/* | |
* Copyright 2011 gitblit.com. | |
* | |
* Licensed under the Apache License, Version 2.0 (the "License"); | |
* you may not use this file except in compliance with the License. | |
* You may obtain a copy of the License at | |
* | |
* http://www.apache.org/licenses/LICENSE-2.0 | |
* | |
* Unless required by applicable law or agreed to in writing, software | |
* distributed under the License is distributed on an "AS IS" BASIS, | |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
* See the License for the specific language governing permissions and | |
* limitations under the License. | |
*/ | |
package com.gitblit.wicket.pages; | |
import org.apache.wicket.protocol.http.WebRequest; | |
import org.apache.wicket.protocol.http.WebResponse; | |
import com.gitblit.models.UserModel; | |
import com.gitblit.wicket.GitBlitWebSession; | |
public class LogoutPage extends BasePage { | |
public LogoutPage() { | |
super(); | |
GitBlitWebSession session = GitBlitWebSession.get(); | |
UserModel user = session.getUser(); | |
app().authentication().logout(((WebResponse) getResponse()).getHttpServletResponse(), user); | |
session.invalidate(); | |
/* | |
* Now check whether the authentication was realized via the Authorization in the header. | |
* If so, it is likely to be cached by the browser, and cannot be undone. Effectively, this means | |
* that you cannot log out... | |
*/ | |
if ( ((WebRequest)getRequest()).getHttpServletRequest().getHeader("Authorization") != null ) { | |
// authentication will be done via this route anyway, show a page to close the browser: | |
// this will be done by Wicket. | |
setupPage(null, getString("gb.logout")); | |
} else { | |
setRedirect(true); | |
setResponsePage(getApplication().getHomePage()); | |
} // not via WWW-Auth | |
} // LogoutPage | |
} |