Package net.ltgt.oidc.servlet

Class LogoutServlet

java.lang.Object

jakarta.servlet.GenericServlet

jakarta.servlet.http.HttpServlet

net.ltgt.oidc.servlet.LogoutServlet

All Implemented Interfaces:

Servlet, ServletConfig, Serializable

public class LogoutServlet
extends HttpServlet

This servlet starts the logout workflow and possibly redirects back to a given URL afterward.

The post-logout redirection is conditioned to configuration of a POST_LOGOUT_REDIRECT_PATH init parameter. This should be a public page, otherwise the user will directly be sent back to the OpenID Provider for signing in again, and it should be properly registered at the OpenID Provider in the post_logout_redirect_uris client metadata.

If this post-logout redirect path is a LogoutCallbackServlet, this should be indicated with a USE_LOGOUT_STATE init parameter with the value true. The final redirect target will have to be sent as a Utils.RETURN_TO_PARAMETER_NAME form parameter. It should be given as an absolute path (possibly with a query string), though a full URL would be accepted as long as it's the same origin.

See Also:

• OpenID Connect RP-Initiated Logout 1.0
• Serialized Form

Field Summary

Fields

Modifier and Type	Field	Description
static final String	POST_LOGOUT_REDIRECT_PATH
static final String	USE_LOGOUT_STATE

Fields inherited from class jakarta.servlet.http.HttpServlet

LEGACY_DO_HEAD

Constructor Summary

Constructors

Constructor	Description
LogoutServlet()
LogoutServlet(String postLogoutRedirectPath)	Constructs a logout servlet with the given post-logout redirect path.
LogoutServlet(String postLogoutRedirectPath, boolean useLogoutState)	Constructs a logout servlet with the given post-logout redirect path and whether to use logout state.

Method Summary

Modifier and Type	Method	Description
protected void	doPost(HttpServletRequest req, HttpServletResponse resp)
void	init()

Methods inherited from class jakarta.servlet.http.HttpServlet

doDelete, doGet, doHead, doOptions, doPut, doTrace, getLastModified, init, service, service

Methods inherited from class jakarta.servlet.GenericServlet

destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, log, log

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

POST_LOGOUT_REDIRECT_PATH

public static final String POST_LOGOUT_REDIRECT_PATH

See Also:

• Constant Field Values

USE_LOGOUT_STATE

public static final String USE_LOGOUT_STATE

See Also:

• Constant Field Values

Constructor Details

LogoutServlet

public LogoutServlet()

LogoutServlet

public LogoutServlet(String postLogoutRedirectPath)

Constructs a logout servlet with the given post-logout redirect path.

When this constructor is used, logout state won't be used, and the init parameters won't be read.

This is equivalent to new LogoutServlet(postLogoutRedirectPath, false).

LogoutServlet

public LogoutServlet(String postLogoutRedirectPath,
 boolean useLogoutState)

Constructs a logout servlet with the given post-logout redirect path and whether to use logout state.

When this constructor is used, the init parameters won't be read.

Method Details

init

public void init()
          throws ServletException

Overrides:

init in class GenericServlet

Throws:

ServletException

doPost

protected void doPost(HttpServletRequest req,
 HttpServletResponse resp)
               throws ServletException,
IOException

Overrides:

doPost in class HttpServlet

Throws:

ServletException

IOException