org.jasig.cas.logout.LogoutRequest Java Examples

/**
 * {@inheritDoc}
 * Destroy a TicketGrantingTicket and perform back channel logout. This has the effect of invalidating any
 * Ticket that was derived from the TicketGrantingTicket being destroyed. May throw an
 * {@link IllegalArgumentException} if the TicketGrantingTicket ID is null.
 *
 * @param ticketGrantingTicketId the id of the ticket we want to destroy
 * @return the logout requests.
 */
@Audit(
        action="TICKET_GRANTING_TICKET_DESTROYED",
        actionResolverName="DESTROY_TICKET_GRANTING_TICKET_RESOLVER",
        resourceResolverName="DESTROY_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER")
@Timed(name = "DESTROY_TICKET_GRANTING_TICKET_TIMER")
@Metered(name="DESTROY_TICKET_GRANTING_TICKET_METER")
@Counted(name="DESTROY_TICKET_GRANTING_TICKET_COUNTER", monotonic=true)
@Override
public List<LogoutRequest> destroyTicketGrantingTicket(@NotNull final String ticketGrantingTicketId) {
    try {
        logger.debug("Removing ticket [{}] from registry...", ticketGrantingTicketId);
        final TicketGrantingTicket ticket = getTicket(ticketGrantingTicketId, TicketGrantingTicket.class);
        logger.debug("Ticket found. Processing logout requests and then deleting the ticket...");
        final List<LogoutRequest> logoutRequests = logoutManager.performLogout(ticket);
        this.ticketRegistry.deleteTicket(ticketGrantingTicketId);
        return logoutRequests;
    } catch (final InvalidTicketException e) {
        logger.debug("TicketGrantingTicket [{}] cannot be found in the ticket registry.", ticketGrantingTicketId);
    }
    return Collections.emptyList();
}
 

@Test
public void testLogoutOneLogoutRequestNotAttempted() throws Exception {
    final String FAKE_URL = "http://url";
    LogoutRequest logoutRequest = new LogoutRequest(TICKET_ID, new SimpleWebApplicationServiceImpl(FAKE_URL));
    WebUtils.putLogoutRequests(this.requestContext, Arrays.asList(logoutRequest));
    this.requestContext.getFlowScope().put(FrontChannelLogoutAction.LOGOUT_INDEX, 0);
    final Event event = this.frontChannelLogoutAction.doExecute(this.requestContext);
    assertEquals(FrontChannelLogoutAction.REDIRECT_APP_EVENT, event.getId());
    List<LogoutRequest> list = WebUtils.getLogoutRequests(this.requestContext);
    assertEquals(1, list.size());
    final String url = (String) event.getAttributes().get("logoutUrl");
    assertTrue(url.startsWith(FAKE_URL + "?SAMLRequest="));
    final byte[] samlMessage = Base64.decodeBase64(URLDecoder.decode(StringUtils.substringAfter(url,  "?SAMLRequest="), "UTF-8"));
    final Inflater decompresser = new Inflater();
    decompresser.setInput(samlMessage);
    final byte[] result = new byte[1000];
    decompresser.inflate(result);
    decompresser.end();
    final String message = new String(result);
    assertTrue(message.startsWith("<samlp:LogoutRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ID=\""));
    assertTrue(message.indexOf("<samlp:SessionIndex>" + TICKET_ID + "</samlp:SessionIndex>") >= 0);
}
 

/**
 * {@inheritDoc}
 * Destroy a TicketGrantingTicket and perform back channel logout. This has the effect of invalidating any
 * Ticket that was derived from the TicketGrantingTicket being destroyed. May throw an
 * {@link IllegalArgumentException} if the TicketGrantingTicket ID is null.
 *
 * @param ticketGrantingTicketId the id of the ticket we want to destroy
 * @return the logout requests.
 */
@Audit(
        action="TICKET_GRANTING_TICKET_DESTROYED",
        actionResolverName="DESTROY_TICKET_GRANTING_TICKET_RESOLVER",
        resourceResolverName="DESTROY_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER")
@Profiled(tag = "DESTROY_TICKET_GRANTING_TICKET", logFailuresSeparately = false)
@Transactional(readOnly = false)
@Override
public List<LogoutRequest> destroyTicketGrantingTicket(final String ticketGrantingTicketId) {
    Assert.notNull(ticketGrantingTicketId);

