From 0b9eb6508dcb43e1cc78c69fef99aa4a36308e9b Mon Sep 17 00:00:00 2001
From: "lin.ma" <lin.ma@zstack.io>
Date: Thu, 18 Sep 2025 15:44:59 +0800
Subject: [PATCH] <fix>[identity]: validate session logout token

Resolves: ZSTAC-77668

Change-Id: I6166696f686d6f677363766678646c7567746168
---
 identity/src/main/java/org/zstack/identity/Session.java | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/identity/src/main/java/org/zstack/identity/Session.java b/identity/src/main/java/org/zstack/identity/Session.java
index fdc837f2d5..ceac5e390d 100755
--- a/identity/src/main/java/org/zstack/identity/Session.java
+++ b/identity/src/main/java/org/zstack/identity/Session.java
@@ -220,6 +220,12 @@ protected ErrorCode scripts() {
                         return null;
                     }
 
+                    PluginRegistry pluginRgty = getComponentLoader().getComponent(PluginRegistry.class);
+
+                    for (LogoutExtensionPoint ext : pluginRgty.getExtensionList(LogoutExtensionPoint.class)) {
+                        ext.beforeLogout(s);
+                    }
+
                     logout(s.getUuid());
                     return err(IdentityErrors.INVALID_SESSION, "Session expired");
                 }