fixed sign out

protegeproject · Sep 12, 2024 · ae5ca27 · ae5ca27
1 parent 8c5f74c
commit ae5ca27
Showing 1 changed file with 36 additions and 11 deletions.
diff --git a/...-gwt-ui-server/src/main/java/edu/stanford/bmir/protege/web/server/auth/LogoutServlet.java b/...-gwt-ui-server/src/main/java/edu/stanford/bmir/protege/web/server/auth/LogoutServlet.java
@@ -1,30 +1,55 @@
 package edu.stanford.bmir.protege.web.server.auth;
 
-import javax.servlet.ServletException;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.entity.StringEntity;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import javax.servlet.annotation.WebServlet;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
 import java.util.Optional;
 
 @WebServlet("/logout")
 public class LogoutServlet extends HttpServlet {
 
+    private static final Logger logger = LoggerFactory.getLogger(LogoutServlet.class);
+
 
     @Override
-    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-        var logout = getEnvVariable("webprotege.logoutUrl").orElse("http://webprotege-local.edu/auth/realms/webprotege/protocol/openid-connect/logout");
-        var redirectUrl = getEnvVariable("webprotege.logoutRedirectUrl").orElse("http://webprotege-local.edu/webprotege");
-        // Invalidate the local session
-        request.getSession().invalidate();
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) {
+        logger.info("Logging out the user");
+        try {
+            var logout = getEnvVariable("webprotege.keycloakLogoutUrl").orElse("http://webprotege-local.edu/auth/realms/webprotege/protocol/openid-connect/logout");
+            var redirectUrl = getEnvVariable("webprotege.logoutRedirectUrl").orElse("http://webprotege-local.edu/webprotege");
 
-        // Redirect to Keycloak logout endpoint
-        String logoutUrl = logout + "?redirect_uri=" + redirectUrl;
+            request.getSession().invalidate();
 
-        response.sendRedirect(logoutUrl);
-    }
+            RefreshableKeycloakSecurityContext context = (RefreshableKeycloakSecurityContext) request.getAttribute("org.keycloak.KeycloakSecurityContext");
+            String refreshToken = context.getRefreshToken();
+
+            String clientId = "webprotege";
 
+            String requestBody = "client_id=" + clientId
+                    + "&refresh_token=" + refreshToken
+                    + "&post_logout_redirect_uri=" + redirectUrl;
+
+            CloseableHttpClient client = HttpClients.createDefault();
+            HttpPost httpPost = new HttpPost(logout);
+
+            httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded");
+            httpPost.setEntity(new StringEntity(requestBody));
+
+            client.execute(httpPost);
+            client.close();
+        } catch (Exception e) {
+            logger.error("ERROR logging out the user ", e);
+        }
+    }
 
     private Optional<String> getEnvVariable(String path) {
         String env = System.getenv(path);