注销SSL（JBoss AS 7.1、JDK 1.6 e JSF 2）_Jsf_Authentication_Ssl_Jboss_Servlet Filters

注销SSL（JBoss AS 7.1、JDK 1.6 e JSF 2）

jsf authentication ssl jboss

注销SSL（JBoss AS 7.1、JDK 1.6 e JSF 2）,jsf,authentication,ssl,jboss,servlet-filters,Jsf,Authentication,Ssl,Jboss,Servlet Filters,早上好当我试图通过数字证书在经过身份验证的系统中执行注销时，我遇到了一个问题为了更好地描述该问题，如下所示：浏览器显示“用于身份验证的证书”复选框，选择并提供所选证书的PIN。系统正常登录。问题是，当用户触发注销按钮时，它会使会话无效，并再次重定向到登录屏幕。但是，当用户单击重定向到受限区域的按钮时，浏览器应使用在上一次登录中选择的证书信息重新提交证书选择框，但同样直接提交如果我们停止服务器或关闭并打开浏览器，它将再次提示选择证书 standalone.xml：注销方法：我已经尝试使

早上好

当我试图通过数字证书在经过身份验证的系统中执行注销时，我遇到了一个问题

为了更好地描述该问题，如下所示：

浏览器显示“用于身份验证的证书”复选框，选择并提供所选证书的PIN。系统正常登录。问题是，当用户触发注销按钮时，它会使会话无效，并再次重定向到登录屏幕。但是，当用户单击重定向到受限区域的按钮时，浏览器应使用在上一次登录中选择的证书信息重新提交证书选择框，但同样直接提交

如果我们停止服务器或关闭并打开浏览器，它将再次提示选择证书

standalone.xml：

注销方法：

我已经尝试使用一些javascript解决方案来清理存储在浏览器中的身份验证数据的证书。例如：

window.crypto.logout();

document.execCommand("ClearAuthenticationCache");



function logOut()
{
    var xmlHttp = new XMLHttpRequest();

    xmlHttp.timeout = 2000; // 2 seconds

    xmlHttp.onreadystatechange = function ()
    {
        if (xmlHttp.readyState == 4)
        {
            console.log("status: "+xmlHttp.status);
            console.log("response: '"+xmlHttp.responseText+"'");
        }
    };
    xmlHttp.open("GET", "/internet/login.xhtml", true);
    xmlHttp.send();
}

但没有起作用

如果有人去过那里并成功地解决了问题，请提出你的解决方案

我希望我能清楚地描述这个问题。我可以最好地描述它

我非常感谢你的关注

<filter>
    <filter-name>Authentication X509Certificate Filter</filter-name>
    <filter-class>br.gov.sp.sefin.desif.security.servlet.AuthX509CertificateFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>Authentication X509Certificate Filter</filter-name>
    <url-pattern>/pages/*</url-pattern>
</filter-mapping>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>pages/*</web-resource-name>
        <url-pattern>/pages/*</url-pattern>
        <http-method>GET</http-method>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

<login-config>
    <auth-method>CLIENT-CERT</auth-method>
</login-config>

public class AuthX509CertificateFilter implements Filter {

    private static final String MS_005 = "MS_005";
    private static final String URI_DEFINIR_IF = "/internet/pages/home.xhtml";

    private Principal authenticatedUser;

    @Inject
    private RepresentanteBO representanteBO;

    @Inject
    private InstituicaoFinanceiraBO instituicaoFinanceiraBO;