    logger.debug("Removing ticket [{}] from registry.", ticketGrantingTicketId);
    final TicketGrantingTicket ticket = this.ticketRegistry.getTicket(ticketGrantingTicketId,
            TicketGrantingTicket.class);

    if (ticket == null) {
        logger.debug("TicketGrantingTicket [{}] cannot be found in the ticket registry.", ticketGrantingTicketId);
        return Collections.emptyList();
    }

    logger.debug("Ticket found. Processing logout requests and then deleting the ticket...");
    final List<LogoutRequest> logoutRequests = logoutManager.performLogout(ticket);
    this.ticketRegistry.deleteTicket(ticketGrantingTicketId);

    return logoutRequests;
}
 

/**
 * {@inheritDoc}
 * Destroy a TicketGrantingTicket and perform back channel logout. This has the effect of invalidating any
 * Ticket that was derived from the TicketGrantingTicket being destroyed. May throw an
 * {@link IllegalArgumentException} if the TicketGrantingTicket ID is null.
 *
 * @param ticketGrantingTicketId the id of the ticket we want to destroy
 * @return the logout requests.
 */
@Audit(
        action = "TICKET_GRANTING_TICKET_DESTROYED",
        actionResolverName = "DESTROY_TICKET_GRANTING_TICKET_RESOLVER",
        resourceResolverName = "DESTROY_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER")
@Timed(name = "DESTROY_TICKET_GRANTING_TICKET_TIMER")
@Metered(name = "DESTROY_TICKET_GRANTING_TICKET_METER")
@Counted(name = "DESTROY_TICKET_GRANTING_TICKET_COUNTER", monotonic = true)
@Override
public List<LogoutRequest> destroyTicketGrantingTicket(@NotNull final String ticketGrantingTicketId) {
    try {
        logger.debug("Removing ticket [{}] from registry...", ticketGrantingTicketId);
        final TicketGrantingTicket ticket = getTicket(ticketGrantingTicketId, TicketGrantingTicket.class);
        logger.debug("Ticket found. Processing logout requests and then deleting the ticket...");
        final List<LogoutRequest> logoutRequests = logoutManager.performLogout(ticket);
        this.ticketRegistry.deleteTicket(ticketGrantingTicketId);

        doPublishEvent(new CasTicketGrantingTicketDestroyedEvent(this, ticket));

        return logoutRequests;
    } catch (final InvalidTicketException e) {
        logger.debug("TicketGrantingTicket [{}] cannot be found in the ticket registry.", ticketGrantingTicketId);
    }
    return Collections.emptyList();
}
 

@Test
public void verifyLogoutOneLogoutRequestNotAttempted() throws Exception {
    final LogoutRequest logoutRequest = new DefaultLogoutRequest(TICKET_ID,
            new SimpleWebApplicationServiceImpl(TEST_URL),
            new URL(TEST_URL));
    final Event event = getLogoutEvent(Arrays.asList(logoutRequest));

    assertEquals(FrontChannelLogoutAction.REDIRECT_APP_EVENT, event.getId());
    final List<LogoutRequest> list = WebUtils.getLogoutRequests(this.requestContext);
    assertEquals(1, list.size());
    final String url = (String) event.getAttributes().get(FrontChannelLogoutAction.DEFAULT_FLOW_ATTRIBUTE_LOGOUT_URL);
    assertTrue(url.startsWith(TEST_URL + "?" + FrontChannelLogoutAction.DEFAULT_LOGOUT_PARAMETER + "="));
    final byte[] samlMessage = CompressionUtils.decodeBase64ToByteArray(
            URLDecoder.decode(StringUtils.substringAfter(url, "?" + FrontChannelLogoutAction.DEFAULT_LOGOUT_PARAMETER + "="), "UTF-8"));
    final Inflater decompresser = new Inflater();
    decompresser.setInput(samlMessage);
    final byte[] result = new byte[1000];
    decompresser.inflate(result);
    decompresser.end();
    final String message = new String(result);
    assertTrue(message.startsWith("<samlp:LogoutRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ID=\""));
    assertTrue(message.contains("<samlp:SessionIndex>" + TICKET_ID + "</samlp:SessionIndex>"));
}
 

