diff --git a/spring-security-modules/spring-security-mvc-boot-2/src/main/java/com/baeldung/customlogouthandler/LogoutDemoApplication.java b/spring-security-modules/spring-security-mvc-boot-2/src/main/java/com/baeldung/customlogouthandler/LogoutDemoApplication.java new file mode 100644 index 0000000000..027334dd6b --- /dev/null +++ b/spring-security-modules/spring-security-mvc-boot-2/src/main/java/com/baeldung/customlogouthandler/LogoutDemoApplication.java @@ -0,0 +1,13 @@ +package com.baeldung.customlogouthandler; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication +public class LogoutDemoApplication { + + public static void main(String[] args) { + SpringApplication.run(LogoutDemoApplication.class, args); + } + +} diff --git a/spring-security-modules/spring-security-mvc-boot-2/src/main/java/com/baeldung/customlogouthandler/MvcConfiguration.java b/spring-security-modules/spring-security-mvc-boot-2/src/main/java/com/baeldung/customlogouthandler/MvcConfiguration.java new file mode 100644 index 0000000000..36de049a31 --- /dev/null +++ b/spring-security-modules/spring-security-mvc-boot-2/src/main/java/com/baeldung/customlogouthandler/MvcConfiguration.java @@ -0,0 +1,51 @@ +package com.baeldung.customlogouthandler; + +import com.baeldung.customlogouthandler.web.CustomLogoutHandler; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler; + +import javax.sql.DataSource; + +@Configuration +@EnableWebSecurity +public class MvcConfiguration extends WebSecurityConfigurerAdapter { + + @Autowired + private DataSource dataSource; + + @Autowired + private CustomLogoutHandler logoutHandler; + + @Override + protected void configure(HttpSecurity http) throws Exception { + http + .httpBasic().and() + .authorizeRequests() + .antMatchers(HttpMethod.GET, "/user/**").hasRole("USER") + .and() + .logout() + .logoutUrl("/user/logout") + .addLogoutHandler(logoutHandler) + .logoutSuccessHandler((new HttpStatusReturningLogoutSuccessHandler(HttpStatus.OK))) + .permitAll() + .and() + .csrf().disable() + .formLogin().disable(); + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.jdbcAuthentication() + .dataSource(dataSource) + .usersByUsernameQuery("select login, password, true from users where login=?") + .authoritiesByUsernameQuery("select login, role from users where login=?"); + } + +} diff --git a/spring-security-modules/spring-security-mvc-boot-2/src/main/java/com/baeldung/customlogouthandler/services/UserCache.java b/spring-security-modules/spring-security-mvc-boot-2/src/main/java/com/baeldung/customlogouthandler/services/UserCache.java new file mode 100644 index 0000000000..56c4d1e7c9 --- /dev/null +++ b/spring-security-modules/spring-security-mvc-boot-2/src/main/java/com/baeldung/customlogouthandler/services/UserCache.java @@ -0,0 +1,33 @@ +package com.baeldung.customlogouthandler.services; + +import com.baeldung.customlogouthandler.user.User; +import org.springframework.stereotype.Service; + +import javax.persistence.EntityManager; +import javax.persistence.PersistenceContext; +import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.ConcurrentMap; + +@Service +public class UserCache { + + @PersistenceContext + private EntityManager entityManager; + + private final ConcurrentMap store = new ConcurrentHashMap<>(256); + + public User getByLogin(String login) { + return store.computeIfAbsent(login, k -> entityManager.createQuery("from User where login=:login", User.class) + .setParameter("login", k) + .getSingleResult()); + } + + public void evictUser(String login) { + store.remove(login); + } + + public int size() { + return this.store.size(); + } + +} diff --git a/spring-security-modules/spring-security-mvc-boot-2/src/main/java/com/baeldung/customlogouthandler/user/User.java b/spring-security-modules/spring-security-mvc-boot-2/src/main/java/com/baeldung/customlogouthandler/user/User.java new file mode 100644 index 0000000000..ca3a998c5c --- /dev/null +++ b/spring-security-modules/spring-security-mvc-boot-2/src/main/java/com/baeldung/customlogouthandler/user/User.java @@ -0,0 +1,61 @@ +package com.baeldung.customlogouthandler.user; + +import javax.persistence.*; + +@Entity +@Table(name = "users") +public class User { + + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + private Integer id; + + @Column(unique = true) + private String login; + + private String password; + + private String role; + + private String language; + + public Integer getId() { + return id; + } + + public void setId(Integer id) { + this.id = id; + } + + public String getLogin() { + return login; + } + + public void setLogin(String login) { + this.login = login; + } + + public String getPassword() { + return password; + } + + public void setPassword(String password) { + this.password = password; + } + + public String getRole() { + return role; + } + + public void setRole(String role) { + this.role = role; + } + + public String getLanguage() { + return language; + } + + public