in plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/LogoutHandler.java [99:148]
protected boolean signoutCleanup(HttpServletRequest request, HttpServletResponse response) {
LOG.info("SignOutCleanup request found. Terminating user session.");
request.getSession().invalidate();
String wreply = request.getParameter(FederationConstants.PARAM_REPLY);
String logoutRedirectTo = fedizConfig.getLogoutRedirectTo();
if (wreply != null && !wreply.isEmpty()) {
Pattern logoutRedirectToConstraint = null;
try {
logoutRedirectToConstraint = resolveLogoutRedirectToConstraint(request, fedizConfig);
} catch (Exception e) {
LOG.error("Error redirecting user after logout: {}", e.getMessage());
}
if (logoutRedirectToConstraint == null) {
LOG.debug("No regular expression constraint configured for logout. Ignoring wreply parameter");
} else {
Matcher matcher = logoutRedirectToConstraint.matcher(wreply);
if (matcher.matches()) {
try {
LOG.debug("Redirecting user after logout to: {}", wreply);
response.sendRedirect(response.encodeRedirectURL(wreply));
return true;
} catch (IOException e) {
LOG.error("Error redirecting user after logout: {}", e.getMessage());
}
} else {
LOG.warn("The received wreply address {} does not match the configured constraint {}",
wreply, logoutRedirectToConstraint);
}
}
} else if (logoutRedirectTo != null && !logoutRedirectTo.isEmpty()) {
try {
if (logoutRedirectTo.startsWith("/")) {
logoutRedirectTo =
StringUtils.extractFullContextPath(request).concat(logoutRedirectTo.substring(1));
} else if (!logoutRedirectTo.startsWith("http") && !logoutRedirectTo.startsWith("https")) {
logoutRedirectTo = StringUtils.extractFullContextPath(request).concat(logoutRedirectTo);
}
LOG.debug("Redirecting after logout to={}", logoutRedirectTo);
response.sendRedirect(response.encodeRedirectURL(logoutRedirectTo));
return true;
} catch (Exception e) {
LOG.error("Error redirecting user after logout: {}", e.getMessage());
}
}
writeLogoutImage(response);
return true;
}