Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Logout requires POST 

Issue: gh-4734
This commit is contained in:
Rob Winch 2017-10-28 23:35:17 -05:00
parent 8da2c7f657
commit 0734d70d02
2 changed files with 13 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
View File

@ -641,31 +641,26 @@ public class ServerHttpSecurity {
* @since 5.0
*/
public final class LogoutBuilder {
private ServerLogoutHandler serverLogoutHandler = new SecurityContextServerLogoutHandler();
private ServerLogoutSuccessHandler logoutSuccessHandler;
private String logoutUrl = "/logout";
private ServerWebExchangeMatcher requiresLogout = ServerWebExchangeMatchers
.pathMatchers(this.logoutUrl);
private LogoutWebFilter logoutWebFilter = new LogoutWebFilter();
public LogoutBuilder logoutHandler(ServerLogoutHandler serverLogoutHandler) {
Assert.notNull(serverLogoutHandler, "logoutHandler must not be null");
this.serverLogoutHandler = serverLogoutHandler;
this.logoutWebFilter.setServerLogoutHandler(serverLogoutHandler);
return this;
}
public LogoutBuilder logoutUrl(String logoutUrl) {
Assert.notNull(this.serverLogoutHandler, "logoutUrl must not be null");
this.logoutUrl = logoutUrl;
this.requiresLogout = ServerWebExchangeMatchers.pathMatchers(logoutUrl);
Assert.notNull(logoutUrl, "logoutUrl must not be null");
ServerWebExchangeMatcher requiresLogout = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, logoutUrl);
return requiresLogout(requiresLogout);
}
public LogoutBuilder requiresLogout(ServerWebExchangeMatcher requiresLogout) {
this.logoutWebFilter.setRequiresLogout(requiresLogout);
return this;
}
public LogoutBuilder logoutSuccessHandler(ServerLogoutSuccessHandler handler) {
this.logoutSuccessHandler = handler;
this.logoutWebFilter.setServerLogoutSuccessHandler(handler);
return this;
}
@ -679,19 +674,7 @@ public class ServerHttpSecurity {
}
public void configure(ServerHttpSecurity http) {
LogoutWebFilter logoutWebFilter = createLogoutWebFilter(http);
http.addFilterAt(logoutWebFilter, SecurityWebFiltersOrder.LOGOUT);
}
private LogoutWebFilter createLogoutWebFilter(ServerHttpSecurity http) {
LogoutWebFilter logoutWebFilter = new LogoutWebFilter();
logoutWebFilter.setServerLogoutHandler(this.serverLogoutHandler);
logoutWebFilter.setRequiresLogout(this.requiresLogout);
if(this.logoutSuccessHandler != null) {
logoutWebFilter.setServerLogoutSuccessHandler(this.logoutSuccessHandler);
}
return logoutWebFilter;
http.addFilterAt(this.logoutWebFilter, SecurityWebFiltersOrder.LOGOUT);
}
private LogoutBuilder() {}

3
web/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java
View File

@ -16,6 +16,7 @@
package org.springframework.security.web.server.authentication.logout;
import org.springframework.http.HttpMethod;
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import org.springframework.util.Assert;
import reactor.core.publisher.Mono;
@ -46,7 +47,7 @@ public class LogoutWebFilter implements WebFilter {
private ServerLogoutSuccessHandler serverLogoutSuccessHandler = new RedirectServerLogoutSuccessHandler();
private ServerWebExchangeMatcher requiresLogout = ServerWebExchangeMatchers
.pathMatchers("/logout");
.pathMatchers(HttpMethod.POST, "/logout");
@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {