//$$Header: /home/deegree/jail/deegreerepository/deegree/src/org/deegree/portal/standard/security/control/LogoutListener.java,v 1.11 2006/10/17 20:31:19 poth Exp $$
/*---------------- FILE HEADER ------------------------------------------
This file is part of deegree.
Copyright (C) 2001-2006 by:
University of Bonn
http://www.giub.uni-bonn.de/deegree/
lat/lon GmbH
http://www.lat-lon.de
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Contact:
Andreas Poth
lat/lon GmbH
Aennchenstr. 19
53115 Bonn
Germany
E-Mail: poth@lat-lon.de
Klaus Greve
Department of Geography
University of Bonn
Meckenheimer Allee 166
53115 Bonn
Germany
E-Mail: klaus.greve@uni-bonn.de
---------------------------------------------------------------------------*/
package org.deegree.portal.standard.security.control;
import java.io.InputStreamReader;
import java.io.Reader;
import java.net.URL;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.deegree.enterprise.control.AbstractListener;
import org.deegree.enterprise.control.FormEvent;
import org.deegree.enterprise.control.RPCMethodCall;
import org.deegree.enterprise.control.RPCWebEvent;
import org.deegree.framework.log.ILogger;
import org.deegree.framework.log.LoggerFactory;
import org.deegree.framework.util.CharsetUtils;
import org.deegree.framework.util.NetWorker;
import org.deegree.framework.xml.NamespaceContext;
import org.deegree.framework.xml.XMLTools;
import org.deegree.ogcbase.BaseURL;
import org.deegree.ogcbase.CommonNamespaces;
import org.deegree.ogcwebservices.OWSUtils;
import org.deegree.portal.Constants;
import org.deegree.portal.context.GeneralExtension;
import org.deegree.portal.context.ViewContext;
import org.w3c.dom.Document;
/**
* Listener class for handling logout from iGeoPortal standard edition
*
* @author <a href="mailto:poth@lat-lon.de">Andreas Poth </a>
* @author last edited by: $Author: poth $
*
* @version 2.0, $Revision: 1.11 $, $Date: 2006/10/17 20:31:19 $
*/
public class LogoutListener extends AbstractListener {
private static ILogger LOG = LoggerFactory.getLogger( LogoutListener.class );
private static final NamespaceContext nsContext = CommonNamespaces.getNamespaceContext();
/**
* performs a login request. the passed event contains a RPC method call containing a sessionID
*/
public void actionPerformed( FormEvent event ) {
RPCWebEvent re = (RPCWebEvent) event;
if ( !validateRequest( re ) ) {
String s = "Invalid content for logout. Please validate if you have send a sessionID";
LOG.logDebug( s );
return;
}
String user = null;
try {
user = performLogout( re );
} catch (Exception e) {
gotoErrorPage( e.toString() );
LOG.logDebug( e.getMessage(), e );
return;
}
// write request parameter into session to reconstruct the search form
HttpSession session = ( (HttpServletRequest) this.getRequest() ).getSession( true );
session.removeAttribute( "SESSIONID" );
getRequest().setAttribute( "USER", user );
}
/**
* validates the passed event to be valid agaist the requirements of the listener (contains user
* name and password)
*
* @param event
* @return
*/
private boolean validateRequest( RPCWebEvent event ) {
RPCMethodCall mc = event.getRPCMethodCall();
if ( mc.getParameters().length == 0 ) {
return false;
}
String sessionId = (String) mc.getParameters()[0].getValue();
if ( sessionId == null ) {
return false;
}
return true;
}
/**
*
* @return
*/
private String getAddress() {
HttpSession session = ( (HttpServletRequest) getRequest() ).getSession( true );
ViewContext vc = (ViewContext) session.getAttribute( Constants.CURRENTMAPCONTEXT );
GeneralExtension ge = vc.getGeneral().getExtension();
BaseURL baseUrl = ge.getAuthentificationSettings().getAuthentificationURL();
return NetWorker.url2String( baseUrl.getOnlineResource() );
}
/**
* peforms a logout by sending the sessionID contained in the event to the WAAS like service.
* The service answers with the id of the session that has been closed and the name of the user
* who is assigned to the session.<BR>
* A logout may fails if the passed sessionID is unkown or the session assigned to the ID has
* already been closed or is expired
*
* @param event
* @return name of the user assigned to the passed sessionId
* @throws Exception
*/
private String performLogout( RPCWebEvent event ) throws Exception {
RPCMethodCall mc = event.getRPCMethodCall();
String sessionId = (String) mc.getParameters()[0].getValue();
StringBuffer sb = new StringBuffer( OWSUtils.validateHTTPGetBaseURL( getAddress() ) );
sb.append( "service=WAS&request=DescribeUser&SESSIONID=" ).append( sessionId );
URL url = new URL( sb.toString() );
NetWorker nw = new NetWorker( CharsetUtils.getSystemCharset(), url );
Reader reader = new InputStreamReader( nw.getInputStream() );
Document doc = XMLTools.parse( reader );
String user = XMLTools.getNodeAsString( doc, "/User/UserName", nsContext, null );
if ( user == null ) {
throw new Exception( "could not get user name for sessionID: " + sessionId );
}
sb = new StringBuffer( OWSUtils.validateHTTPGetBaseURL( getAddress() ) );
sb.append( "service=WAS&request=CloseSession&SESSIONID=" ).append( sessionId );
url = new URL( sb.toString() );
nw = new NetWorker( CharsetUtils.getSystemCharset(), url );
byte[] b = nw.getDataAsByteArr( 100 );
if ( b != null ) {
String tmp = new String( b );
if ( tmp.trim().length() > 0 ) {
throw new Exception( "logout failed: invalid session to close: " + sessionId );
}
}
return user;
}
}
/* ********************************************************************
Changes to this class. What the people have been up to:
$Log: LogoutListener.java,v $
Revision 1.11 2006/10/17 20:31:19 poth
*** empty log message ***
Revision 1.10 2006/10/05 15:12:04 mays
bug fix : add service=WAS to requests
Revision 1.9 2006/10/05 13:03:14 mays
bug fix: remove redundant "?" from string buffer of http get request
Revision 1.8 2006/08/29 19:54:14 poth
footer corrected
Revision 1.7 2006/08/29 19:18:39 poth
code formating / footer correction
Revision 1.6 2006/08/09 14:13:51 poth
bug fix - support for GDINRW Access Control 1.0 / references to deprecated class Debug removed / Logger added
Revision 1.5 2006/07/13 08:10:56 poth
file header added / references to Debug.XXXX removed
Revision 1.4 2006/07/12 14:46:15 poth
comment footer added
********************************************************************** */