Navigate to external URL from a backing bean?

Question

I'm trying to implement proper logout for my Java EE / JSF2 application.

It requires two things:

1. I need to logout from JAAS and invalidate the session
2. I then have to navigate to an external URL to fire Siteminder logout

The Siteminder logout URL (configured on the Policy server -> I cannot change it) is outside my applications context. Eg. if my webapp URL is https://localhost:8080/sm/MyWebApp then the logout URL is https://localhost:8080/anotherwebapp/logout.html.

This is the current local logout code:

public void logout() {
    System.out.println("Logging out...");
    HttpServletRequest request = (HttpServletRequest)FacesContext.getCurrentInstance().getExternalContext().getRequest();
    try {
        request.logout();
    } catch (ServletException e) {
        e.printStackTrace();
    }
    HttpSession session = (HttpSession)FacesContext.getCurrentInstance().getExternalContext().getSession(false);
    if (session != null) {
        session.invalidate();
    }
}

And here is the property that produces the logout URL:

public String getLogoutUrl() {
    HttpServletRequest request = (HttpServletRequest)FacesContext.getCurrentInstance().getExternalContext().getRequest();
    String requestServer = request.getServerName();
    String requestScheme = request.getScheme();
    int serverPort = request.getServerPort();
    String logoutUrl = requestScheme + "://" + requestServer + ":" + Integer.toString(serverPort) + "/anotherwebapp/logout.html";
    return logoutUrl;
}

However, I cannot find a JSF2 / Primefaces component that can call logout() then open the external URL. For example, if I have:

<h:outputLink value="#{authBean.logoutUrl}" onclick="#{authBean.logout()}">[Logout]</h:outputLink>

then onclick does not seem to be called.

Another way I tried was putting the external URL to the end of the logout function to have it returned as a navigation string but it is not recognized (also tried with "?faces-redirect=true"...).

Any help would be appreciated.

Answer 1

You can also just use ExternalContext#redirect().

public void logout() throws ServletException, IOException {
    ExternalContext ec = FacesContext.getCurrentInstance().getExternalContext();
    ((HttpServletRequest) ec.getRequest()).logout();
    ec.invalidateSession();
    ec.redirect("http://example.com/anothercontext/logout");
}

No need for an intermediating page with a meta refresh.

Answer 2

You can create a page logout.xhtml, so the code will look like this:

public String getLogoutUrl() {
    return "/logout.jsf";
}

and in the page add:

<META HTTP-EQUIV="Refresh" CONTENT="0;URL=https://localhost:8080/anotherwebapp/logout.html">