mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-03-03 20:09:18 +00:00
Logout defaults to use Global SecurityContextServerLogoutHandler
Closes gh-8375
This commit is contained in:
Rob Winch
parent
ad8c49acae
commit
9a42a028e7
@ -3738,7 +3738,8 @@ public class ServerHttpSecurity {
|
|||||||
*/
|
*/
|
||||||
public final class LogoutSpec {
|
public final class LogoutSpec {
|
||||||
private LogoutWebFilter logoutWebFilter = new LogoutWebFilter();
|
private LogoutWebFilter logoutWebFilter = new LogoutWebFilter();
|
||||||
private List<ServerLogoutHandler> logoutHandlers = new ArrayList<>(Arrays.asList(new SecurityContextServerLogoutHandler()));
|
private final SecurityContextServerLogoutHandler DEFAULT_LOGOUT_HANDLER = new SecurityContextServerLogoutHandler();
|
||||||
|
private List<ServerLogoutHandler> logoutHandlers = new ArrayList<>(Arrays.asList(this.DEFAULT_LOGOUT_HANDLER));
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Configures the logout handler. Default is {@code SecurityContextServerLogoutHandler}
|
* Configures the logout handler. Default is {@code SecurityContextServerLogoutHandler}
|
||||||
@ -3802,6 +3803,10 @@ public class ServerHttpSecurity {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private ServerLogoutHandler createLogoutHandler() {
|
private ServerLogoutHandler createLogoutHandler() {
|
||||||
|
ServerSecurityContextRepository securityContextRepository = ServerHttpSecurity.this.securityContextRepository;
|
||||||
|
if (securityContextRepository != null) {
|
||||||
|
this.DEFAULT_LOGOUT_HANDLER.setSecurityContextRepository(securityContextRepository);
|
||||||
|
}
|
||||||
if (this.logoutHandlers.isEmpty()) {
|
if (this.logoutHandlers.isEmpty()) {
|
||||||
return null;
|
return null;
|
||||||
} else if (this.logoutHandlers.size() == 1) {
|
} else if (this.logoutHandlers.size() == 1) {
|
||||||
|
|||||||
@ -21,6 +21,7 @@ import org.openqa.selenium.WebDriver;
|
|||||||
import org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder;
|
import org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder;
|
||||||
import org.springframework.security.htmlunit.server.WebTestClientHtmlUnitDriverBuilder;
|
import org.springframework.security.htmlunit.server.WebTestClientHtmlUnitDriverBuilder;
|
||||||
import org.springframework.security.web.server.SecurityWebFilterChain;
|
import org.springframework.security.web.server.SecurityWebFilterChain;
|
||||||
|
import org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository;
|
||||||
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
|
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
|
||||||
import org.springframework.test.web.reactive.server.WebTestClient;
|
import org.springframework.test.web.reactive.server.WebTestClient;
|
||||||
import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
|
import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
|
||||||
@ -200,4 +201,46 @@ public class LogoutSpecTests {
|
|||||||
homePage
|
homePage
|
||||||
.assertAt();
|
.assertAt();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void logoutWhenCustomSecurityContextRepositoryThenLogsOut() {
|
||||||
|
WebSessionServerSecurityContextRepository repository = new WebSessionServerSecurityContextRepository();
|
||||||
|
repository.setSpringSecurityContextAttrName("CUSTOM_CONTEXT_ATTR");
|
||||||
|
SecurityWebFilterChain securityWebFilter = this.http
|
||||||
|
.securityContextRepository(repository)
|
||||||
|
.authorizeExchange()
|
||||||
|
.anyExchange().authenticated()
|
||||||
|
.and()
|
||||||
|
.formLogin()
|
||||||
|
.and()
|
||||||
|
.logout()
|
||||||
|
.and()
|
||||||
|
.build();
|
||||||
|
|
||||||
|
WebTestClient webTestClient = WebTestClientBuilder
|
||||||
|
.bindToWebFilters(securityWebFilter)
|
||||||
|
.build();
|
||||||
|
|
||||||
|
WebDriver driver = WebTestClientHtmlUnitDriverBuilder
|
||||||
|
.webTestClientSetup(webTestClient)
|
||||||
|
.build();
|
||||||
|
|
||||||
|
FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage.to(driver, FormLoginTests.DefaultLoginPage.class)
|
||||||
|
.assertAt();
|
||||||
|
|
||||||
|
FormLoginTests.HomePage homePage = loginPage.loginForm()
|
||||||
|
.username("user")
|
||||||
|
.password("password")
|
||||||
|
.submit(FormLoginTests.HomePage.class);
|
||||||
|
|
||||||
|
homePage.assertAt();
|
||||||
|
|
||||||
|
FormLoginTests.DefaultLogoutPage.to(driver)
|
||||||
|
.assertAt()
|
||||||
|
.logout();
|
||||||
|
|
||||||
|
FormLoginTests.HomePage.to(driver, FormLoginTests.DefaultLoginPage.class)
|
||||||
|
.assertAt();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -83,6 +83,7 @@ import org.springframework.security.web.server.authentication.RedirectServerAuth
|
|||||||
import org.springframework.security.web.server.authentication.ServerAuthenticationConverter;
|
import org.springframework.security.web.server.authentication.ServerAuthenticationConverter;
|
||||||
import org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler;
|
import org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler;
|
||||||
import org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler;
|
import org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler;
|
||||||
|
import org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler;
|
||||||
import org.springframework.security.web.server.context.ServerSecurityContextRepository;
|
import org.springframework.security.web.server.context.ServerSecurityContextRepository;
|
||||||
import org.springframework.security.web.server.savedrequest.ServerRequestCache;
|
import org.springframework.security.web.server.savedrequest.ServerRequestCache;
|
||||||
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
|
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
|
||||||
@ -716,6 +717,8 @@ public class OAuth2LoginTests {
|
|||||||
http
|
http
|
||||||
.csrf().disable()
|
.csrf().disable()
|
||||||
.logout()
|
.logout()
|
||||||
|
// avoid using mock ServerSecurityContextRepository for logout
|
||||||
|
.logoutHandler(new SecurityContextServerLogoutHandler())
|
||||||
.logoutSuccessHandler(
|
.logoutSuccessHandler(
|
||||||
new OidcClientInitiatedServerLogoutSuccessHandler(
|
new OidcClientInitiatedServerLogoutSuccessHandler(
|
||||||
new InMemoryReactiveClientRegistrationRepository(this.withLogout)))
|
new InMemoryReactiveClientRegistrationRepository(this.withLogout)))
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user