ONLINE_TICKET cookie

16cba997 · MaxKey单点登录官方 · b2f98755 · 16cba997 · 16cba997 · 16cba997
3 changed file
--- a/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
+++ b/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
@@ -150,12 +150,11 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
        
        OnlineTicket onlineTicket = new OnlineTicket(onlineTickitId);
        
-        
+        //set ONLINE_TICKET cookie
        WebContext.setCookie(WebContext.getResponse(), 
                this.applicationConfig.getBaseDomainName(), 
                WebConstants.ONLINE_TICKET_NAME, 
-                onlineTickitId, 
-                0);
+                onlineTickitId);
        
        SigninPrincipal signinPrincipal = new SigninPrincipal(userInfo);
        //set OnlineTicket

--- a/maxkey-core/src/main/java/org/maxkey/web/WebContext.java
+++ b/maxkey-core/src/main/java/org/maxkey/web/WebContext.java
@@ -368,7 +368,7 @@ public final class WebContext {
            e.printStackTrace();
        }
        // 单位：秒
-        if(time > 0) {
+        if(time >= 0) {
            cookie.setMaxAge(time);
        }
        // 将Cookie添加到Response中,使之生效
@@ -376,6 +376,18 @@ public final class WebContext {
        return response;
    }

+    public static HttpServletResponse expiryCookie(
+            HttpServletResponse response, String domain ,String name, String value) {
+        WebContext.setCookie(response,domain,name, value,0);
+        return response;
+    }
+    
+    public static HttpServletResponse setCookie(
+            HttpServletResponse response, String domain ,String name, String value) {
+        WebContext.setCookie(response,domain,name, value,-1);
+        return response;
+    }
+
    /**
     * get Current Date,eg 2012-07-10.
     * 

--- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LogoutEndpoint.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LogoutEndpoint.java
@@ -19,6 +19,7 @@ package org.maxkey.web.endpoint;

 import java.util.Iterator;
 import java.util.Set;
+import java.util.UUID;
 import java.util.Map.Entry;

 import javax.servlet.http.HttpServletRequest;
@@ -125,6 +126,13 @@ public class LogoutEndpoint {
            }
        }
 		onlineTicketServices.remove(onlineTicketId);
+ 		
+ 		//remove ONLINE_TICKET cookie
+ 		WebContext.expiryCookie(WebContext.getResponse(), 
+                this.applicationConfig.getBaseDomainName(), 
+                WebConstants.ONLINE_TICKET_NAME, 
+                UUID.randomUUID().toString());
+ 		
 		request.getSession().invalidate();
 		SecurityContextHolder.clearContext();