OAuthLogout.jsp revision e8721886dbfd32e88cc7077cbee4b6bb1b44b443
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<%--
7e5b2100ea65658a7ec3795919b4ecd29a6f118aMark Andrews DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
7e5b2100ea65658a7ec3795919b4ecd29a6f118aMark Andrews
eae67738cba5ca069e9d1d4e7b836a2f7b00a374Mark Andrews Copyright (c) 2011 ForgeRock Inc. All rights reserved.
eae67738cba5ca069e9d1d4e7b836a2f7b00a374Mark Andrews
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews The contents of this file are subject to the terms
46e873c835bf7d9ec3e1097e0aceb8db5b1ae93aMark Andrews of the Common Development and Distribution License
a3b428812703d22a605a9f882e71ed65f0ffdc65Mark Andrews (the License). You may not use this file except in
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews compliance with the License.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington You can obtain a copy of the License at
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews http://forgerock.org/license/CDDLv1.0.html
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington See the License for the specific language governing
01bf5871f8861eb805dd8ca79bdb9b0b9e4e6a5eMark Andrews permission and limitations under the License.
c718d15a9a95054ee3c71540c02335426071fc6dMark Andrews
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews When distributing Covered Code, include this CDDL
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Header Notice in each file and include the License file
c718d15a9a95054ee3c71540c02335426071fc6dMark Andrews at http://forgerock.org/license/CDDLv1.0.html
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews If applicable, add the following below the CDDL Header,
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews with the fields enclosed by brackets [] replaced by
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews your own identifying information:
c718d15a9a95054ee3c71540c02335426071fc6dMark Andrews "Portions Copyrighted [year] [name of copyright owner]"
c718d15a9a95054ee3c71540c02335426071fc6dMark Andrews
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews--%>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews<%--
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson Portions Copyrighted 2012 Open Source Solution Technology Corporation
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews--%>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews "http://www.w3.org/TR/html4/loose.dtd">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
a3b428812703d22a605a9f882e71ed65f0ffdc65Mark Andrews<%@ page language="java" pageEncoding="UTF-8" %>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<%@ page import="org.owasp.esapi.*" %>
c718d15a9a95054ee3c71540c02335426071fc6dMark Andrews<%@ page import="com.iplanet.am.util.SystemProperties" %>
c6d4f781529d2f28693546b25b2967d44ec89e60Mark Andrews<%@ page import="com.sun.identity.shared.Constants" %>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<%@ page import="static org.forgerock.openam.authentication.modules.oauth2.OAuthParam.*" %>
c718d15a9a95054ee3c71540c02335426071fc6dMark Andrews<%@ page import="java.io.IOException" %>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<%@ page import="java.util.ResourceBundle" %>
c069a20053d41ae299eb9457e50ea44ae9f73ed2Mark Andrews<%@ page import="java.util.Locale" %>
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews<%@ page import="java.util.MissingResourceException" %>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<%@ page import="org.forgerock.openam.authentication.modules.oauth2.OAuthUtil" %>
605bd686e437162b5ab65ac4e7c1be0bba1886ddMark Andrews<%
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews // Internationalization stuff. You can use any internationalization framework
ede29aeb412c5448ab9a2028763ae08e7887ca74Mark Andrews String lang = request.getParameter("lang");
1eb1e1e838d2ea00b166c918bf50764a95826be8Mark Andrews ResourceBundle resources;
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Locale locale = null;
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews try {
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson if (lang != null && lang.length() != 0) {
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews locale = new Locale(lang);
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews } else {
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson locale = request.getLocale();
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews }
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews resources = ResourceBundle.getBundle("amAuthOAuth", locale);
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson OAuthUtil.debugMessage("OAuthLogout: obtained resource bundle with locale " + locale);
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews } catch (MissingResourceException mr) {
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington OAuthUtil.debugError("OAuthLogout: Resource Bundle not found", mr);
26a77b80bb7ee886c6fa704348d5e80a011d8811Mark Andrews resources = ResourceBundle.getBundle("amAuthOAuth");
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews }
7e5b2100ea65658a7ec3795919b4ecd29a6f118aMark Andrews
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews String logoutForm = ESAPI.encoder().encodeForHTML(LOGOUT_FORM);
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews String loggedoutParam = ESAPI.encoder().encodeForHTML(PARAM_LOGGEDOUT);
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews String gotoParam = ESAPI.encoder().encodeForHTML(PARAM_GOTO);
62ee2c9f460d2e2e45dcf1abc8b4b4a4a43f5618Mark Andrews String logoutURLParam = ESAPI.encoder().encodeForHTML(PARAM_LOGOUT_URL);
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews String logmeoutValue = ESAPI.encoder().encodeForHTML(resources.getString("logmeout"));
