Package net.ltgt.oidc.servlet

Class BackchannelLogoutServlet

java.lang.Object

jakarta.servlet.GenericServlet

jakarta.servlet.http.HttpServlet

net.ltgt.oidc.servlet.BackchannelLogoutServlet

All Implemented Interfaces:

Servlet, ServletConfig, Serializable

public class BackchannelLogoutServlet
extends HttpServlet

Implements the OpenID Connect Back-Channel Logout URI.

The OpenID Provider must support session IDs ("backchannel_logout_session_supported": true). The application must have been registered to require the session ID ( "backchannel_logout_session_required": true).

This servlet must not be protected by authentication or CSRF protections. A LoggedOutSessionStore instance must have been added as a ServletContext attribute under the name LoggedOutSessionStore.CONTEXT_ATTRIBUTE_NAME.

See Also:

• OpenID Connect Back-Channel Logout 1.0
• Serialized Form

Field Summary

Fields inherited from class jakarta.servlet.http.HttpServlet

LEGACY_DO_HEAD

Constructor Summary

Constructors

Constructor	Description
BackchannelLogoutServlet()
BackchannelLogoutServlet(Configuration configuration, LoggedOutSessionStore loggedOutSessionStore)	Constructs a servlet with the given configuration and logged-out session store.

Method Summary

Modifier and Type	Method	Description
protected void	doPost(HttpServletRequest req, HttpServletResponse resp)
void	init()

Methods inherited from class jakarta.servlet.http.HttpServlet

doDelete, doGet, doHead, doOptions, doPut, doTrace, getLastModified, init, service, service

Methods inherited from class jakarta.servlet.GenericServlet

destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, log, log

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

BackchannelLogoutServlet

public BackchannelLogoutServlet()

BackchannelLogoutServlet

public BackchannelLogoutServlet(Configuration configuration,
 LoggedOutSessionStore loggedOutSessionStore)

Constructs a servlet with the given configuration and logged-out session store.

When this constructor is used, the servlet context attributes won't be read.

Method Details

init

@OverridingMethodsMustInvokeSuper
public void init()
          throws ServletException

Overrides:

init in class GenericServlet

Throws:

ServletException

doPost

protected void doPost(HttpServletRequest req,
 HttpServletResponse resp)
               throws ServletException,
IOException

Overrides:

doPost in class HttpServlet

Throws:

ServletException

IOException