public class JiraLogoutServlet
extends javax.servlet.http.HttpServlet
LogoutServlet
,
Serialized FormConstructor and Description |
---|
JiraLogoutServlet() |
Modifier and Type | Method and Description |
---|---|
void |
destroy() |
javax.servlet.ServletConfig |
getServletConfig() |
void |
init() |
void |
init(javax.servlet.ServletConfig servletConfig) |
protected void |
service(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Processes a request to log-out a User.
|
doDelete, doGet, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service
public void init() throws javax.servlet.ServletException
init
in class javax.servlet.GenericServlet
javax.servlet.ServletException
public void init(javax.servlet.ServletConfig servletConfig) throws javax.servlet.ServletException
init
in interface javax.servlet.Servlet
init
in class javax.servlet.GenericServlet
javax.servlet.ServletException
protected void service(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws javax.servlet.ServletException, IOException
Processes a request to log-out a User. If there's a valid XSRF token, it delegates to the underlying Seraph log-out servlet.
Otherwise, it is possible that the XSRF token has expired (due to a session timeout), or that this is a dodgy token.
When the session times out, there are users who have remember me or Crowd SSO turned on and they will be authenticated. We need to confirm that they are who they say they are in order to perform a log-out, this is because we need to perform clean-up operations for them (e.g removing the remember me cookie, we don't want attacker to trick you into deleting your own remember me cookie).
On the other hand, if there's no authenticated user and the session is gone, we tell the user that he's already logged out.
service
in class javax.servlet.http.HttpServlet
request
- The request in play.response
- The response in play.javax.servlet.ServletException
IOException
public javax.servlet.ServletConfig getServletConfig()
getServletConfig
in interface javax.servlet.Servlet
getServletConfig
in class javax.servlet.GenericServlet
public void destroy()
destroy
in interface javax.servlet.Servlet
destroy
in class javax.servlet.GenericServlet
Copyright © 2002-2016 Atlassian. All Rights Reserved.