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {

        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse resp = (HttpServletResponse) response;
        Object attrSessionValid = req.getSession().getAttribute("sessionValid");
        Object attrSessionAuthenticated = req.getSession().getAttribute("authenticated");
        Object attrSessionInstituicaoFinanceira = req.getSession().getAttribute("instituicaoFinanceiraInternet");
        Boolean sessionValid = (Boolean) (attrSessionValid != null ? attrSessionValid : Boolean.FALSE);
        Boolean sessionAuthenticated = (Boolean) (attrSessionAuthenticated != null ? attrSessionAuthenticated : Boolean.FALSE);
        if(!sessionValid || (URI_DEFINIR_IF.equals(req.getRequestURI()) && attrSessionInstituicaoFinanceira == null)) {
            X509Certificate certs[] = (X509Certificate[] )req.getAttribute("javax.servlet.request.X509Certificate");
            if(certs != null) {
                X509Certificate t = (X509Certificate) certs[0];
                Principal subjectDN = t.getSubjectDN();
                authenticatedUser = subjectDN;
                sessionAuthenticated = validarAutenticacao(subjectDN, req, resp);                        
                chain.doFilter(new HttpServletRequestWrapper(req) {
                    @Override
                    public Principal getUserPrincipal() {
                        return authenticatedUser;
                    }
                }, response);
            }
        } else {
            Principal userPrincipal = req.getUserPrincipal();
            if(userPrincipal != null) {
                sessionAuthenticated = validarAutenticacao(userPrincipal, req, resp);
            }
            chain.doFilter(new HttpServletRequestWrapper(req) {
                @Override
                public Principal getUserPrincipal() {
                    return authenticatedUser;
                }
            }, response);
        }

        if(!resp.isCommitted() && !sessionAuthenticated) {
            Object attribute = req.getSession().getAttribute("cpfCnpj");
            if(attribute != null)
                req.getSession().setAttribute(MS_005, MessagePtBrUtil.recupera(MS_005, UtilFormatter.formatarCPF((String) attribute)));
            RequestDispatcher dispatcher = req.getRequestDispatcher("../login.xhtml");
            dispatcher.forward(req, resp);
        }
    }


    public void atualizarDadosDeSessao(HttpServletRequest req, Boolean sessionValid, Boolean sessionAuthenticated) {
        req.getSession().setAttribute("sessionValid", sessionValid);
        req.getSession().setAttribute("authenticated", sessionAuthenticated);
    }

    public Boolean validarAutenticacao(Principal userPrincipal, HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        Boolean sessionValid = Boolean.TRUE;
        Boolean sessionAuthenticated = Boolean.TRUE;
        String[] cn = userPrincipal.getName().split(",");
        String cpfCnpj = cn[0].split(":")[1];
        req.getSession().setAttribute("cpfCnpj", cpfCnpj);
        BigInteger raizCnpj = new BigInteger(cpfCnpj.substring(0, 8));
        if(cpfCnpj.length() == 14 && instituicaoFinanceiraBO.verificarInstituicaoFinanceiraRaizCnpj(raizCnpj)) {
            RequestDispatcher dispatcher = req.getRequestDispatcher("../pages/home.xhtml");
            dispatcher.forward(req, resp);
        } else {
            BigInteger cpf = new BigInteger(cpfCnpj);
            if(representanteBO.verificarRepresentanteInstituicaoFinanceira(cpf)) {
                RequestDispatcher dispatcher = req.getRequestDispatcher("../pages/autenticarusuario/definirInstituicaoFinanceira.xhtml?cpf="+cpf);
                dispatcher.forward(req, resp);
            } else { // não tem instituição financeira vinculada ao CPF
                sessionValid = Boolean.FALSE; sessionAuthenticated = Boolean.FALSE;
            }
        }
        atualizarDadosDeSessao(req, sessionValid, sessionValid);
        return sessionValid && sessionAuthenticated;
    }

    @Override
    public void destroy() {

    }
}

public void sair() {
    ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
    this.inserirLogAuditoriaLogout();
    context.invalidateSession();

    HttpServletRequest request = (HttpServletRequest) context.getRequest();

    request.getSession().setAttribute("sessionValid", Boolean.FALSE);
    request.getSession().setAttribute("authenticated", Boolean.FALSE);

    try {
        request.logout();
        context.redirect("/internet/login.xhtml");
    } catch (IOException e) {
        new IOException();
    } catch (ServletException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
}

window.crypto.logout();

document.execCommand("ClearAuthenticationCache");



function logOut()
{
    var xmlHttp = new XMLHttpRequest();

    xmlHttp.timeout = 2000; // 2 seconds

    xmlHttp.onreadystatechange = function ()
    {
        if (xmlHttp.readyState == 4)
        {
            console.log("status: "+xmlHttp.status);
            console.log("response: '"+xmlHttp.responseText+"'");
        }
    };
    xmlHttp.open("GET", "/internet/login.xhtml", true);
    xmlHttp.send();
}