shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lhazlew...@apache.org
Subject svn commit: r1099975 - in /shiro/trunk: samples/web/src/main/webapp/ samples/web/src/main/webapp/WEB-INF/ samples/web/src/main/webapp/account/ samples/web/src/test/java/org/apache/shiro/test/ web/src/main/java/org/apache/shiro/web/filter/authc/ web/src...
Date Thu, 05 May 2011 21:35:44 GMT
Author: lhazlewood
Date: Thu May  5 21:35:43 2011
New Revision: 1099975

URL: http://svn.apache.org/viewvc?rev=1099975&view=rev
Log:
SHIRO-284: implemented filter, added it to the DefaultFilter enum, updated the 'web' sample
application to show its usage.

Added:
    shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/LogoutFilter.java
Removed:
    shiro/trunk/samples/web/src/main/webapp/logout.jsp
Modified:
    shiro/trunk/samples/web/src/main/webapp/WEB-INF/shiro.ini
    shiro/trunk/samples/web/src/main/webapp/account/index.jsp
    shiro/trunk/samples/web/src/main/webapp/home.jsp
    shiro/trunk/samples/web/src/test/java/org/apache/shiro/test/ContainerIntegrationTest.java
    shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/mgt/DefaultFilter.java

Modified: shiro/trunk/samples/web/src/main/webapp/WEB-INF/shiro.ini
URL: http://svn.apache.org/viewvc/shiro/trunk/samples/web/src/main/webapp/WEB-INF/shiro.ini?rev=1099975&r1=1099974&r2=1099975&view=diff
==============================================================================
--- shiro/trunk/samples/web/src/main/webapp/WEB-INF/shiro.ini (original)
+++ shiro/trunk/samples/web/src/main/webapp/WEB-INF/shiro.ini Thu May  5 21:35:43 2011
@@ -25,5 +25,6 @@ goodguy = winnebago:drive:eagle5
 # login submissions. It is 'smart' enough to allow those requests through as specified by
the
 # shiro.loginUrl above.
 /login.jsp = authc
+/logout = logout
 /account/** = authc
 /remoting/** = authc, roles[b2bClient], perms["remote:invoke:lan,wan"]
\ No newline at end of file

Modified: shiro/trunk/samples/web/src/main/webapp/account/index.jsp
URL: http://svn.apache.org/viewvc/shiro/trunk/samples/web/src/main/webapp/account/index.jsp?rev=1099975&r1=1099974&r2=1099975&view=diff
==============================================================================
--- shiro/trunk/samples/web/src/main/webapp/account/index.jsp (original)
+++ shiro/trunk/samples/web/src/main/webapp/account/index.jsp Thu May  5 21:35:43 2011
@@ -30,7 +30,7 @@
 
 <p><a href="<c:url value="/home.jsp"/>">Return to the home page.</a></p>
 
-<p><a href="<c:url value="/logout.jsp"/>">Log out.</a></p>
+<p><a href="<c:url value="/logout"/>">Log out.</a></p>
 
 </body>
 </html>
\ No newline at end of file

Modified: shiro/trunk/samples/web/src/main/webapp/home.jsp
URL: http://svn.apache.org/viewvc/shiro/trunk/samples/web/src/main/webapp/home.jsp?rev=1099975&r1=1099974&r2=1099975&view=diff
==============================================================================
--- shiro/trunk/samples/web/src/main/webapp/home.jsp (original)
+++ shiro/trunk/samples/web/src/main/webapp/home.jsp Thu May  5 21:35:43 2011
@@ -28,7 +28,7 @@
 <h1>Apache Shiro Quickstart</h1>
 
 <p>Hi <shiro:guest>Guest</shiro:guest><shiro:user><shiro:principal/></shiro:user>!
-    ( <shiro:user><a href="<c:url value="/logout.jsp"/>">Log out</a></shiro:user>
+    ( <shiro:user><a href="<c:url value="/logout"/>">Log out</a></shiro:user>
     <shiro:guest><a href="<c:url value="/login.jsp"/>">Log in</a>
(sample accounts provided)</shiro:guest> )
 </p>
 

