diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandler.java new file mode 100644 index 0000000000..8d61e46053 --- /dev/null +++ b/web/src/main/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandler.java @@ -0,0 +1,56 @@ +/* + * Copyright 2002-2017 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.web.authentication.logout; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.security.core.Authentication; +import org.springframework.security.web.util.UrlUtils; +import org.springframework.util.Assert; + +/** + * {@link LogoutSuccessHandler} implementation that will perform a request dispatcher + * "forward" to the specified target URL. + * + * @author Vedran Pavic + * @since 5.0 + */ +public class ForwardLogoutSuccessHandler implements LogoutSuccessHandler { + + private final String targetUrl; + + /** + * Construct a new {@link ForwardLogoutSuccessHandler} with the given target URL. + * @param targetUrl the target URL + */ + public ForwardLogoutSuccessHandler(String targetUrl) { + Assert.isTrue(UrlUtils.isValidRedirectUrl(targetUrl), "'" + targetUrl + + "' is not a valid target URL"); + this.targetUrl = targetUrl; + } + + @Override + public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, + Authentication authentication) throws IOException, ServletException { + request.getRequestDispatcher(this.targetUrl).forward(request, response); + } + +} diff --git a/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java new file mode 100644 index 0000000000..c265628a96 --- /dev/null +++ b/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java @@ -0,0 +1,73 @@ +/* + * Copyright 2002-2017 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.web.authentication.logout; + +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.ExpectedException; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.security.core.Authentication; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.mock; + +/** + * Tests for {@link ForwardLogoutSuccessHandler}. + * + * @author Vedran Pavic + */ +public class ForwardLogoutSuccessHandlerTests { + + @Rule + public ExpectedException thrown = ExpectedException.none(); + + @Test + public void invalidTargetUrl() { + String targetUrl = "not.valid"; + + this.thrown.expect(IllegalArgumentException.class); + this.thrown.expectMessage("'" + targetUrl + "' is not a valid target URL"); + + new ForwardLogoutSuccessHandler(targetUrl); + } + + @Test + public void emptyTargetUrl() { + String targetUrl = " "; + + this.thrown.expect(IllegalArgumentException.class); + this.thrown.expectMessage("'" + targetUrl + "' is not a valid target URL"); + + new ForwardLogoutSuccessHandler(targetUrl); + } + + @Test + public void logoutSuccessIsHandled() throws Exception { + String targetUrl = "/login?logout"; + ForwardLogoutSuccessHandler handler = new ForwardLogoutSuccessHandler(targetUrl); + + MockHttpServletRequest request = new MockHttpServletRequest(); + MockHttpServletResponse response = new MockHttpServletResponse(); + Authentication authentication = mock(Authentication.class); + + handler.onLogoutSuccess(request, response, authentication); + + assertThat(response.getForwardedUrl()).isEqualTo(targetUrl); + } + +}