReturn(svc);

    final SingleLogoutService service = mock(SingleLogoutService.class);
    when(service.getId()).thenReturn(svc.getServiceId());
    when(service.getOriginalUrl()).thenReturn(svc.getServiceId());

    final MockTicketGrantingTicket tgt = new MockTicketGrantingTicket("test");
    tgt.getServices().put("service", service);
    final Event event = getLogoutEvent(this.logoutManager.performLogout(tgt));
    assertEquals(FrontChannelLogoutAction.REDIRECT_APP_EVENT, event.getId());
    final List<LogoutRequest> list = WebUtils.getLogoutRequests(this.requestContext);
    assertEquals(1, list.size());
    final String url = (String) event.getAttributes().get(FrontChannelLogoutAction.DEFAULT_FLOW_ATTRIBUTE_LOGOUT_URL);
    assertTrue(url.startsWith(svc.getLogoutUrl().toExternalForm()));

}
 
Example 3
Source File: FrontChannelLogoutActionTests.java    From cas4.0.x-server-wechat with Apache License 2.0 6 votes vote down vote up
@Test
public void testLogoutOneLogoutRequestNotAttempted() throws Exception {
    final String FAKE_URL = "http://url";
    LogoutRequest logoutRequest = new LogoutRequest(TICKET_ID, new SimpleWebApplicationServiceImpl(FAKE_URL));
    WebUtils.putLogoutRequests(this.requestContext, Arrays.asList(logoutRequest));
    this.requestContext.getFlowScope().put(FrontChannelLogoutAction.LOGOUT_INDEX, 0);
    final Event event = this.frontChannelLogoutAction.doExecute(this.requestContext);
    assertEquals(FrontChannelLogoutAction.REDIRECT_APP_EVENT, event.getId());
    List<LogoutRequest> list = WebUtils.getLogoutRequests(this.requestContext);
    assertEquals(1, list.size());
    final String url = (String) event.getAttributes().get("logoutUrl");
    assertTrue(url.startsWith(FAKE_URL + "?SAMLRequest="));
    final byte[] samlMessage = Base64.decodeBase64(URLDecoder.decode(StringUtils.substringAfter(url,  "?SAMLRequest="), "UTF-8"));
    final Inflater decompresser = new Inflater();
    decompresser.setInput(samlMessage);
    final byte[] result = new byte[1000];
    decompresser.inflate(result);
    decompresser.end();
    final String message = new String(result);
    assertTrue(message.startsWith("<samlp:LogoutRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ID=\""));
    assertTrue(message.indexOf("<samlp:SessionIndex>" + TICKET_ID + "</samlp:SessionIndex>") >= 0);
}
 
Example 4
Source File: FrontChannelLogoutAction.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Override
protected Event doInternalExecute(final HttpServletRequest request, final HttpServletResponse response,
        final RequestContext context) throws Exception {

    final List<LogoutRequest> logoutRequests = WebUtils.getLogoutRequests(context);
    final Integer startIndex = getLogoutIndex(context);
    if (logoutRequests != null) {
        for (int i = startIndex; i < logoutRequests.size(); i++) {
            final LogoutRequest logoutRequest = logoutRequests.get(i);
            if (logoutRequest.getStatus() == LogoutRequestStatus.NOT_ATTEMPTED) {
                // assume it has been successful
                logoutRequest.setStatus(LogoutRequestStatus.SUCCESS);

                // save updated index
                putLogoutIndex(context, i + 1);

                final String logoutUrl = logoutRequest.getLogoutUrl().toExternalForm();
                LOGGER.debug("Using logout url [{}] for front-channel logout requests", logoutUrl);

                final String logoutMessage = logoutManager.createFrontChannelLogoutMessage(logoutRequest);
                LOGGER.debug("Front-channel logout message to send under [{}] is [{}]",
                        this.logoutRequestParameter, logoutMessage);

                // redirect to application with SAML logout message
                final UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(logoutUrl);
                builder.queryParam(this.logoutRequestParameter, URLEncoder.encode(logoutMessage, "UTF-8"));

                return result(REDIRECT_APP_EVENT, DEFAULT_FLOW_ATTRIBUTE_LOGOUT_URL, builder.build().toUriString());
            }
        }
    }

    // no new service with front-channel logout -> finish logout
    return new Event(this, FINISH_EVENT);
}
 
Example 5
Source File: LogoutAction.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Override
protected Event doInternalExecute(final HttpServletRequest request, final HttpServletResponse response,
        final RequestContext context) throws Exception {

    boolean needFrontSlo = false;
    putLogoutIndex(context, 0);
    final List<LogoutRequest> logoutRequests = WebUtils.getLogoutRequests(context);
    if (logoutRequests != null) {
        for (final LogoutRequest logoutRequest : logoutRequests) {
            // if some logout request must still be attempted
            if (logoutRequest.getStatus() == LogoutRequestStatus.NOT_ATTEMPTED) {
                needFrontSlo = true;
                break;
            }
        }
    }

    final String service = request.getParameter("service");
    if (this.followServiceRedirects && service != null) {
        final Service webAppService = new SimpleWebApplicationServiceImpl(service);
        final RegisteredService rService = this.servicesManager.findServiceBy(webAppService);

        if (rService != null && rService.getAccessStrategy().isServiceAccessAllowed()) {
            context.getFlowScope().put("logoutRedirectUrl", service);
        }
    }