@Test
public void verifyLogoutUrlForServiceIsUsed() throws Exception {
    final RegisteredService svc = getRegisteredService();
    when(this.servicesManager.findServiceBy(any(SingleLogoutService.class))).thenReturn(svc);

    final SingleLogoutService service = mock(SingleLogoutService.class);
    when(service.getId()).thenReturn(svc.getServiceId());
    when(service.getOriginalUrl()).thenReturn(svc.getServiceId());

    final MockTicketGrantingTicket tgt = new MockTicketGrantingTicket("test");
    tgt.getServices().put("service", service);
    final Event event = getLogoutEvent(this.logoutManager.performLogout(tgt));
    assertEquals(FrontChannelLogoutAction.REDIRECT_APP_EVENT, event.getId());
    final List<LogoutRequest> list = WebUtils.getLogoutRequests(this.requestContext);
    assertEquals(1, list.size());
    final String url = (String) event.getAttributes().get(FrontChannelLogoutAction.DEFAULT_FLOW_ATTRIBUTE_LOGOUT_URL);
    assertTrue(url.startsWith(svc.getLogoutUrl().toExternalForm()));

}
 

@SuppressWarnings("unchecked")
@Test
public void verifyLogoutRequestFront() throws Exception {
    final Cookie cookie = new Cookie(COOKIE_TGC_ID, "test");
    this.request.setCookies(cookie);
    final LogoutRequest logoutRequest = new DefaultLogoutRequest("", null, null);
    WebUtils.putLogoutRequests(this.requestContext, Arrays.asList(logoutRequest));
    final Event event = this.logoutAction.doExecute(this.requestContext);
    assertEquals(LogoutAction.FRONT_EVENT, event.getId());
    final List<LogoutRequest> logoutRequests = WebUtils.getLogoutRequests(this.requestContext);
    assertEquals(1, logoutRequests.size());
    assertEquals(logoutRequest, logoutRequests.get(0));
}
 

@Audit(
        action="TICKET_GRANTING_TICKET_DESTROYED",
        actionResolverName="DESTROY_TICKET_GRANTING_TICKET_RESOLVER",
        resourceResolverName="DESTROY_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER")
@Timed(name = "DESTROY_TICKET_GRANTING_TICKET_TIMER")
@Metered(name="DESTROY_TICKET_GRANTING_TICKET_METER")
@Counted(name="DESTROY_TICKET_GRANTING_TICKET_COUNTER", monotonic=true)
@Override
public List<LogoutRequest> destroyTicketGrantingTicket(@NotNull final String ticketGrantingTicketId) {
    return this.delegate.destroyTicketGrantingTicket(ticketGrantingTicketId);
}
 

@SuppressWarnings("unchecked")
@Test
public void testLogoutRequestFront() throws Exception {
    final Cookie cookie = new Cookie(COOKIE_TGC_ID, "test");
    this.request.setCookies(new Cookie[] {cookie});
    final LogoutRequest logoutRequest = new LogoutRequest("", null);
    WebUtils.putLogoutRequests(this.requestContext, Arrays.asList(logoutRequest));
    final Event event = this.logoutAction.doExecute(this.requestContext);
    assertEquals(LogoutAction.FRONT_EVENT, event.getId());
    List<LogoutRequest> logoutRequests = WebUtils.getLogoutRequests(this.requestContext);
    assertEquals(1, logoutRequests.size());
    assertEquals(logoutRequest, logoutRequests.get(0));
}
 