void setLanguage(String language) { + this.language = language; + } +} diff --git a/spring-security-modules/spring-security-mvc-boot-2/src/main/java/com/baeldung/customlogouthandler/user/UserUtils.java b/spring-security-modules/spring-security-mvc-boot-2/src/main/java/com/baeldung/customlogouthandler/user/UserUtils.java new file mode 100644 index 0000000000..195497f7ba --- /dev/null +++ b/spring-security-modules/spring-security-mvc-boot-2/src/main/java/com/baeldung/customlogouthandler/user/UserUtils.java @@ -0,0 +1,13 @@ +package com.baeldung.customlogouthandler.user; + +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; + +public class UserUtils { + + public static String getAuthenticatedUserLogin() { + Authentication auth = SecurityContextHolder.getContext().getAuthentication(); + return auth != null ? ((org.springframework.security.core.userdetails.User) auth.getPrincipal()).getUsername() : null; + } + +} diff --git a/spring-security-modules/spring-security-mvc-boot-2/src/main/java/com/baeldung/customlogouthandler/web/CustomLogoutHandler.java b/spring-security-modules/spring-security-mvc-boot-2/src/main/java/com/baeldung/customlogouthandler/web/CustomLogoutHandler.java new file mode 100644 index 0000000000..2a335cd122 --- /dev/null +++ b/spring-security-modules/spring-security-mvc-boot-2/src/main/java/com/baeldung/customlogouthandler/web/CustomLogoutHandler.java @@ -0,0 +1,27 @@ +package com.baeldung.customlogouthandler.web; + +import com.baeldung.customlogouthandler.services.UserCache; +import com.baeldung.customlogouthandler.user.UserUtils; +import org.springframework.security.core.Authentication; +import org.springframework.security.web.authentication.logout.LogoutHandler; +import org.springframework.stereotype.Service; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +@Service +public class CustomLogoutHandler implements LogoutHandler { + + private final UserCache userCache; + + public CustomLogoutHandler(UserCache userCache) { + this.userCache = userCache; + } + + @Override + public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) { + String login = UserUtils.getAuthenticatedUserLogin(); + userCache.evictUser(login); + } + +} diff --git a/spring-security-modules/spring-security-mvc-boot-2/src/main/java/com/baeldung/customlogouthandler/web/UserController.java b/spring-security-modules/spring-security-mvc-boot-2/src/main/java/com/baeldung/customlogouthandler/web/UserController.java new file mode 100644 index 0000000000..18cd8dda98 --- /dev/null +++ b/spring-security-modules/spring-security-mvc-boot-2/src/main/java/com/baeldung/customlogouthandler/web/UserController.java @@ -0,0 +1,30 @@ +package com.baeldung.customlogouthandler.web; + +import com.baeldung.customlogouthandler.services.UserCache; +import com.baeldung.customlogouthandler.user.User; +import com.baeldung.customlogouthandler.user.UserUtils; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.ResponseBody; + + +@Controller +@RequestMapping(path = "/user") +public class UserController { + + private final UserCache userCache; + + public UserController(UserCache userCache) { + this.userCache = userCache; + } + + @GetMapping(path = "/language") + @ResponseBody + public String getLanguage() { + String login = UserUtils.getAuthenticatedUserLogin(); + User user = userCache.getByLogin(login); + return user.getLanguage(); + } + +} diff --git a/spring-security-modules/spring-security-mvc-boot-2/src/main/resources/application-customlogouthandler.properties b/spring-security-modules/spring-security-mvc-boot-2/src/main/resources/application-customlogouthandler.properties new file mode 100644 index 0000000000..2cb766378d --- /dev/null +++ b/spring-security-modules/spring-security-mvc-boot-2/src/main/resources/application-customlogouthandler.properties @@ -0,0 +1,5 @@ +spring.datasource.url=jdbc:postgresql://localhost:5432/test +spring.datasource.username=test +spring.datasource.password=test + +spring.jpa.hibernate.ddl-auto=create \ No newline at end of file diff --git a/spring-security-modules/spring-security-mvc-boot-2/src/test/java/com/baeldung/customlogouthandler/CustomLogoutHandlerIntegrationTest.java b/spring-security-modules/spring-security-mvc-boot-2/src/test/java/com/baeldung/customlogouthandler/CustomLogoutHandlerIntegrationTest.java new file mode 100644 index 0000000000..3c325a2006 --- /dev/null +++ b/spring-security-modules/spring-security-mvc-boot-2/src/test/java/com/baeldung/customlogouthandler/CustomLogoutHandlerIntegrationTest.java @@ -0,0 +1,106 @@ +package com.baeldung.customlogouthandler; + +import com.baeldung.customlogouthandler.services.UserCache; +import org.junit.jupiter.api.