/**
* Copyright 2014 55 Minutes (http://www.55minutes.com)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package fiftyfive.wicket.shiro.markup;
import fiftyfive.wicket.shiro.ShiroWicketPlugin;
import org.apache.shiro.SecurityUtils;
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.request.flow.RedirectToUrlException;
import org.apache.wicket.request.mapper.parameter.PageParameters;
import org.apache.wicket.util.string.StringValue;
/**
* This page is never rendered; it simply performs logout logic and redirects to the
* home page or other URI as specified in the page parameters.
*
* @author Matt Brictson
* @since 3.0
*/
public class LogoutPage extends WebPage
{
/**
* Bookmarkable constructor. If a {@code "to"} parameter is provided, assume it is a URI
* and redirect to that URI upon logout. Otherwise redirect to the home page.
*/
public LogoutPage(PageParameters params)
{
super(params);
}
/**
* Interrupt the rendering process and perform the logout, then redirect to a different page
* by throwing an exception. The {@code LogoutPage} itself will therefore never be rendered.
*/
@Override
protected void onBeforeRender() throws RedirectToUrlException
{
logout();
redirectAfterLogout();
}
/**
* Called by {@link #onBeforeRender} to instruct Shiro to log the current user out, then
* delegate to {@link ShiroWicketPlugin#onLoggedOut} to place a feedback message in the
* session.
*/
protected void logout()
{
// Perform Shiro logout
SecurityUtils.getSubject().logout();
// Delegate to plugin to perform any futher logout tasks
ShiroWicketPlugin.get().onLoggedOut();
}
/**
* Called by {@link #onBeforeRender} after {@link #logout} to redirect to another page.
* By default this is the application home page. However if a {@code "to"} page parameter
* was provided, assume it is a URI and redirect to that URI instead. For security reasons,
* full URLs (i.e. something starting with {@code http}) are ignored.
*
* @throws RedirectToUrlException to cause Wicket to perform a 302 redirect
*/
protected void redirectAfterLogout() throws RedirectToUrlException
{
StringValue to = getPageParameters().get("to");
// If "to" param was not specified, or was erroneously set to
// an absolute URL (i.e. containing a ":" like "http://blah"), then fall back
// to the home page.
if(null == to || to.isNull() || to.toString().indexOf(":") >= 0)
{
to = StringValue.valueOf(urlFor(getApplication().getHomePage(), null));
}
throw new RedirectToUrlException(to.toString(), 302);
}
}