Modified: shiro/trunk/samples/web/src/test/java/org/apache/shiro/test/ContainerIntegrationTest.java
URL: http://svn.apache.org/viewvc/shiro/trunk/samples/web/src/test/java/org/apache/shiro/test/ContainerIntegrationTest.java?rev=1099975&r1=1099974&r2=1099975&view=diff
==============================================================================
--- shiro/trunk/samples/web/src/test/java/org/apache/shiro/test/ContainerIntegrationTest.java
(original)
+++ shiro/trunk/samples/web/src/test/java/org/apache/shiro/test/ContainerIntegrationTest.java
Thu May  5 21:35:43 2011
@@ -18,12 +18,6 @@
  */
 package org.apache.shiro.test;
 
-import java.io.IOException;
-import java.net.MalformedURLException;
-
-import org.junit.Before;
-import org.junit.Test;
-
 import com.gargoylesoftware.htmlunit.ElementNotFoundException;
 import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
 import com.gargoylesoftware.htmlunit.WebAssert;
@@ -31,6 +25,11 @@ import com.gargoylesoftware.htmlunit.htm
 import com.gargoylesoftware.htmlunit.html.HtmlForm;
 import com.gargoylesoftware.htmlunit.html.HtmlInput;
 import com.gargoylesoftware.htmlunit.html.HtmlPage;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.net.MalformedURLException;
 
 public class ContainerIntegrationTest extends AbstractContainerTest {
 
@@ -39,7 +38,7 @@ public class ContainerIntegrationTest ex
         // Make sure we are logged out
         final HtmlPage homePage = webClient.getPage(BASEURI);
         try {
-            homePage.getAnchorByHref("/logout.jsp").click();
+            homePage.getAnchorByHref("/logout").click();
         }
         catch (ElementNotFoundException e) {
             //Ignore
@@ -55,7 +54,7 @@ public class ContainerIntegrationTest ex
         form.<HtmlInput>getInputByName("password").setValueAttribute("secret");
         page = form.<HtmlInput>getInputByName("submit").click();
         // This'll throw an expection if not logged in
-        page.getAnchorByHref("/logout.jsp");
+        page.getAnchorByHref("/logout");
     }
 
     @Test
@@ -70,7 +69,7 @@ public class ContainerIntegrationTest ex
         server.stop();
         server.start();
         page = webClient.getPage(BASEURI);
-        // page.getAnchorByHref("/logout.jsp");
+        // page.getAnchorByHref("/logout");
         WebAssert.assertLinkPresentWithText(page, "Log out");
         page = page.getAnchorByHref("/account").click();
         // login page should be shown again - user remembered but not authenticated

