View Javadoc

1   package org.springframework.security.config;
2   
3   import org.springframework.beans.factory.config.BeanDefinition;
4   import org.springframework.beans.factory.config.RuntimeBeanReference;
5   import org.springframework.beans.factory.support.BeanDefinitionBuilder;
6   import org.springframework.beans.factory.support.ManagedList;
7   import org.springframework.beans.factory.xml.BeanDefinitionParser;
8   import org.springframework.beans.factory.xml.ParserContext;
9   import org.springframework.security.ui.logout.LogoutFilter;
10  import org.springframework.security.ui.logout.SecurityContextLogoutHandler;
11  import org.springframework.util.StringUtils;
12  import org.w3c.dom.Element;
13  
14  /**
15   * @author Luke Taylor
16   * @author Ben Alex
17   * @version $Id: LogoutBeanDefinitionParser.java 3189 2008-07-15 18:22:53Z luke_t $
18   */
19  public class LogoutBeanDefinitionParser implements BeanDefinitionParser {
20      static final String ATT_LOGOUT_SUCCESS_URL = "logout-success-url";
21      static final String DEF_LOGOUT_SUCCESS_URL = "/";
22  
23      static final String ATT_INVALIDATE_SESSION = "invalidate-session";
24      static final String DEF_INVALIDATE_SESSION  = "true";
25  
26      static final String ATT_LOGOUT_URL = "logout-url";
27      static final String DEF_LOGOUT_URL = "/j_spring_security_logout";
28      
29      String rememberMeServices;
30  
31      public LogoutBeanDefinitionParser(String rememberMeServices) {
32          this.rememberMeServices = rememberMeServices;
33      }
34  
35      public BeanDefinition parse(Element element, ParserContext parserContext) {
36          String logoutUrl = null;
37          String logoutSuccessUrl = null;
38          String invalidateSession = null;
39  
40          BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(LogoutFilter.class);
41  
42          if (element != null) {
43              Object source = parserContext.extractSource(element);
44              builder.setSource(source);
45              logoutUrl = element.getAttribute(ATT_LOGOUT_URL);
46              ConfigUtils.validateHttpRedirect(logoutUrl, parserContext, source);
47              logoutSuccessUrl = element.getAttribute(ATT_LOGOUT_SUCCESS_URL);
48              ConfigUtils.validateHttpRedirect(logoutSuccessUrl, parserContext, source);
49              invalidateSession = element.getAttribute(ATT_INVALIDATE_SESSION);
50          }
51  
52          if (!StringUtils.hasText(logoutUrl)) {
53              logoutUrl = DEF_LOGOUT_URL;
54          }
55          builder.addPropertyValue("filterProcessesUrl", logoutUrl);
56  
57          if (!StringUtils.hasText(logoutSuccessUrl)) {
58              logoutSuccessUrl = DEF_LOGOUT_SUCCESS_URL;
59          }
60          builder.addConstructorArg(logoutSuccessUrl);
61  
62          if (!StringUtils.hasText(invalidateSession)) {
63              invalidateSession = DEF_INVALIDATE_SESSION;
64          }
65  
66          ManagedList handlers = new ManagedList();
67          SecurityContextLogoutHandler sclh = new SecurityContextLogoutHandler();
68          if ("true".equals(invalidateSession)) {
69              sclh.setInvalidateHttpSession(true);
70          } else {
71              sclh.setInvalidateHttpSession(false);
72          }
73          handlers.add(sclh);
74  
75          if (rememberMeServices != null) {
76              handlers.add(new RuntimeBeanReference(rememberMeServices));
77          }
78  
79          builder.addConstructorArg(handlers);
80  
81          parserContext.getRegistry().registerBeanDefinition(BeanIds.LOGOUT_FILTER, builder.getBeanDefinition());
82          ConfigUtils.addHttpFilter(parserContext, new RuntimeBeanReference(BeanIds.LOGOUT_FILTER));
83          
84          return null;
85      }
86  }