com.atlassian.jira.security.login
Class JiraLogoutServlet
java.lang.Object
javax.servlet.GenericServlet
javax.servlet.http.HttpServlet
com.atlassian.jira.security.login.JiraLogoutServlet
- All Implemented Interfaces:
- Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig
public class JiraLogoutServlet
- extends javax.servlet.http.HttpServlet
Responsible for processing log-out requests.
It performs an XSRF check and delegates to the underlying Seraph
log-out servlet.
- Since:
- v4.1.1
- See Also:
LogoutServlet
,
Serialized Form
Method Summary |
void |
destroy()
|
javax.servlet.ServletConfig |
getServletConfig()
|
void |
init()
|
void |
init(javax.servlet.ServletConfig servletConfig)
|
protected void |
service(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Processes a request to log-out a User. |
Methods inherited from class javax.servlet.http.HttpServlet |
doDelete, doGet, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service |
Methods inherited from class javax.servlet.GenericServlet |
getInitParameter, getInitParameterNames, getServletContext, getServletInfo, getServletName, log, log |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
JiraLogoutServlet
public JiraLogoutServlet()
init
public void init()
throws javax.servlet.ServletException
- Overrides:
init
in class javax.servlet.GenericServlet
- Throws:
javax.servlet.ServletException
init
public void init(javax.servlet.ServletConfig servletConfig)
throws javax.servlet.ServletException
- Specified by:
init
in interface javax.servlet.Servlet
- Overrides:
init
in class javax.servlet.GenericServlet
- Throws:
javax.servlet.ServletException
service
protected void service(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
throws javax.servlet.ServletException,
IOException
Processes a request to log-out a User. If there's a valid XSRF token, it delegates to the underlying Seraph
log-out servlet.
Otherwise, it is possible that the XSRF token has expired (due to a session timeout), or that this is a dodgy
token.
When the session times out, there are users who have remember me or Crowd SSO turned on and they will be
authenticated. We need to confirm that they are who they say they are in order to perform a log-out,
this is because we need to perform clean-up operations for them (e.g removing the remember me cookie, we don't
want attacker to trick you into deleting your own remember me cookie).
On the other hand, if there's no authenticated user and the session is gone, we tell the user that he's
already logged out.
- Overrides:
service
in class javax.servlet.http.HttpServlet
- Parameters:
request
- The request in play.response
- The response in play.
- Throws:
javax.servlet.ServletException
IOException
getServletConfig
public javax.servlet.ServletConfig getServletConfig()
- Specified by:
getServletConfig
in interface javax.servlet.Servlet
- Overrides:
getServletConfig
in class javax.servlet.GenericServlet
destroy
public void destroy()
- Specified by:
destroy
in interface javax.servlet.Servlet
- Overrides:
destroy
in class javax.servlet.GenericServlet
Copyright © 2002-2013 Atlassian. All Rights Reserved.