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.web.client.TestRestTemplate; +import org.springframework.boot.web.server.LocalServerPort; +import org.springframework.http.HttpEntity; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; +import org.springframework.http.ResponseEntity; +import org.springframework.test.context.jdbc.Sql; +import org.springframework.test.context.jdbc.SqlGroup; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import static org.assertj.core.api.Assertions.assertThat; + +@RunWith(SpringJUnit4ClassRunner.class) +@SpringBootTest(classes = {LogoutDemoApplication.class, MvcConfiguration.class}, webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) +@SqlGroup({ + @Sql(value = "classpath:customlogouthandler/before.sql", executionPhase = Sql.ExecutionPhase.BEFORE_TEST_METHOD), + @Sql(value = "classpath:customlogouthandler/after.sql", executionPhase = Sql.ExecutionPhase.AFTER_TEST_METHOD) +}) +class CustomLogoutHandlerIntegrationTest { + + @Autowired + private TestRestTemplate restTemplate; + + @Autowired + private UserCache userCache; + + @LocalServerPort + private int port; + + @Test + public void whenLogin_thenUseUserCache() throws Exception { + // User cache should be empty on start + assertThat(userCache.size()).isEqualTo(0); + + // Request using first login + ResponseEntity response = restTemplate + .withBasicAuth("user", "pass") + .getForEntity(getLanguageUrl(), String.class); + + assertThat(response.getBody()).contains("english"); + + // User cache must contain the user + assertThat(userCache.size()).isEqualTo(1); + + // Getting the session cookie + HttpHeaders requestHeaders = new HttpHeaders(); + requestHeaders.add("Cookie", response.getHeaders().getFirst(HttpHeaders.SET_COOKIE)); + + // Request with the session cookie + response = restTemplate + .exchange(getLanguageUrl(), HttpMethod.GET, new HttpEntity(requestHeaders), String.class); + assertThat(response.getBody()).contains("english"); + + // Logging out using the session cookies + response = restTemplate.exchange(getLogoutUrl(), HttpMethod.GET, new HttpEntity(requestHeaders), String.class); + assertThat(response.getStatusCode().value()).isEqualTo(200); + } + + @Test + public void whenLogout_thenCacheIsEmpty() throws Exception { + // User cache should be empty on start + assertThat(userCache.size()).isEqualTo(0); + + // Request using first login + ResponseEntity response = restTemplate + .withBasicAuth("user", "pass") + .getForEntity(getLanguageUrl(), String.class); + + assertThat(response.getBody()).contains("english"); + + // User cache must contain the user + assertThat(userCache.size()).isEqualTo(1); + + // Getting the session cookie + HttpHeaders requestHeaders = new HttpHeaders(); + requestHeaders.add("Cookie", response.getHeaders().getFirst(HttpHeaders.SET_COOKIE)); + + // Logging out using the session cookies + response = restTemplate.exchange(getLogoutUrl(), HttpMethod.GET, new HttpEntity(requestHeaders), String.class); + assertThat(response.getStatusCode().value()).isEqualTo(200); + + // User cache must be empty now + // this is the reaction on custom logout filter execution + assertThat(userCache.size()).isEqualTo(0); + + // Assert unathorized request + response = restTemplate.exchange(getLanguageUrl(), HttpMethod.GET, new HttpEntity(requestHeaders), String.class); + assertThat(response.getStatusCode().value()).isEqualTo(401); + } + + private String getLanguageUrl() { + return "http://localhost:" + port + "/user/language"; + } + + private String getLogoutUrl() { + return "http://localhost:" + port + "/user/logout"; + } + +} diff --git a/spring-security-modules/spring-security-mvc-boot-2/src/test/resources/customlogouthandler/after.sql b/spring-security-modules/spring-security-mvc-boot-2/src/test/resources/customlogouthandler/after.sql new file mode 100644 index 0000000000..df6f312987 --- /dev/null +++ b/spring-security-modules/spring-security-mvc-boot-2/src/test/resources/customlogouthandler/after.sql @@ -0,0 +1 @@ +delete from users; \ No newline at end of file diff --git a/spring-security-modules/spring-security-mvc-boot-2/src/test/resources/customlogouthandler/application.properties b/spring-security-modules/spring-security-mvc-boot-2/src/test/resources/customlogouthandler/application.properties new file mode 100644 index 0000000000..8b6d47ebe9 --- /dev/null +++ b/spring-security-modules/spring-security-mvc-boot-2/src/test/resources/customlogouthandler/application.properties @@ -0,0 +1,5 @@ +spring.datasource.url=jdbc:postgresql://localhost:5432/develop +spring.datasource.username=develop +spring.datasource.password=develop + +spring.jpa.hibernate.ddl-auto=create diff --git a/spring-security-modules/spring-security-mvc-boot-2/src/test/resources/customlogouthandler/before.sql b/spring-security-modules/spring-security-mvc-boot-2/src/test/resources/customlogouthandler/before.sql new file mode 100644 index 0000000000..bb0a85f613 --- /dev/null +++ b/spring-security-modules/spring-security-mvc-boot-2/src/test/resources/customlogouthandler/before.sql @@ -0,0 +1 @@ +insert into users (login, password, role, language) values ('user', '{noop}pass', 'ROLE_USER', 'english'); \ No newline at end of file