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews String donotValue = ESAPI.encoder().encodeForHTML(resources.getString("donot"));
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews String doYouWantToLogout = resources.getString("doYouWantToLogout");
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews String youVeBeenLogedOut = resources.getString("youVeBeenLogedOut");
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson String loggingYouOut = resources.getString("loggingYouOut");
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews // Getting and validating params
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson String gotoURL = request.getParameter(PARAM_GOTO);
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews String gotoURLencAttr = "";
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson String OAuth2IdP = "";
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington String ServiceURI = SystemProperties.get(Constants.AM_SERVICES_DEPLOYMENT_DESCRIPTOR);
c25080dc50542213058c240226c9f342186e6285Mark Andrews if (gotoURL == null || gotoURL.isEmpty() ) {
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews gotoURL = ServiceURI + "/UI/Logout";
46e873c835bf7d9ec3e1097e0aceb8db5b1ae93aMark Andrews } else {
46e873c835bf7d9ec3e1097e0aceb8db5b1ae93aMark Andrews boolean isValidURL = ESAPI.validator().
dd9ad704c3800e3ab07ede8595871eac79984871Mark Andrews isValidInput("URLContext", gotoURL, "URL", 255, false);
605bd686e437162b5ab65ac4e7c1be0bba1886ddMark Andrews boolean isValidURI = ESAPI.validator().
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews isValidInput("HTTP URI: " + gotoURL, gotoURL, "HTTPURI", 2000, false);
413988c8166976498250c0ebb2e3a645d0366bd3Mark Andrews if (!isValidURL && !isValidURI) {
605bd686e437162b5ab65ac4e7c1be0bba1886ddMark Andrews OAuthUtil.debugError("OAuthLogout: wrong goto URL attempted to be used "
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews + "in the Logout page: " + gotoURL);
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews gotoURL = "wronggotoURL";
413988c8166976498250c0ebb2e3a645d0366bd3Mark Andrews }
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews }
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews String logoutURL = request.getParameter(PARAM_LOGOUT_URL);
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews if (logoutURL == null) {
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews logoutURL = "";
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews } else {
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews boolean isValidURL = ESAPI.validator().
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews isValidInput("URLContext", logoutURL, "URL", 255, false);
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews if (!isValidURL) {
642e0716c8b4ab82ebc8e60f94c9e897ee89f19aMark Andrews OAuthUtil.debugError("OAuthLogout: wrong logoutURL URL attempted to be used "
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews + "in the Logout page: " + logoutURL);
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews logoutURL = "wronglogoutURL";
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews } else {
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews int loc1 = logoutURL.indexOf("//") + 2;
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews OAuth2IdP = logoutURL.substring(loc1, logoutURL.indexOf("/", loc1));
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews doYouWantToLogout = doYouWantToLogout.replace("#IDP#", OAuth2IdP);
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews }
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews }
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews String copyrightNotice = null;
413988c8166976498250c0ebb2e3a645d0366bd3Mark Andrews try{
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews copyrightNotice = ResourceBundle.getBundle("amAuthUI", locale).getString("copyright.notice");
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews } catch (MissingResourceException mr) {
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews }
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews String loggedout = request.getParameter(PARAM_LOGGEDOUT);
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews System.out.println("loggedout=" + loggedout);
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews%>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<html xmlns="http://www.w3.org/1999/xhtml">
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews <head>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews <link href="<%= ServiceURI%>/css/new_style.css" rel="stylesheet" type="text/css" />
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews <!--[if IE 9]> <link href="<%= ServiceURI %>/css/ie9.css" rel="stylesheet" type="text/css"> <![endif]-->
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <!--[if lte IE 7]> <link href="<%= ServiceURI %>/css/ie7.css" rel="stylesheet" type="text/css"> <![endif]-->
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews <script language="JavaScript" type="text/javascript">
46e873c835bf7d9ec3e1097e0aceb8db5b1ae93aMark Andrews function adios() {
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews window.location = "<%= gotoURL %>";
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews }
46e873c835bf7d9ec3e1097e0aceb8db5b1ae93aMark Andrews
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews function logoutAll() {
dd9ad704c3800e3ab07ede8595871eac79984871Mark Andrews // Creates an iFrame to log out from the OAuth 2.0 IdP
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews var frame = document.getElementById('frame');
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews if (!frame){return};
46e873c835bf7d9ec3e1097e0aceb8db5b1ae93aMark Andrews var logMsg = document.getElementById('logoutMsg');
