Samples JDK
OutSecurityInterceptor.java
1 package com.freemindcafe.apache.cxf.jaxrs.sample7;
2 
3 import javax.servlet.http.HttpServletRequest;
4 
5 import org.apache.cxf.interceptor.Fault;
6 import org.apache.cxf.message.Message;
7 import org.apache.cxf.message.XMLMessage;
8 import org.apache.cxf.phase.AbstractPhaseInterceptor;
9 import org.apache.cxf.phase.Phase;
10 import org.apache.log4j.Logger;
11 
12 /***
13  *
14  * @author KOMAN00S
15  *
16  */
17 //Phase.PRE_PROTOCOL
18 public class OutSecurityInterceptor extends AbstractPhaseInterceptor<XMLMessage> {
19 
20  protected Logger logger = Logger.getLogger(OutSecurityInterceptor.class);
21 
22  public OutSecurityInterceptor(){
23  super(Phase.PRE_PROTOCOL);
24  }
25 
26  @Override
27  public void handleMessage(XMLMessage arg0) throws Fault {
28  System.out.println("OutSecurityInterceptor-----------------");
29  //EIP-19204 starts
30  Message inMessage = arg0.getExchange().getInMessage();
31 
32  //IN message can be null in case of async response
33  if(inMessage != null) {
34  HttpServletRequest req = (HttpServletRequest) inMessage.get("HTTP.REQUEST");
35 
36  if(req.getSession(false) != null) {
37  logger.debug("invalidating the http session");
38  req.getSession().invalidate();
39  } else {
40  logger.warn(" No session found Not able to invalidate http session");
41  }
42 
43  //This should be done only when we are processing a request and sending a response back
44  //As this intercepter will also be called in case we are sending a web service request to third party web server and
45  //getting the response back. In this case, we don't want to clear the authentication.
46  logger.debug("Exiting current user");
47  //SecurityContextHolder.getContext().setAuthentication(null);
48  //SessionHolder.setSession(null);
49  } else {
50  logger.warn("http request is null Not able to invalidate http session");
51  }
52  //EIP-19204 ends
53  }
54 
55 }