001    /* Copyright 2006-2009 the original author or authors.
002     *
003     * Licensed under the Apache License, Version 2.0 (the "License");
004     * you may not use this file except in compliance with the License.
005     * You may obtain a copy of the License at
006     *
007     *      http://www.apache.org/licenses/LICENSE-2.0
008     *
009     * Unless required by applicable law or agreed to in writing, software
010     * distributed under the License is distributed on an "AS IS" BASIS,
011     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012     * See the License for the specific language governing permissions and
013     * limitations under the License.
014     */
015    package org.codehaus.groovy.grails.plugins.springsecurity.facebook;
016    
017    import javax.servlet.http.Cookie;
018    import javax.servlet.http.HttpServletRequest;
019    import javax.servlet.http.HttpServletResponse;
020    
021    import org.springframework.beans.factory.InitializingBean;
022    import org.springframework.security.Authentication;
023    import org.springframework.security.ui.logout.LogoutHandler;
024    import org.springframework.util.Assert;
025    import org.springframework.util.StringUtils;
026    
027    /**
028     * Removes cookies at logout.
029     *
030     * @author <a href='mailto:beckwithb@studentsonly.com'>Burt Beckwith</a>
031     */
032    public class FacebookLogoutHandler implements LogoutHandler, InitializingBean {
033    
034            private String _apiKey;
035    
036            /**
037             * {@inheritDoc}
038             * @see org.springframework.security.ui.logout.LogoutHandler#logout(
039             *      javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
040             *      org.springframework.security.Authentication)
041             */
042            public void logout(final HttpServletRequest request, final HttpServletResponse response,
043                            final Authentication authentication) {
044    
045                    Cookie[] cookies = request.getCookies();
046                    if (cookies != null) {
047                            String path = StringUtils.hasLength(request.getContextPath()) ? request.getContextPath() : "/";
048                            for (Cookie cookie : cookies) {
049                                    if (cookie.getName().startsWith(_apiKey)) {
050                                            cancelCookie(cookie.getName(), path, response);
051                                    }
052                            }
053                    }
054            }
055    
056            private void cancelCookie(final String name, final String path, final HttpServletResponse response) {
057          Cookie cookie = new Cookie(name, null);
058          cookie.setMaxAge(0);
059          cookie.setPath(path);
060          response.addCookie(cookie);
061            }
062    
063            /**
064             * Dependency injection for the API key.
065             * @param key  the key
066             */
067            public void setApiKey(final String key) {
068                    _apiKey = key;
069            }
070    
071            /**
072             * {@inheritDoc}
073             * @see org.springframework.beans.factory.InitializingBean#afterPropertiesSet()
074             */
075            public void afterPropertiesSet() {
076          Assert.notNull(_apiKey, "API key must be specified");
077            }
078    }