1 package org.springframework.security.config;
2
3 import org.springframework.beans.factory.config.BeanDefinition;
4 import org.springframework.beans.factory.config.RuntimeBeanReference;
5 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
6 import org.springframework.beans.factory.support.ManagedList;
7 import org.springframework.beans.factory.xml.BeanDefinitionParser;
8 import org.springframework.beans.factory.xml.ParserContext;
9 import org.springframework.security.ui.logout.LogoutFilter;
10 import org.springframework.security.ui.logout.SecurityContextLogoutHandler;
11 import org.springframework.util.StringUtils;
12 import org.w3c.dom.Element;
13
14
15
16
17
18
19 public class LogoutBeanDefinitionParser implements BeanDefinitionParser {
20 static final String ATT_LOGOUT_SUCCESS_URL = "logout-success-url";
21 static final String DEF_LOGOUT_SUCCESS_URL = "/";
22
23 static final String ATT_INVALIDATE_SESSION = "invalidate-session";
24 static final String DEF_INVALIDATE_SESSION = "true";
25
26 static final String ATT_LOGOUT_URL = "logout-url";
27 static final String DEF_LOGOUT_URL = "/j_spring_security_logout";
28
29 String rememberMeServices;
30
31 public LogoutBeanDefinitionParser(String rememberMeServices) {
32 this.rememberMeServices = rememberMeServices;
33 }
34
35 public BeanDefinition parse(Element element, ParserContext parserContext) {
36 String logoutUrl = null;
37 String logoutSuccessUrl = null;
38 String invalidateSession = null;
39
40 BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(LogoutFilter.class);
41
42 if (element != null) {
43 Object source = parserContext.extractSource(element);
44 builder.setSource(source);
45 logoutUrl = element.getAttribute(ATT_LOGOUT_URL);
46 ConfigUtils.validateHttpRedirect(logoutUrl, parserContext, source);
47 logoutSuccessUrl = element.getAttribute(ATT_LOGOUT_SUCCESS_URL);
48 ConfigUtils.validateHttpRedirect(logoutSuccessUrl, parserContext, source);
49 invalidateSession = element.getAttribute(ATT_INVALIDATE_SESSION);
50 }
51
52 if (!StringUtils.hasText(logoutUrl)) {
53 logoutUrl = DEF_LOGOUT_URL;
54 }
55 builder.addPropertyValue("filterProcessesUrl", logoutUrl);
56
57 if (!StringUtils.hasText(logoutSuccessUrl)) {
58 logoutSuccessUrl = DEF_LOGOUT_SUCCESS_URL;
59 }
60 builder.addConstructorArg(logoutSuccessUrl);
61
62 if (!StringUtils.hasText(invalidateSession)) {
63 invalidateSession = DEF_INVALIDATE_SESSION;
64 }
65
66 ManagedList handlers = new ManagedList();
67 SecurityContextLogoutHandler sclh = new SecurityContextLogoutHandler();
68 if ("true".equals(invalidateSession)) {
69 sclh.setInvalidateHttpSession(true);
70 } else {
71 sclh.setInvalidateHttpSession(false);
72 }
73 handlers.add(sclh);
74
75 if (rememberMeServices != null) {
76 handlers.add(new RuntimeBeanReference(rememberMeServices));
77 }
78
79 builder.addConstructorArg(handlers);
80
81 parserContext.getRegistry().registerBeanDefinition(BeanIds.LOGOUT_FILTER, builder.getBeanDefinition());
82 ConfigUtils.addHttpFilter(parserContext, new RuntimeBeanReference(BeanIds.LOGOUT_FILTER));
83
84 return null;
85 }
86 }