本质都是干掉session

1 浏览器发起全站登出，各个系统承接logout请求

2 CAS server发起登出，带着JSESSIOnID(用户的sticky)，各系统销毁session

3 发布订阅模式

---------------------------------------

CAS server的这种

  <filter>  
       <filter-name>CAS Single Sign Out Filter</filter-name>  
       <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>  
    </filter>  
	<filter-mapping>  
	    <filter-name>CAS Single Sign Out Filter</filter-name>  
	    <url-pattern>/*</url-pattern>
	 </filter-mapping>

/*
 * Copyright 2007 The JA-SIG Collaborative. All rights reserved. See license
 * distributed with this file and available online at
 * http://www.ja-sig.org/products/cas/overview/license/index.html
 */
package org.jasig.cas.client.session;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jasig.cas.client.util.AbstractConfigurationFilter;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.util.XmlUtils;

import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.io.IOException;

/**
 * Implements the Single Sign Out protocol.  It handles registering the session and destroying the session.
 *
 * @author Scott Battaglia
 * @version $Revision$ $Date$
 * @since 3.1
 */
public final class SingleSignOutFilter extends AbstractConfigurationFilter {

    /**
     * The name of the artifact parameter.  This is used to capture the session identifier.
     */
    private String artifactParameterName = "ticket";

    private static SessionMappingStorage SESSION_MAPPING_STORAGE = new HashMapBackedSessionMappingStorage();
    private static Log log = LogFactory.getLog(SingleSignOutFilter.class);

    public void init(final FilterConfig filterConfig) throws ServletException {
        if (!isIgnoreInitConfiguration()) {
            setArtifactParameterName(getPropertyFromInitParams(filterConfig, "artifactParameterName", "ticket"));
        }
        init();
    }

    public void init() {
        CommonUtils.assertNotNull(this.artifactParameterName, "artifactParameterName cannot be null.");
        CommonUtils.assertNotNull(SESSION_MAPPING_STORAGE, "sessionMappingStorage cannote be null.");
    }

    public void setArtifactParameterName(final String artifactParameterName) {
        this.artifactParameterName = artifactParameterName;
    }

    public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
        final HttpServletRequest request = (HttpServletRequest) servletRequest;

        if ("POST".equals(request.getMethod())) {
            final String logoutRequest = CommonUtils.safeGetParameter(request, "logoutRequest");

            if (CommonUtils.isNotBlank(logoutRequest)) {

                if (log.isTraceEnabled()) {
                    log.trace ("Logout request=[" + logoutRequest + "]");
                }
                
                final String sessionIdentifier = XmlUtils.getTextForElement(logoutRequest, "SessionIndex");

                if (CommonUtils.isNotBlank(sessionIdentifier)) {
                	final HttpSession session = SESSION_MAPPING_STORAGE.removeSessionByMappingId(sessionIdentifier);

                	if (session != null) {
                        String sessionID = session.getId();

                        if (log.isDebugEnabled()) {
                            log.debug ("Invalidating session [" + sessionID + "] for ST [" + sessionIdentifier + "]");
                        }
                        
                        try {
                        	session.invalidate();
                        } catch (final IllegalStateException e) {
                        	log.debug(e,e);
                        }
                	}
                  return;
                }
            }
        } else {
        	final String artifact = CommonUtils.safeGetParameter(request, this.artifactParameterName);

            if (CommonUtils.isNotBlank(artifact)) {
                final HttpSession session = request.getSession(true);

                if (log.isDebugEnabled()) {
                    log.debug("Storing session identifier for " + session.getId());
                }

                try {
                    SESSION_MAPPING_STORAGE.removeBySessionById(session.getId());
                } catch (final Exception e) {
                    // ignore if the session is already marked as invalid.  Nothing we can do!
                }
                SESSION_MAPPING_STORAGE.addSessionById(artifact, session);
            } else {
                log.debug("No Artifact Provided; no action taking place.");
            }
        }

        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void setSessionMappingStorage(final SessionMappingStorage storage) {
    	SESSION_MAPPING_STORAGE = storage;
    }

    public static SessionMappingStorage getSessionMappingStorage() {
    	return SESSION_MAPPING_STORAGE;
    }

    public void destroy() {
        // nothing to do
    }
}

==================

恩

10:24:38

小李 2016/7/14 10:24:38

这个不要也可以

10:36:21

天天向上 2016/7/14 10:36:21

  这两种登出本质都是干掉session，一个是浏览器发起，一个是CAS直接干掉，我们现在的从use的登出，可以简化CAS的设计，本质差不多

小李 2016/7/14 10:37:15

恩  是可以，最好的方式还是cas登出， use 的退出干掉

10:43:26

天天向上 2016/7/14 10:43:26

 这个CAS设计起来要略微复杂了，方案1,，cas只要管TGC就ok了，而cas直接去各个子系统登出，得把用户-应用-sessionId都给存起来，哈哈，复杂了

小李 2016/7/14 10:44:41

uc 这种退出方式我觉得有点low

10:44:55

小李 2016/7/14 10:44:55

每加一个系统，我这边就得配一个退出链接

10:47:03

天天向上 2016/7/14 10:47:03

这是因为硬编码的原因，把链接搞成可配置的，就不会存在需要改代码的问题了，类似OAUTH那样第三方登录，也都是要把app，URL都给配上

天天向上 2016/7/14 10:47:15

USER登出挺好的，CAS少干点事情好