Added: shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/LogoutFilter.java
URL: http://svn.apache.org/viewvc/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/LogoutFilter.java?rev=1099975&view=auto
==============================================================================
--- shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/LogoutFilter.java (added)
+++ shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/LogoutFilter.java Thu
May  5 21:35:43 2011
@@ -0,0 +1,93 @@
+package org.apache.shiro.web.filter.authc;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.web.servlet.AdviceFilter;
+import org.apache.shiro.web.util.WebUtils;
+
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+/**
+ * Simple Filter that, upon receiving a request, will immediately log-out the currently executing
+ * {@link #getSubject(javax.servlet.ServletRequest, javax.servlet.ServletResponse) subject}
+ * and then redirect them to a configured {@link #getRedirectUrl() redirectUrl}.
+ *
+ * @since 1.2
+ */
+public class LogoutFilter extends AdviceFilter {
+
+    /**
+     * The default redirect URL to where the user will be redirected after logout.  The value
is {@code "/"}, Shiro's
+     * representation of the web application's context root.
+     */
+    public static final String DEFAULT_REDIRECT_URL = "/";
+
+    /**
+     * The URL to where the user will be redirected after logout.
+     */
+    private String redirectUrl = DEFAULT_REDIRECT_URL;
+
+    /**
+     * Immediately logs out the currently executing {@link #getSubject(javax.servlet.ServletRequest,
javax.servlet.ServletResponse) subject}
+     * and redirects the end-user to the configured {@link #getRedirectUrl() redirectUrl}.
+     *
+     * @param request  the incoming ServletRequest
+     * @param response the outgoing ServletResponse
+     * @return {@code false} always as typically no further interaction should be done after
user logout.
+     * @throws Exception if there is any error.
+     */
+    @Override
+    protected boolean preHandle(ServletRequest request, ServletResponse response) throws
Exception {
+        Subject subject = getSubject(request, response);
+        subject.logout();
+        issueRedirect(request, response);
+        return false;
+    }
+
+    /**
+     * Returns the currently executing {@link Subject}.  This implementation merely defaults
to calling
+     * {@code SecurityUtils.}{@link org.apache.shiro.SecurityUtils#getSubject() getSubject()},
but can be overridden
+     * by subclasses for different retrieval strategies.
+     *
+     * @param request  the incoming Servlet request
+     * @param response the outgoing Servlet response
+     * @return the currently executing {@link Subject}.
+     */
+    protected Subject getSubject(ServletRequest request, ServletResponse response) {
+        return SecurityUtils.getSubject();
+    }
+
+    /**
+     * Issues an HTTP redirect after subject logout.  This implementation calls
+     * {@code WebUtils.}{@link WebUtils#issueRedirect(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
String) issueRedirect(request,response,redirectUrl)}
+     * using the configured {@link #getRedirectUrl()}.
+     *
+     * @param request  the incoming Servlet request
+     * @param response the outgoing Servlet response
+     * @throws Exception if there is any error.
+     */
+    protected void issueRedirect(ServletRequest request, ServletResponse response) throws
Exception {
+        WebUtils.issueRedirect(request, response, getRedirectUrl());
+    }
+
+    /**
+     * Returns the URL to where the user will be redirected after logout.  Default is the
web application's context
+     * root, i.e. {@code "/"}
+     *
+     * @return the URL to where the user will be redirected after logout.
+     */
+    public String getRedirectUrl() {
+        return redirectUrl;
+    }
+
+    /**
+     * Sets the URL to where the user will be redirected after logout.  Default is the web
application's context
+     * root, i.e. {@code "/"}
+     *
+     * @param redirectUrl the url to where the user will be redirected after logout
+     */
+    public void setRedirectUrl(String redirectUrl) {
+        this.redirectUrl = redirectUrl;
+    }
+}

Modified: shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/mgt/DefaultFilter.java
URL: http://svn.apache.org/viewvc/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/mgt/DefaultFilter.java?rev=1099975&r1=1099974&r2=1099975&view=diff
==============================================================================
--- shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/mgt/DefaultFilter.java (original)
+++ shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/mgt/DefaultFilter.java Thu May
 5 21:35:43 2011
@@ -19,15 +19,8 @@
 package org.apache.shiro.web.filter.mgt;
 
 import org.apache.shiro.util.ClassUtils;
-import org.apache.shiro.web.filter.authc.AnonymousFilter;
-import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
-import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
-import org.apache.shiro.web.filter.authc.UserFilter;
-import org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter;
-import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;
-import org.apache.shiro.web.filter.authz.PortFilter;
-import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter;
-import org.apache.shiro.web.filter.authz.SslFilter;
+import org.apache.shiro.web.filter.authc.*;
+import org.apache.shiro.web.filter.authz.*;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterConfig;
@@ -46,6 +39,7 @@ public enum DefaultFilter {
     anon(AnonymousFilter.class),
     authc(FormAuthenticationFilter.class),
     authcBasic(BasicHttpAuthenticationFilter.class),
+    logout(LogoutFilter.class),
     perms(PermissionsAuthorizationFilter.class),
     port(PortFilter.class),
     rest(HttpMethodPermissionFilter.class),



Mime
View raw message