@Test
public void testLogoutRequestBack() throws Exception {
    final Cookie cookie = new Cookie(COOKIE_TGC_ID, "test");
    this.request.setCookies(new Cookie[] {cookie});
    LogoutRequest logoutRequest = new LogoutRequest("", null);
    logoutRequest.setStatus(LogoutRequestStatus.SUCCESS);
    WebUtils.putLogoutRequests(this.requestContext, Arrays.asList(logoutRequest));
    final Event event = this.logoutAction.doExecute(this.requestContext);
    assertEquals(LogoutAction.FINISH_EVENT, event.getId());
}
 

@Test
public void testLogoutOneLogoutRequestSuccess() throws Exception {
    final LogoutRequest logoutRequest = new LogoutRequest("", null);
    logoutRequest.setStatus(LogoutRequestStatus.SUCCESS);
    WebUtils.putLogoutRequests(this.requestContext, Collections.<LogoutRequest>emptyList());
    this.requestContext.getFlowScope().put(FrontChannelLogoutAction.LOGOUT_INDEX, 0);
    final Event event = this.frontChannelLogoutAction.doExecute(this.requestContext);
    assertEquals(FrontChannelLogoutAction.FINISH_EVENT, event.getId());
}
 

@Override
protected Event doInternalExecute(final HttpServletRequest request, final HttpServletResponse response,
        final RequestContext context) throws Exception {

    boolean needFrontSlo = false;
    putLogoutIndex(context, 0);
    final List<LogoutRequest> logoutRequests = WebUtils.getLogoutRequests(context);
    if (logoutRequests != null) {
        for (LogoutRequest logoutRequest : logoutRequests) {
            // if some logout request must still be attempted
            if (logoutRequest.getStatus() == LogoutRequestStatus.NOT_ATTEMPTED) {
                needFrontSlo = true;
                break;
            }
        }
    }

    final String service = request.getParameter("service");
    if (this.followServiceRedirects && service != null) {
        final RegisteredService rService = this.servicesManager.findServiceBy(new SimpleWebApplicationServiceImpl(service));

        if (rService != null && rService.isEnabled()) {
            context.getFlowScope().put("logoutRedirectUrl", service);
        }
    }

    // there are some front services to logout, perform front SLO
    if (needFrontSlo) {
        return new Event(this, FRONT_EVENT);
    } else {
        // otherwise, finish the logout process
        return new Event(this, FINISH_EVENT);
    }
}
 

@Override
protected Event doInternalExecute(final HttpServletRequest request, final HttpServletResponse response,
        final RequestContext context) throws Exception {

    final List<LogoutRequest> logoutRequests = WebUtils.getLogoutRequests(context);
    final Integer startIndex = getLogoutIndex(context);
    if (logoutRequests != null && startIndex != null) {
        for (int i = startIndex; i < logoutRequests.size(); i++) {
            final LogoutRequest logoutRequest = logoutRequests.get(i);
            if (logoutRequest.getStatus() == LogoutRequestStatus.NOT_ATTEMPTED) {
                // assume it has been successful
                logoutRequest.setStatus(LogoutRequestStatus.SUCCESS);

                // save updated index
                putLogoutIndex(context, i + 1);

                // redirect to application with SAML logout message
                final UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(logoutRequest.getService().getId());
                builder.queryParam("SAMLRequest",
                        URLEncoder.encode(logoutManager.createFrontChannelLogoutMessage(logoutRequest), "UTF-8"));
                return result(REDIRECT_APP_EVENT, "logoutUrl", builder.build().toUriString());
            }
        }
    }

    // no new service with front-channel logout -> finish logout
    return new Event(this, FINISH_EVENT);
}
 

@Test
public void verifyLogoutRequestBack() throws Exception {
    final Cookie cookie = new Cookie(COOKIE_TGC_ID, "test");
    this.request.setCookies(cookie);
    final LogoutRequest logoutRequest = new DefaultLogoutRequest("", null, null);
    logoutRequest.setStatus(LogoutRequestStatus.SUCCESS);
    WebUtils.putLogoutRequests(this.requestContext, Arrays.asList(logoutRequest));
    final Event event = this.logoutAction.doExecute(this.requestContext);
    assertEquals(LogoutAction.FINISH_EVENT, event.getId());
}
 

