我正在尝试在cq5中实现注销servlet,我需要从cas服务器和cq5注销我的用户。 问题是我需要servlet从cq5注销然后重定向到cas logout页面,但由于我使用响应来做这两件事我得到IllegalStateException。
关于如何做到这一点的任何想法?
这是我的servlet代码:
import com.stuff.etc.*;
@Component( metatype = false)
@SlingServlet(
methods = {"GET"},
generateComponent = false
)
@Service
public class MyLogoutServlet extends SlingAllMethodsServlet {
@Reference(cardinality = ReferenceCardinality.OPTIONAL_UNARY, policy = ReferencePolicy.DYNAMIC)
private Authenticator authenticator;
public static final String PAR_USER = "username";
@Property(name = "sling.servlet.paths")
public static final String SERVLET_PATH = "/system/mysite/logout";
@Property(name = "sling.auth.requirements", propertyPrivate = true)
//@SuppressWarnings("unused")
private static final String[] AUTH_REQUIREMENT = { "-" + SERVLET_PATH };
private static final Logger log = LoggerFactory.getLogger(CookieStoreUtil.class);
public static final String TOKEN_COOKIE_ID = "mysite_auth";
private static final String LOGOUT_RESOURCE = "https://casurl.com/logout";
@Reference
private CryptoSupport cryptoSupport;
@Reference
private SlingSettingsService settingsService;
@Override
protected void doGet(SlingHttpServletRequest request, SlingHttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter(PAR_USER);
final Authenticator authenticator = this.authenticator;
log.info(String.valueOf(authenticator==null));
if(username != null) {
if(log.isDebugEnabled()) {
log.debug("Request to logout user: " + username);
}
request.removeAttribute(WSCAuthToken.TOKEN_ATTR_USER);
WSCAuthToken token = getAuthToken(request, cryptoSupport);
//if(token != null && token.isDebugMode()) {
if(token != null) {
token.setUser(null);
token.resetAttributes();
saveAuthCookie(request, response, cryptoSupport, token);
CookieStoreUtil.resetStoreCookie(request, response, settingsService);
TokenCookie.setCookie(response, TOKEN_COOKIE_ID, "", -1, "/", null, false, request.isSecure());
if (authenticator != null) {
try {
log.info("SIAMO QUI");
log.info("ANDIAMO QUI: "+request.getContextPath());
AbstractAuthenticationHandler.setLoginResourceAttribute(request, request.getContextPath());
authenticator.logout(request, response);
} catch (IllegalStateException ise) {
log.error("service: Response already committed, cannot logout");
return;
}
} else {
log.error("service: Authenticator service missing, cannot logout");
}
} else {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
} else {
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Username non specificato");
}
response.sendRedirect(LOGOUT_RESOURCE);
//response.setStatus(HttpServletResponse.SC_NO_CONTENT);
}
public static WSCAuthToken getAuthToken(HttpServletRequest request, CryptoSupport cryptoSupport) {
WSCAuthToken token = null;
Object tokenAttr = request.getAttribute(TOKEN_COOKIE_ID);
if ((tokenAttr instanceof WSCAuthToken)) {
return (WSCAuthToken)tokenAttr;
}
String cookie = TokenCookie.getCookie(request, TOKEN_COOKIE_ID);
if (cookie != null) {
String value;
try {
value = cryptoSupport.unprotect(cookie);
token = WSCAuthToken.fromJSON(value);
} catch (CryptoException e) {
log.error("CryptoException getting token: " + e.getMessage());
}
}
return token;
}
public static void saveAuthCookie(HttpServletRequest request, HttpServletResponse response,
CryptoSupport cryptoSupport, WSCAuthToken token) {
try {
request.setAttribute(token.getCk(), token);
String value = cryptoSupport.protect(token.toJSON());
TokenCookie.setCookie(response, TOKEN_COOKIE_ID, "\"" + value + "\"", -1, "/", null, true, request.isSecure());
} catch (CryptoException e) {
log.error("CryptoException saving cookie", e);
} catch (IOException e) {
log.error("IOException saving cookie", e);
}
}
}
错误的日志:
02.08.2013 11:03:23.966 *ERROR* [127.0.0.1 [1375434203945] GET /system/sorgeniabpp/logout HTTP/1.1] org.apache.sling.engine.impl.SlingRequestProcessorImpl service: Uncaught Throwable java.lang.IllegalStateException: response already committed
另一个问题是我甚至没有从CQ5注销。我试图将我的servlet与org.apache.sling.auth.core.impl.LogoutServlet上实现的代码合并,但没有结果。
答案 0 :(得分:0)
尝试在重定向后添加return语句,以便它停止向response添加更多内容。
response.sendRedirect(LOGOUT_RESOURCE);
return;
服务器有already finished编写响应标头并正在写入内容的正文,以及你试图在标题上写更多内容 - 当然它无法倒带。
答案 1 :(得分:0)
你需要在 sendError 之后添加 return 语句(因为已经@suresh atta告诉你需要在之后添加 return 语句EM>重定向)。
正在评估HttpServletResponse#sendRedirect和HttpServletResponse#sendError
如果响应已经提交,则此方法抛出IllegalStateException。使用此方法后,响应应为 被认为是承诺,不应写入。
所以在 sendError 之后返回语句。
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
和
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Username non specificato");
return;
用这个
response.sendRedirect(LOGOUT_RESOURCE);
return;
有关why you need to add return statement after redirect or sendError
的详细信息