Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CookieClearingLogoutHandler updates based on comments 

Changed the implementation to use an anonymous function
Issue: gh-6078
This commit is contained in:
John Coyne 2018-11-22 10:52:35 -06:00 committed by Rob Winch
parent 14c2d96c86
commit 7618d236c4
1 changed files with 24 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
View File

@ -16,6 +16,8 @@
package org.springframework.security.web.authentication.logout; package org.springframework.security.web.authentication.logout;
import java.util.*; import java.util.*;
import java.util.function.Function;
import javax.servlet.http.Cookie; import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
@ -33,40 +35,45 @@ import org.springframework.util.Assert;
* @since 3.1 * @since 3.1
*/ */
public final class CookieClearingLogoutHandler implements LogoutHandler { public final class CookieClearingLogoutHandler implements LogoutHandler {
private final List<Object> cookiesToClear; private final List<Function<HttpServletRequest, Cookie>> cookiesToClear;
public CookieClearingLogoutHandler(String... cookiesToClear) { public CookieClearingLogoutHandler(String... cookiesToClear) {
Assert.notNull(cookiesToClear, "List of cookies cannot be null"); Assert.notNull(cookiesToClear, "List of cookies cannot be null");
this.cookiesToClear = Arrays.asList((Object[]) cookiesToClear); List<Function<HttpServletRequest, Cookie>> cookieList = new ArrayList<>();
for (String cookieName : cookiesToClear) {
Function<HttpServletRequest, Cookie> f = (request) -> {
Cookie cookie = new Cookie(cookieName, null);
String cookiePath = request.getContextPath() + "/";
cookie.setPath(cookiePath);
cookie.setMaxAge(0);
return cookie;
};
cookieList.add(f);
}
this.cookiesToClear = cookieList;
} }
/** /**
* @since 5.X * @since 5.2
* @param cookiesToClear - One or more Cookie objects that must have maxAge of 0 * @param cookiesToClear - One or more Cookie objects that must have maxAge of 0
*/ */
public CookieClearingLogoutHandler(Cookie... cookiesToClear) { public CookieClearingLogoutHandler(Cookie... cookiesToClear) {
Assert.notNull(cookiesToClear, "List of cookies cannot be null"); Assert.notNull(cookiesToClear, "List of cookies cannot be null");
List<Object> cookieList = new ArrayList<Object>(); List<Function<HttpServletRequest, Cookie>> cookieList = new ArrayList<>();
for (Cookie cookie : cookiesToClear) { for (Cookie cookie : cookiesToClear) {
Assert.isTrue(cookie.getMaxAge() == 0, "Cookie maxAge must be 0"); Assert.isTrue(cookie.getMaxAge() == 0, "Cookie maxAge must be 0");
cookieList.add(cookie); Function<HttpServletRequest, Cookie> f = (request) -> {
return cookie;
};
cookieList.add(f);
} }
this.cookiesToClear = cookieList; this.cookiesToClear = cookieList;
} }
public void logout(HttpServletRequest request, HttpServletResponse response, public void logout(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) { Authentication authentication) {
for (Object cookie : cookiesToClear) { cookiesToClear.forEach(
Cookie realCookie = null; f -> response.addCookie(f.apply(request))
if (cookie instanceof String) { );
realCookie = new Cookie((String) cookie, null);
String cookiePath = request.getContextPath() + "/";
realCookie.setPath(cookiePath);
realCookie.setMaxAge(0);
}else if (cookie instanceof Cookie){
realCookie = (Cookie) cookie;
}
response.addCookie(realCookie);
}
} }
} }