@Test
public void verifyLogoutOneLogoutRequestSuccess() throws Exception {
    final DefaultLogoutRequest logoutRequest = new DefaultLogoutRequest("", null, null);
    logoutRequest.setStatus(LogoutRequestStatus.SUCCESS);
    WebUtils.putLogoutRequests(this.requestContext, Collections.<LogoutRequest>emptyList());
    this.requestContext.getFlowScope().put(FrontChannelLogoutAction.LOGOUT_INDEX, 0);
    final Event event = this.frontChannelLogoutAction.doExecute(this.requestContext);
    assertEquals(FrontChannelLogoutAction.FINISH_EVENT, event.getId());
}
 

@Override
protected Event doInternalExecute(final HttpServletRequest request, final HttpServletResponse response,
        final RequestContext context) throws Exception {

    final List<LogoutRequest> logoutRequests = WebUtils.getLogoutRequests(context);
    final Integer startIndex = getLogoutIndex(context);
    if (logoutRequests != null) {
        for (int i = startIndex; i < logoutRequests.size(); i++) {
            final LogoutRequest logoutRequest = logoutRequests.get(i);
            if (logoutRequest.getStatus() == LogoutRequestStatus.NOT_ATTEMPTED) {
                // assume it has been successful
                logoutRequest.setStatus(LogoutRequestStatus.SUCCESS);

                // save updated index
                putLogoutIndex(context, i + 1);

                final String logoutUrl = logoutRequest.getLogoutUrl().toExternalForm();
                LOGGER.debug("Using logout url [{}] for front-channel logout requests", logoutUrl);

                final String logoutMessage = logoutManager.createFrontChannelLogoutMessage(logoutRequest);
                LOGGER.debug("Front-channel logout message to send under [{}] is [{}]",
                        this.logoutRequestParameter, logoutMessage);

                // redirect to application with SAML logout message
                final UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(logoutUrl);
                builder.queryParam(this.logoutRequestParameter, URLEncoder.encode(logoutMessage, "UTF-8"));

                return result(REDIRECT_APP_EVENT, DEFAULT_FLOW_ATTRIBUTE_LOGOUT_URL, builder.build().toUriString());
            }
        }
    }

    // no new service with front-channel logout -> finish logout
    return new Event(this, FINISH_EVENT);
}
 

@Override
protected Event doInternalExecute(final HttpServletRequest request, final HttpServletResponse response,
        final RequestContext context) throws Exception {

    boolean needFrontSlo = false;
    putLogoutIndex(context, 0);
    final List<LogoutRequest> logoutRequests = WebUtils.getLogoutRequests(context);
    if (logoutRequests != null) {
        for (final LogoutRequest logoutRequest : logoutRequests) {
            // if some logout request must still be attempted
            if (logoutRequest.getStatus() == LogoutRequestStatus.NOT_ATTEMPTED) {
                needFrontSlo = true;
                break;
            }
        }
    }

    final String service = request.getParameter("service");
    if (this.followServiceRedirects && service != null) {
        final Service webAppService = new SimpleWebApplicationServiceImpl(service);
        final RegisteredService rService = this.servicesManager.findServiceBy(webAppService);

        if (rService != null && rService.getAccessStrategy().isServiceAccessAllowed()) {
            context.getFlowScope().put("logoutRedirectUrl", service);
        }
    }

    // there are some front services to logout, perform front SLO
    if (needFrontSlo) {
        return new Event(this, FRONT_EVENT);
    } else {
        // otherwise, finish the logout process
        return new Event(this, FINISH_EVENT);
    }
}
 

@Override
public String createFrontChannelLogoutMessage(final LogoutRequest logoutRequest) {
    throw new UnsupportedOperationException("Not implemented");
}
 

@Override
public List<LogoutRequest> performLogout(final TicketGrantingTicket ticket) {
    ticket.markTicketExpired();
    registry.updateTicket(ticket);
    return null;
}
 

