| java.lang.Object |
| ↳ |
javax.servlet.GenericServlet |
| |
↳ |
javax.servlet.http.HttpServlet |
| |
|
↳ |
com.atlassian.jira.security.login.JiraLogoutServlet |
Class Overview
Responsible for processing log-out requests.
It performs an XSRF check and delegates to the underlying Seraph
log-out servlet.
See Also
- com.atlassian.seraph.logout.LogoutServlet
Summary
| Protected Methods |
|---|
|
void
|
service(HttpServletRequest request, HttpServletResponse response)
Processes a request to log-out a User. |
|
[Expand]
Inherited Methods |
|---|
From class
javax.servlet.http.HttpServlet
|
void
|
doDelete(HttpServletRequest arg0, HttpServletResponse arg1)
|
|
void
|
doGet(HttpServletRequest arg0, HttpServletResponse arg1)
|
|
void
|
doHead(HttpServletRequest arg0, HttpServletResponse arg1)
|
|
void
|
doOptions(HttpServletRequest arg0, HttpServletResponse arg1)
|
|
void
|
doPost(HttpServletRequest arg0, HttpServletResponse arg1)
|
|
void
|
doPut(HttpServletRequest arg0, HttpServletResponse arg1)
|
|
void
|
doTrace(HttpServletRequest arg0, HttpServletResponse arg1)
|
|
long
|
getLastModified(HttpServletRequest arg0)
|
|
void
|
service(ServletRequest arg0, ServletResponse arg1)
|
|
void
|
service(HttpServletRequest arg0, HttpServletResponse arg1)
|
|
From class
javax.servlet.GenericServlet
|
void
|
destroy()
|
|
String
|
getInitParameter(String arg0)
|
|
Enumeration
|
getInitParameterNames()
|
|
ServletConfig
|
getServletConfig()
|
|
ServletContext
|
getServletContext()
|
|
String
|
getServletInfo()
|
|
String
|
getServletName()
|
|
void
|
init()
|
|
void
|
init(ServletConfig arg0)
|
|
void
|
log(String arg0, Throwable arg1)
|
|
void
|
log(String arg0)
|
|
abstract
void
|
service(ServletRequest arg0, ServletResponse arg1)
|
|
From class
java.lang.Object
|
Object
|
clone()
|
|
boolean
|
equals(Object arg0)
|
|
void
|
finalize()
|
|
final
Class<?>
|
getClass()
|
|
int
|
hashCode()
|
|
final
void
|
notify()
|
|
final
void
|
notifyAll()
|
|
String
|
toString()
|
|
final
void
|
wait()
|
|
final
void
|
wait(long arg0, int arg1)
|
|
final
void
|
wait(long arg0)
|
|
From interface
javax.servlet.Servlet
|
void
|
destroy()
|
|
ServletConfig
|
getServletConfig()
|
|
String
|
getServletInfo()
|
|
void
|
init(ServletConfig arg0)
|
|
void
|
service(ServletRequest arg0, ServletResponse arg1)
|
|
|
From interface
javax.servlet.ServletConfig
|
Public Constructors
public
JiraLogoutServlet
()
Public Methods
public
ServletConfig
getServletConfig
()
public
void
init
(ServletConfig servletConfig)
Protected Methods
protected
void
service
(HttpServletRequest request, HttpServletResponse response)
Processes a request to log-out a User. If there's a valid XSRF token, it delegates to the underlying Seraph
log-out servlet.
Otherwise, it is possible that the XSRF token has expired (due to a session timeout), or that this is a dodgy
token.
When the session times out, there are users who have remember me or Crowd SSO turned on and they will be
authenticated. We need to confirm that they are who they say they are in order to perform a log-out,
this is because we need to perform clean-up operations for them (e.g removing the remember me cookie, we don't
want attacker to trick you into deleting your own remember me cookie).
On the other hand, if there's no authenticated user and the session is gone, we tell the user that he's
already logged out.
Parameters
| request
| The request in play. |
| response
| The response in play. |
