mindol1004/spring-boot-rest
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
e686e7ac1289a6059c09cecdc33c23bdeb842c10
spring-boot-rest/spring-5-security/src/main/java/com/baeldung/manuallogout/SimpleSecurityConfiguration.java
SippingCode e686e7ac12 Bael 3970 (#9236) 
* Manual logout with Spring Security
- Basic manual logout
- logout with Clear Data Site Header

* Add missing annotation for controller. Change mapping URL value.

* Add intergration tests for manual logouts.

* BAEL-3970 - Add asserts on test. Fix tests names. Remove unused imports.

* BAEL-3970 - Use PostMapping annotation. Remove unnecessary information for security configuration.

* remove logout controllers

* Add multiple entrypoints configurations. Create custom handlers for different logouts (basic, cookie clearing, clear-site-data).

* Refactor configuration with lambda DSL.

* BAEL-3970 - Remove unnecessary handler for basic logout. Fix integration tests for basic logout.
2020-05-04 15:08:00 -07:00

77 lines
3.1 KiB
Java
Raw Blame History

package com.baeldung.manuallogout;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter;
import javax.servlet.http.Cookie;
import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.*;
@Configuration
@EnableWebSecurity
public class SimpleSecurityConfiguration {
@Order(3)
@Configuration
public static class DefaultLogoutConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/basic/**")
.authorizeRequests(authz -> authz.anyRequest().permitAll())
.logout(logout -> logout
.logoutUrl("/basic/basiclogout")
);
}
}
@Order(2)
@Configuration
public static class AllCookieClearingLogoutConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/cookies/**")
.authorizeRequests(authz -> authz.anyRequest().permitAll())
.logout(logout -> logout
.logoutUrl("/cookies/cookielogout")
.addLogoutHandler(new SecurityContextLogoutHandler())
.addLogoutHandler((request, response, auth) -> {
for (Cookie cookie : request.getCookies()) {
String cookieName = cookie.getName();
Cookie cookieToDelete = new Cookie(cookieName, null);
cookieToDelete.setMaxAge(0);
response.addCookie(cookieToDelete);
}
})
);
}
}
@Order(1)
@Configuration
public static class ClearSiteDataHeaderLogoutConfiguration extends WebSecurityConfigurerAdapter {
private static final ClearSiteDataHeaderWriter.Directive[] SOURCE =
{CACHE, COOKIES, STORAGE, EXECUTION_CONTEXTS};
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/csd/**")
.authorizeRequests(authz -> authz.anyRequest().permitAll())
.logout(logout -> logout
.logoutUrl("/csd/csdlogout")
.addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(SOURCE)))
);
}
}
}
Reference in New Issue View Git Blame Copy Permalink