From af0a6efaab489aee4a75ae082d8868950c422196 Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Wed, 11 Oct 2017 14:18:43 -0500 Subject: [PATCH] Polish SecurityContextServerLogoutHandler --- .../SecurityContextServerLogoutHandler.java | 38 +++++++++++++++++-- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/SecurityContextServerLogoutHandler.java b/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/SecurityContextServerLogoutHandler.java index 85bbb28661..8e10cab935 100644 --- a/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/SecurityContextServerLogoutHandler.java +++ b/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/SecurityContextServerLogoutHandler.java @@ -22,25 +22,55 @@ import org.springframework.security.web.server.ServerRedirectStrategy; import org.springframework.security.web.server.context.ServerSecurityContextRepository; import org.springframework.security.web.server.WebFilterExchange; import org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository; +import org.springframework.util.Assert; import reactor.core.publisher.Mono; import java.net.URI; /** + * A {@link ServerLogoutHandler} which removes the SecurityContext using the provided + * {@link ServerSecurityContextRepository} + * * @author Rob Winch * @since 5.0 */ public class SecurityContextServerLogoutHandler implements ServerLogoutHandler { - private ServerSecurityContextRepository repository = new WebSessionServerSecurityContextRepository(); + public static final String DEFAULT_LOGOUT_SUCCESS_URL = "/login?logout"; - private URI logoutSuccessUrl = URI.create("/login?logout"); + private ServerSecurityContextRepository serverSecurityContextRepository = new WebSessionServerSecurityContextRepository(); + + private URI logoutSuccessUrl = URI.create(DEFAULT_LOGOUT_SUCCESS_URL); private ServerRedirectStrategy serverRedirectStrategy = new DefaultServerRedirectStrategy(); @Override public Mono logout(WebFilterExchange exchange, Authentication authentication) { - return this.repository.save(exchange.getExchange(), null) - .then(this.serverRedirectStrategy.sendRedirect(exchange.getExchange(), this.logoutSuccessUrl)); + return this.serverSecurityContextRepository.save(exchange.getExchange(), null) + .then(this.serverRedirectStrategy + .sendRedirect(exchange.getExchange(), this.logoutSuccessUrl)); + } + + /** + * The URL to redirect to after successfully logging out. + * @param logoutSuccessUrl the url to redirect to. Default is "/login?logout". + */ + public void setLogoutSuccessUrl(URI logoutSuccessUrl) { + Assert.notNull(logoutSuccessUrl, "logoutSuccessUrl cannot be null"); + this.logoutSuccessUrl = logoutSuccessUrl; + } + + /** + * Sets the {@link ServerSecurityContextRepository} that should be used for logging + * out. Default is {@link WebSessionServerSecurityContextRepository} + * + * @param serverSecurityContextRepository the {@link ServerSecurityContextRepository} + * to use. + */ + public void setServerSecurityContextRepository( + ServerSecurityContextRepository serverSecurityContextRepository) { + Assert.notNull(serverSecurityContextRepository, + "serverSecurityContextRepository cannot be null"); + this.serverSecurityContextRepository = serverSecurityContextRepository; } }