Fix log out when no security realm is used

soul2zimate · Feb 14, 2012 · 05d1c15 · 05d1c15
1 parent 9832a36
commit 05d1c15
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/domain-http/interface/src/main/java/org/jboss/as/domain/http/server/LogoutHandler.java b/domain-http/interface/src/main/java/org/jboss/as/domain/http/server/LogoutHandler.java
@@ -25,7 +25,7 @@ class LogoutHandler implements ManagementHttpHandler {
     @Override
     public void start(HttpServer httpServer, SecurityRealm securityRealm) {
         httpServer.createContext("/logout", this);
-        realm = securityRealm.getName();
+        realm = securityRealm != null ? securityRealm.getName() : null;
     }
 
     @Override
@@ -37,6 +37,13 @@ public void stop(HttpServer httpServer) {
     public void handle(HttpExchange exchange) throws IOException {
         final Headers requestHeaders = exchange.getRequestHeaders();
         final Headers responseHeaders = exchange.getResponseHeaders();
+
+        // Redirect back if there is no realm to log out of
+        if (realm == null) {
+            responseHeaders.set(LOCATION, "/");
+            exchange.sendResponseHeaders(307, -1);
+        }
+
         String authorization = requestHeaders.getFirst("Authorization");
         String rawQuery = exchange.getRequestURI().getRawQuery();
         boolean query = rawQuery != null && rawQuery.contains("logout");