    // there are some front services to logout, perform front SLO
    if (needFrontSlo) {
        return new Event(this, FRONT_EVENT);
    } else {
        // otherwise, finish the logout process
        return new Event(this, FINISH_EVENT);
    }
}
 
Example 6
Source File: LogoutActionTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@SuppressWarnings("unchecked")
@Test
public void verifyLogoutRequestFront() throws Exception {
    final Cookie cookie = new Cookie(COOKIE_TGC_ID, "test");
    this.request.setCookies(cookie);
    final LogoutRequest logoutRequest = new DefaultLogoutRequest("", null, null);
    WebUtils.putLogoutRequests(this.requestContext, Arrays.asList(logoutRequest));
    final Event event = this.logoutAction.doExecute(this.requestContext);
    assertEquals(LogoutAction.FRONT_EVENT, event.getId());
    final List<LogoutRequest> logoutRequests = WebUtils.getLogoutRequests(this.requestContext);
    assertEquals(1, logoutRequests.size());
    assertEquals(logoutRequest, logoutRequests.get(0));
}
 
Example 7
Source File: FrontChannelLogoutAction.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Override
protected Event doInternalExecute(final HttpServletRequest request, final HttpServletResponse response,
        final RequestContext context) throws Exception {

    final List<LogoutRequest> logoutRequests = WebUtils.getLogoutRequests(context);
    final Integer startIndex = getLogoutIndex(context);
    if (logoutRequests != null && startIndex != null) {
        for (int i = startIndex; i < logoutRequests.size(); i++) {
            final LogoutRequest logoutRequest = logoutRequests.get(i);
            if (logoutRequest.getStatus() == LogoutRequestStatus.NOT_ATTEMPTED) {
                // assume it has been successful
                logoutRequest.setStatus(LogoutRequestStatus.SUCCESS);

                // save updated index
                putLogoutIndex(context, i + 1);

                // redirect to application with SAML logout message
                final UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(logoutRequest.getService().getId());
                builder.queryParam("SAMLRequest",
                        URLEncoder.encode(logoutManager.createFrontChannelLogoutMessage(logoutRequest), "UTF-8"));
                return result(REDIRECT_APP_EVENT, "logoutUrl", builder.build().toUriString());
            }
        }
    }

    // no new service with front-channel logout -> finish logout
    return new Event(this, FINISH_EVENT);
}
 
Example 8
Source File: LogoutAction.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Override
protected Event doInternalExecute(final HttpServletRequest request, final HttpServletResponse response,
        final RequestContext context) throws Exception {

    boolean needFrontSlo = false;
    putLogoutIndex(context, 0);
    final List<LogoutRequest> logoutRequests = WebUtils.getLogoutRequests(context);
    if (logoutRequests != null) {
        for (LogoutRequest logoutRequest : logoutRequests) {
            // if some logout request must still be attempted
            if (logoutRequest.getStatus() == LogoutRequestStatus.NOT_ATTEMPTED) {
                needFrontSlo = true;
                break;
            }
        }
    }

    final String service = request.getParameter("service");
    if (this.followServiceRedirects && service != null) {
        final RegisteredService rService = this.servicesManager.findServiceBy(new SimpleWebApplicationServiceImpl(service));

        if (rService != null && rService.isEnabled()) {
            context.getFlowScope().put("logoutRedirectUrl", service);
        }
    }

    // there are some front services to logout, perform front SLO
    if (needFrontSlo) {
        return new Event(this, FRONT_EVENT);
    } else {
        // otherwise, finish the logout process
        return new Event(this, FINISH_EVENT);
    }
}
 
Example 9
Source File: LogoutActionTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@SuppressWarnings("unchecked")
@Test
public void testLogoutRequestFront() throws Exception {
    final Cookie cookie = new Cookie(COOKIE_TGC_ID, "test");
    this.request.setCookies(new Cookie[] {cookie});
    final LogoutRequest logoutRequest = new LogoutRequest("", null);
    WebUtils.putLogoutRequests(this.requestContext, Arrays.asList(logoutRequest));
    final Event event = this.logoutAction.doExecute(this.requestContext);
    assertEquals(LogoutAction.FRONT_EVENT, event.getId());
    List<LogoutRequest> logoutRequests = WebUtils.getLogoutRequests(this.requestContext);
    assertEquals(1, logoutRequests.size());
    assertEquals(logoutRequest, logoutRequests.get(0));
}