java.lang.Object |
↳ |
javax.servlet.GenericServlet |
|
↳ |
javax.servlet.http.HttpServlet |
|
|
↳ |
com.atlassian.jira.security.login.JiraLogoutServlet |
Class Overview
Responsible for processing log-out requests.
It performs an XSRF check and delegates to the underlying Seraph
log-out servlet.
See Also
- com.atlassian.seraph.logout.LogoutServlet
Summary
Protected Methods |
void
|
service(HttpServletRequest request, HttpServletResponse response)
Processes a request to log-out a User.
|
[Expand]
Inherited Methods |
From class
javax.servlet.http.HttpServlet
void
|
doDelete(HttpServletRequest arg0, HttpServletResponse arg1)
|
void
|
doGet(HttpServletRequest arg0, HttpServletResponse arg1)
|
void
|
doHead(HttpServletRequest arg0, HttpServletResponse arg1)
|
void
|
doOptions(HttpServletRequest arg0, HttpServletResponse arg1)
|
void
|
doPost(HttpServletRequest arg0, HttpServletResponse arg1)
|
void
|
doPut(HttpServletRequest arg0, HttpServletResponse arg1)
|
void
|
doTrace(HttpServletRequest arg0, HttpServletResponse arg1)
|
long
|
getLastModified(HttpServletRequest arg0)
|
void
|
service(ServletRequest arg0, ServletResponse arg1)
|
void
|
service(HttpServletRequest arg0, HttpServletResponse arg1)
|
|
From class
javax.servlet.GenericServlet
void
|
destroy()
|
String
|
getInitParameter(String arg0)
|
Enumeration
|
getInitParameterNames()
|
ServletConfig
|
getServletConfig()
|
ServletContext
|
getServletContext()
|
String
|
getServletInfo()
|
String
|
getServletName()
|
void
|
init()
|
void
|
init(ServletConfig arg0)
|
void
|
log(String arg0, Throwable arg1)
|
void
|
log(String arg0)
|
abstract
void
|
service(ServletRequest arg0, ServletResponse arg1)
|
|
From class
java.lang.Object
Object
|
clone()
|
boolean
|
equals(Object arg0)
|
void
|
finalize()
|
final
Class<?>
|
getClass()
|
int
|
hashCode()
|
final
void
|
notify()
|
final
void
|
notifyAll()
|
String
|
toString()
|
final
void
|
wait()
|
final
void
|
wait(long arg0, int arg1)
|
final
void
|
wait(long arg0)
|
|
From interface
javax.servlet.Servlet
void
|
destroy()
|
ServletConfig
|
getServletConfig()
|
String
|
getServletInfo()
|
void
|
init(ServletConfig arg0)
|
void
|
service(ServletRequest arg0, ServletResponse arg1)
|
|
From interface
javax.servlet.ServletConfig
|
Public Constructors
public
JiraLogoutServlet
()
Public Methods
public
ServletConfig
getServletConfig
()
public
void
init
(ServletConfig servletConfig)
Protected Methods
protected
void
service
(HttpServletRequest request, HttpServletResponse response)
Processes a request to log-out a User. If there's a valid XSRF token, it delegates to the underlying Seraph
log-out servlet.
Otherwise, it is possible that the XSRF token has expired (due to a session timeout), or that this is a dodgy
token.
When the session times out, there are users who have remember me or Crowd SSO turned on and they will be
authenticated. We need to confirm that they are who they say they are in order to perform a log-out,
this is because we need to perform clean-up operations for them (e.g removing the remember me cookie, we don't
want attacker to trick you into deleting your own remember me cookie).
On the other hand, if there's no authenticated user and the session is gone, we tell the user that he's
already logged out.
Parameters
request
| The request in play. |
response
| The response in play. |