46e873c835bf7d9ec3e1097e0aceb8db5b1ae93aMark Andrews var logMsgVs = document.getElementById('logoutMsgVisible');
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews var main = document.getElementById('main');
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews logMsg.style.display = '';
605bd686e437162b5ab65ac4e7c1be0bba1886ddMark Andrews main.style.display = 'none';
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington logMsgVs.style.display = 'none';
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews var iframe = document.createElement('iframe');
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews iframe.setAttribute('src', '<%= logoutURL %>');
62ee2c9f460d2e2e45dcf1abc8b4b4a4a43f5618Mark Andrews iframe.setAttribute('width', 0);
1eb1e1e838d2ea00b166c918bf50764a95826be8Mark Andrews iframe.setAttribute('height', 0);
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews iframe.setAttribute('frameborder', 0);
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews frame.innerHTML = '';
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews iframe.onload = adios();
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson frame.appendChild(iframe);
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews }
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews
ca12f7f4cf72e2368ee946f3eb4915ab73576cdcMark Andrews <% if (loggedout != null && loggedout.equalsIgnoreCase("logmeout")){
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews out.println("window.onload = function() {");
1eb1e1e838d2ea00b166c918bf50764a95826be8Mark Andrews out.println("logoutAll(); }");
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington }
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews %>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews </script>
c718d15a9a95054ee3c71540c02335426071fc6dMark Andrews <title>Logout</title>
605bd686e437162b5ab65ac4e7c1be0bba1886ddMark Andrews </head>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <body>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews <div class="container_12">
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson <div class="grid_4 suffix_8">
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews <a class="logo" href="<%= ServiceURI%>"></a>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington </div>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews <div class="box box-spaced clear-float">
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews <div class="grid_3">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <div class="product-logo"></div>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews </div>
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews <div class="grid_9">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <div class="box-content clear-float">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <div class="message">
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews <span class="icon info"></span>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews <div id="logoutMsg" style="display:none">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <h3><%= loggingYouOut %></h3>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews </div>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <div id="logoutMsgVisible">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <h3><%= doYouWantToLogout %></h3>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews </div>
e076d0c88be69de7c190ab924d095e69d2e11f7aAndreas Gustafsson </div>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews <div id="frame">
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews <noscript>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews Your browser does not support scripts.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews This page needs javascript to be enabled in your browser.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews </noscript>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson </div>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews <div id="main">
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews <form name="<%= logoutForm %>" method="POST" action="">
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews <input name="<%= loggedoutParam %>" type="button" class="button" onClick="adios()" onmousedown="adios()" value="<%= donotValue %>" />
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson <input name="<%= loggedoutParam %>" type="button" class="button right" onClick="logoutAll()" onmousedown="adios()" value="<%= logmeoutValue %>" />
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews </form>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington </div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington </div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington </div>
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews </div>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews <div class="footer alt-color">
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews <div class="grid_6 suffix_3">
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews <p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews <% if (copyrightNotice != null){
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews out.println(copyrightNotice);
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews }
abf32d940f8f674b3971ef41b306a01b3da8d2cfMark Andrews %>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington </p>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews </div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington </div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington </div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington </body>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</html>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington