Polish Automatically Add CsrfServerLogoutHandler

Issue: gh-5337
2018-09-21 00:57:26 -05:00 · 2018-09-21 00:57:26 -05:00 · 45a9c0fd54
parent b060ec050a
commit 45a9c0fd54
1 changed files with 8 additions and 4 deletions
--- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@ -1608,7 +1608,7 @@ public class ServerHttpSecurity {
 		protected void configure(ServerHttpSecurity http) {
 			Optional.ofNullable(this.csrfTokenRepository).ifPresent(serverCsrfTokenRepository -> {
 				this.filter.setCsrfTokenRepository(serverCsrfTokenRepository);
-				http.logout().logoutHandler(new CsrfServerLogoutHandler(serverCsrfTokenRepository));
+				http.logout().addLogoutHandler(new CsrfServerLogoutHandler(serverCsrfTokenRepository));
 			});
 			http.addFilterAt(this.filter, SecurityWebFiltersOrder.CSRF);
 		}
@ -2350,10 +2350,14 @@ public class ServerHttpSecurity {
 		 * @return the {@link LogoutSpec} to configure
 		 */
 		public LogoutSpec logoutHandler(ServerLogoutHandler logoutHandler) {
-			if (logoutHandler != null) {
-				this.logoutHandlers.add(logoutHandler);
-			}
+			Assert.notNull(logoutHandler, "logoutHandler cannot be null");
+			this.logoutHandlers.clear();
+			return addLogoutHandler(logoutHandler);
+		}

+		private LogoutSpec addLogoutHandler(ServerLogoutHandler logoutHandler) {
+			Assert.notNull(logoutHandler, "logoutHandler cannot be null");
+			this.logoutHandlers.add(logoutHandler);
 			return this;
 		}