You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by GitBox <gi...@apache.org> on 2017/11/14 17:49:42 UTC
[GitHub] gonzalad closed pull request #20: FEDIZ-212: fix logout when no httpSession present
gonzalad closed pull request #20: FEDIZ-212: fix logout when no httpSession present
URL: https://github.com/apache/cxf-fediz/pull/20
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutService.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutService.java
index 7dff3b82..997d43db 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutService.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutService.java
@@ -58,6 +58,7 @@
private FedizSubjectCreator subjectCreator = new FedizSubjectCreator();
private BackChannelLogoutHandler backChannelLogoutHandler;
private List<LogoutHandler> logoutHandlers;
+ private boolean allowAnonymousLogout;
@POST
public Response initiateLogoutPost(MultivaluedMap<String, String> params) {
@@ -71,18 +72,22 @@ public Response initiateLogoutGet() {
protected Response doInitiateLogout(MultivaluedMap<String, String> params) {
IdToken idTokenHint = getIdTokenHint(params);
- OidcUserSubject subject = subjectCreator.createUserSubject(mc, params);
-
Client client = getClient(params, idTokenHint);
- if (backChannelLogoutHandler != null) {
- backChannelLogoutHandler.handleLogout(client, subject, idTokenHint);
- }
- if (logoutHandlers != null) {
- for (LogoutHandler handler : logoutHandlers) {
- handler.handleLogout(client, subject);
+ if (!allowAnonymousLogout || mc.getSecurityContext().getUserPrincipal() != null) {
+ OidcUserSubject subject = subjectCreator.createUserSubject(mc, params);
+
+ if (backChannelLogoutHandler != null) {
+ backChannelLogoutHandler.handleLogout(client, subject, idTokenHint);
+ }
+ if (logoutHandlers != null) {
+
+ for (LogoutHandler handler : logoutHandlers) {
+ handler.handleLogout(client, subject);
+ }
}
}
+
// Clear OIDC session now
mc.getHttpServletRequest().getSession().invalidate();
@@ -113,7 +118,7 @@ private URI getClientLogoutUri(Client client, MultivaluedMap<String, String> par
String clientLogoutUriParam = params.getFirst(CLIENT_LOGOUT_URI);
if (uris.length > 1) {
if (clientLogoutUriParam == null
- || !new HashSet<>(Arrays.asList(uris)).contains(clientLogoutUriParam)) {
+ || !new HashSet<>(Arrays.asList(uris)).contains(clientLogoutUriParam)) {
throw new BadRequestException();
}
uriStr = clientLogoutUriParam;
@@ -177,6 +182,10 @@ public void setBackChannelLogoutHandler(BackChannelLogoutHandler handler) {
this.backChannelLogoutHandler = handler;
}
+ public void setAllowAnonymousLogout(boolean allowAnonymousLogout) {
+ this.allowAnonymousLogout = allowAnonymousLogout;
+ }
+
public void close() {
if (backChannelLogoutHandler != null) {
backChannelLogoutHandler.close();
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services