public RedirectionResponse createSignOutRequest()

in plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java [473:550]

• 62 lines of code
• 17 McCabe index (conditional complexity)

    public RedirectionResponse createSignOutRequest(HttpServletRequest request, SamlAssertionWrapper token,
        FedizContext config) throws ProcessingException {

        String redirectURL = null;
        try {
            if (!(config.getProtocol() instanceof FederationProtocol)) {
                LOG.error("Unsupported protocol");
                throw new IllegalStateException("Unsupported protocol");
            }

            String issuerURL = resolveIssuer(request, config);
            LOG.debug("Issuer url: {}", issuerURL);
            if (issuerURL != null && !issuerURL.isEmpty()) {
                redirectURL = issuerURL;
            }

            StringBuilder sb = new StringBuilder();
            sb.append(FederationConstants.PARAM_ACTION).append('=').append(FederationConstants.ACTION_SIGNOUT);

            // Match the 'wreply' parameter against the constraint
            String logoutRedirectTo = null;
            if (request.getParameter(FederationConstants.PARAM_REPLY) != null) {
                Pattern logoutRedirectToConstraint = resolveLogoutRedirectToConstraint(request, config);
                if (logoutRedirectToConstraint == null) {
                    LOG.debug("No regular expression constraint configured for logout. Ignoring wreply parameter");
                } else {
                    Matcher matcher =
                        logoutRedirectToConstraint.matcher(request.getParameter(FederationConstants.PARAM_REPLY));
                    if (matcher.matches()) {
                        logoutRedirectTo = request.getParameter(FederationConstants.PARAM_REPLY);
                    } else {
                        LOG.warn("The received wreply address {} does not match the configured constraint {}",
                                 logoutRedirectTo, logoutRedirectToConstraint);
                    }
                }
            }

            if (logoutRedirectTo == null || logoutRedirectTo.isEmpty()) {
                logoutRedirectTo = config.getLogoutRedirectTo();
            }

            if (logoutRedirectTo != null && !logoutRedirectTo.isEmpty()) {
                if (logoutRedirectTo.startsWith("/")) {
                    logoutRedirectTo = extractFullContextPath(request).concat(logoutRedirectTo.substring(1));
                } else if (!logoutRedirectTo.startsWith("http") && !logoutRedirectTo.startsWith("https")) {
                    logoutRedirectTo = extractFullContextPath(request).concat(logoutRedirectTo);
                }

                LOG.debug("wreply={}", logoutRedirectTo);
                sb.append('&').append(FederationConstants.PARAM_REPLY).append('=')
                    .append(encode(logoutRedirectTo, UTF_8.name()));
            }

            String realm = resolveWTRealm(request, config);
            LOG.debug("wtrealm={}", realm);

            // add wtrealm parameter
            sb.append('&').append(FederationConstants.PARAM_TREALM).append('=')
                .append(encode(realm, UTF_8.name()));

            String signOutQuery = resolveSignOutQuery(request, config);
            LOG.debug("SignIn Query: {}", signOutQuery);

            // add signout query extensions
            if (signOutQuery != null && signOutQuery.length() > 0) {
                sb.append('&').append(signOutQuery);
            }

            redirectURL = redirectURL + '?' + sb.toString();
        } catch (Exception ex) {
            LOG.error("Failed to create SignInRequest", ex);
            throw new ProcessingException("Failed to create SignInRequest");
        }

        RedirectionResponse response = new RedirectionResponse();
        response.setRedirectionURL(redirectURL);
        return response;
    }