From 8c7fa85107ff13f90390aff5a5a9fdc6e58491af Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Thu, 12 Oct 2017 14:29:51 -0500 Subject: [PATCH] Polish ServerLogoutSuccessHandler Extract to be used by LogoutWebFilter Issue: gh-4616 --- .../logout/LogoutWebFilter.java | 19 ++++++++++++++++++- .../RedirectServerLogoutSuccessHandler.java | 3 ++- .../SecurityContextServerLogoutHandler.java | 15 +-------------- .../logout/ServerLogoutSuccessHandler.java | 3 ++- 4 files changed, 23 insertions(+), 17 deletions(-) diff --git a/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java b/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java index 9939da97c2..70ddcc9308 100644 --- a/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java +++ b/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java @@ -42,6 +42,8 @@ public class LogoutWebFilter implements WebFilter { private ServerLogoutHandler serverLogoutHandler = new SecurityContextServerLogoutHandler(); + private ServerLogoutSuccessHandler serverLogoutSuccessHandler = new RedirectServerLogoutSuccessHandler(); + private ServerWebExchangeMatcher requiresLogout = ServerWebExchangeMatchers .pathMatchers("/logout"); @@ -54,7 +56,7 @@ public class LogoutWebFilter implements WebFilter { .flatMap(this::flatMapAuthentication) .flatMap( authentication -> { WebFilterExchange webFilterExchange = new WebFilterExchange(exchange,chain); - return this.serverLogoutHandler.logout(webFilterExchange, authentication); + return logout(webFilterExchange, authentication); }); } @@ -64,6 +66,21 @@ public class LogoutWebFilter implements WebFilter { .defaultIfEmpty(this.anonymousAuthenticationToken); } + private Mono logout(WebFilterExchange webFilterExchange, Authentication authentication) { + return this.serverLogoutHandler.logout(webFilterExchange, authentication) + .then(this.serverLogoutSuccessHandler.onLogoutSuccess(webFilterExchange, authentication)); + } + + /** + * Sets the {@link ServerLogoutSuccessHandler}. The default is {@link RedirectServerLogoutSuccessHandler}. + * @param serverLogoutSuccessHandler the handler to use + */ + public void setServerLogoutSuccessHandler( + ServerLogoutSuccessHandler serverLogoutSuccessHandler) { + Assert.notNull(serverLogoutSuccessHandler, "serverLogoutSuccessHandler cannot be null"); + this.serverLogoutSuccessHandler = serverLogoutSuccessHandler; + } + public void setServerLogoutHandler(ServerLogoutHandler serverLogoutHandler) { Assert.notNull(serverLogoutHandler, "logoutHandler must not be null"); this.serverLogoutHandler = serverLogoutHandler; diff --git a/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/RedirectServerLogoutSuccessHandler.java b/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/RedirectServerLogoutSuccessHandler.java index 912ad371ed..546f0a6097 100644 --- a/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/RedirectServerLogoutSuccessHandler.java +++ b/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/RedirectServerLogoutSuccessHandler.java @@ -16,6 +16,7 @@ package org.springframework.security.web.server.authentication.logout; +import org.springframework.security.core.Authentication; import org.springframework.security.web.server.DefaultServerRedirectStrategy; import org.springframework.security.web.server.ServerRedirectStrategy; import org.springframework.security.web.server.WebFilterExchange; @@ -36,7 +37,7 @@ public class RedirectServerLogoutSuccessHandler implements ServerLogoutSuccessHa private ServerRedirectStrategy serverRedirectStrategy = new DefaultServerRedirectStrategy(); @Override - public Mono onLogoutSuccess(WebFilterExchange exchange) { + public Mono onLogoutSuccess(WebFilterExchange exchange, Authentication authentication) { return this.serverRedirectStrategy .sendRedirect(exchange.getExchange(), this.logoutSuccessUrl); } diff --git a/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/SecurityContextServerLogoutHandler.java b/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/SecurityContextServerLogoutHandler.java index c6f67e8efa..c3b70c44b9 100644 --- a/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/SecurityContextServerLogoutHandler.java +++ b/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/SecurityContextServerLogoutHandler.java @@ -37,23 +37,10 @@ import java.net.URI; public class SecurityContextServerLogoutHandler implements ServerLogoutHandler { private ServerSecurityContextRepository serverSecurityContextRepository = new WebSessionServerSecurityContextRepository(); - private ServerLogoutSuccessHandler serverLogoutSuccessHandler = new RedirectServerLogoutSuccessHandler(); - @Override public Mono logout(WebFilterExchange exchange, Authentication authentication) { - return this.serverSecurityContextRepository.save(exchange.getExchange(), null) - .then(this.serverLogoutSuccessHandler.onLogoutSuccess(exchange)); - } - - /** - * Sets the {@link ServerLogoutSuccessHandler}. The default is {@link RedirectServerLogoutSuccessHandler}. - * @param serverLogoutSuccessHandler the handler to use - */ - public void setServerLogoutSuccessHandler( - ServerLogoutSuccessHandler serverLogoutSuccessHandler) { - Assert.notNull(serverLogoutSuccessHandler, "serverLogoutSuccessHandler cannot be null"); - this.serverLogoutSuccessHandler = serverLogoutSuccessHandler; + return this.serverSecurityContextRepository.save(exchange.getExchange(), null); } /** diff --git a/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutSuccessHandler.java b/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutSuccessHandler.java index 7bacc41c65..66f96bb215 100644 --- a/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutSuccessHandler.java +++ b/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutSuccessHandler.java @@ -16,6 +16,7 @@ package org.springframework.security.web.server.authentication.logout; +import org.springframework.security.core.Authentication; import org.springframework.security.web.server.WebFilterExchange; import reactor.core.publisher.Mono; @@ -25,5 +26,5 @@ import reactor.core.publisher.Mono; */ public interface ServerLogoutSuccessHandler { - Mono onLogoutSuccess(WebFilterExchange exchange); + Mono onLogoutSuccess(WebFilterExchange exchange, Authentication authentication); }