001 /* Copyright 2006-2009 the original author or authors. 002 * 003 * Licensed under the Apache License, Version 2.0 (the "License"); 004 * you may not use this file except in compliance with the License. 005 * You may obtain a copy of the License at 006 * 007 * http://www.apache.org/licenses/LICENSE-2.0 008 * 009 * Unless required by applicable law or agreed to in writing, software 010 * distributed under the License is distributed on an "AS IS" BASIS, 011 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 012 * See the License for the specific language governing permissions and 013 * limitations under the License. 014 */ 015 package org.codehaus.groovy.grails.plugins.springsecurity.facebook; 016 017 import javax.servlet.http.Cookie; 018 import javax.servlet.http.HttpServletRequest; 019 import javax.servlet.http.HttpServletResponse; 020 021 import org.springframework.beans.factory.InitializingBean; 022 import org.springframework.security.Authentication; 023 import org.springframework.security.ui.logout.LogoutHandler; 024 import org.springframework.util.Assert; 025 import org.springframework.util.StringUtils; 026 027 /** 028 * Removes cookies at logout. 029 * 030 * @author <a href='mailto:beckwithb@studentsonly.com'>Burt Beckwith</a> 031 */ 032 public class FacebookLogoutHandler implements LogoutHandler, InitializingBean { 033 034 private String _apiKey; 035 036 /** 037 * {@inheritDoc} 038 * @see org.springframework.security.ui.logout.LogoutHandler#logout( 039 * javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, 040 * org.springframework.security.Authentication) 041 */ 042 public void logout(final HttpServletRequest request, final HttpServletResponse response, 043 final Authentication authentication) { 044 045 Cookie[] cookies = request.getCookies(); 046 if (cookies != null) { 047 String path = StringUtils.hasLength(request.getContextPath()) ? request.getContextPath() : "/"; 048 for (Cookie cookie : cookies) { 049 if (cookie.getName().startsWith(_apiKey)) { 050 cancelCookie(cookie.getName(), path, response); 051 } 052 } 053 } 054 } 055 056 private void cancelCookie(final String name, final String path, final HttpServletResponse response) { 057 Cookie cookie = new Cookie(name, null); 058 cookie.setMaxAge(0); 059 cookie.setPath(path); 060 response.addCookie(cookie); 061 } 062 063 /** 064 * Dependency injection for the API key. 065 * @param key the key 066 */ 067 public void setApiKey(final String key) { 068 _apiKey = key; 069 } 070 071 /** 072 * {@inheritDoc} 073 * @see org.springframework.beans.factory.InitializingBean#afterPropertiesSet() 074 */ 075 public void afterPropertiesSet() { 076 Assert.notNull(_apiKey, "API key must be specified"); 077 } 078 }