@Override
public String createFrontChannelLogoutMessage(final LogoutRequest logoutRequest) {
    throw new UnsupportedOperationException("Not implemented");
}
 

@Test
public void testLogoutNoIndex() throws Exception {
    WebUtils.putLogoutRequests(this.requestContext, Collections.<LogoutRequest>emptyList());
    final Event event = this.frontChannelLogoutAction.doExecute(this.requestContext);
    assertEquals(FrontChannelLogoutAction.FINISH_EVENT, event.getId());
}
 

private Event getLogoutEvent(final List<LogoutRequest> requests) throws Exception {
    WebUtils.putLogoutRequests(this.requestContext, requests);
    this.requestContext.getFlowScope().put(FrontChannelLogoutAction.LOGOUT_INDEX, 0);
    return this.frontChannelLogoutAction.doExecute(this.requestContext);
}
 

@Override
public List<LogoutRequest> performLogout(final TicketGrantingTicket ticket) {
    ticket.markTicketExpired();
    registry.updateTicket(ticket);
    return null;
}
 

public static List<LogoutRequest> getLogoutRequests(final RequestContext context) {
    return (List<LogoutRequest>) context.getFlowScope().get("logoutRequests");
}
 

public static void putLogoutRequests(final RequestContext context, final List<LogoutRequest> requests) {
    context.getFlowScope().put("logoutRequests", requests);
}
 

@Test
public void verifyLogoutNoIndex() throws Exception {
    WebUtils.putLogoutRequests(this.requestContext, Collections.<LogoutRequest>emptyList());
    final Event event = this.frontChannelLogoutAction.doExecute(this.requestContext);
    assertEquals(FrontChannelLogoutAction.FINISH_EVENT, event.getId());
}
 

/**
 * {@inheritDoc}
 * <p>Destroy a TicketGrantingTicket and perform back channel logout. This has the effect of invalidating any
 * Ticket that was derived from the TicketGrantingTicket being destroyed. May throw an
 * {@link IllegalArgumentException} if the TicketGrantingTicket ID is null.
 *
 * @param ticketGrantingTicketId the id of the ticket we want to destroy
 * @return the logout requests.
 */
@Override
public List<LogoutRequest> destroyTicketGrantingTicket(final String ticketGrantingTicketId) {
    return this.centralAuthenticationService.destroyTicketGrantingTicket(ticketGrantingTicketId);
}
 

/**
 * Destroy a TicketGrantingTicket and perform back channel logout. This has the effect of invalidating any
 * Ticket that was derived from the TicketGrantingTicket being destroyed. May throw an
 * {@link IllegalArgumentException} if the TicketGrantingTicket ID is null.
 *
 * @param ticketGrantingTicketId the id of the ticket we want to destroy
 * @return the logout requests.
 */
List<LogoutRequest> destroyTicketGrantingTicket(final String ticketGrantingTicketId);
 

/**
 * Destroy a TicketGrantingTicket and perform back channel logout. This has the effect of invalidating any
 * Ticket that was derived from the TicketGrantingTicket being destroyed. May throw an
 * {@link IllegalArgumentException} if the TicketGrantingTicket ID is null.
 *
 * @param ticketGrantingTicketId the id of the ticket we want to destroy
 * @return the logout requests.
 */
List<LogoutRequest> destroyTicketGrantingTicket(@NotNull final String ticketGrantingTicketId);
 

/**
 * {@inheritDoc}
 * <p>Destroy a TicketGrantingTicket and perform back channel logout. This has the effect of invalidating any
 * Ticket that was derived from the TicketGrantingTicket being destroyed. May throw an
 * {@link IllegalArgumentException} if the TicketGrantingTicket ID is null.
 *
 * @param ticketGrantingTicketId the id of the ticket we want to destroy
 * @return the logout requests.
 */
@Override
public List<LogoutRequest> destroyTicketGrantingTicket(final String ticketGrantingTicketId) {
    return this.centralAuthenticationService.destroyTicketGrantingTicket(ticketGrantingTicketId);
}