From dc3f4c6221bf8cf484e6b37c3c0e1151263a93b0 Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Wed, 11 Oct 2017 14:58:09 -0500 Subject: [PATCH] Add ServerLogoutSuccessHandler Fixes gh-4616 --- .../RedirectServerLogoutSuccessHandler.java | 52 +++++++++++++++++++ .../SecurityContextServerLogoutHandler.java | 20 +++---- .../logout/ServerLogoutSuccessHandler.java | 29 +++++++++++ 3 files changed, 89 insertions(+), 12 deletions(-) create mode 100644 webflux/src/main/java/org/springframework/security/web/server/authentication/logout/RedirectServerLogoutSuccessHandler.java create mode 100644 webflux/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutSuccessHandler.java diff --git a/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/RedirectServerLogoutSuccessHandler.java b/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/RedirectServerLogoutSuccessHandler.java new file mode 100644 index 0000000000..23f85cffdc --- /dev/null +++ b/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/RedirectServerLogoutSuccessHandler.java @@ -0,0 +1,52 @@ +/* + * Copyright 2002-2017 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.web.server.authentication.logout; + +import org.springframework.security.web.server.DefaultServerRedirectStrategy; +import org.springframework.security.web.server.ServerRedirectStrategy; +import org.springframework.security.web.server.WebFilterExchange; +import org.springframework.util.Assert; +import reactor.core.publisher.Mono; + +import java.net.URI; + +/** + * @author Rob Winch + * @since 5.0 + */ +public class RedirectServerLogoutSuccessHandler implements ServerLogoutSuccessHandler { + public static final String DEFAULT_LOGOUT_SUCCESS_URL = "/login?logout"; + + private URI logoutSuccessUrl = URI.create(DEFAULT_LOGOUT_SUCCESS_URL); + + private ServerRedirectStrategy serverRedirectStrategy = new DefaultServerRedirectStrategy(); + + @Override + public Mono onLogoutSuccess(WebFilterExchange exchange) { + return this.serverRedirectStrategy + .sendRedirect(exchange.getExchange(), this.logoutSuccessUrl); + } + + /** + * The URL to redirect to after successfully logging out. + * @param logoutSuccessUrl the url to redirect to. Default is "/login?logout". + */ + public void setLogoutSuccessUrl(URI logoutSuccessUrl) { + Assert.notNull(logoutSuccessUrl, "logoutSuccessUrl cannot be null"); + this.logoutSuccessUrl = logoutSuccessUrl; + } +} diff --git a/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/SecurityContextServerLogoutHandler.java b/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/SecurityContextServerLogoutHandler.java index 8e10cab935..c6f67e8efa 100644 --- a/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/SecurityContextServerLogoutHandler.java +++ b/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/SecurityContextServerLogoutHandler.java @@ -35,29 +35,25 @@ import java.net.URI; * @since 5.0 */ public class SecurityContextServerLogoutHandler implements ServerLogoutHandler { - public static final String DEFAULT_LOGOUT_SUCCESS_URL = "/login?logout"; - private ServerSecurityContextRepository serverSecurityContextRepository = new WebSessionServerSecurityContextRepository(); - private URI logoutSuccessUrl = URI.create(DEFAULT_LOGOUT_SUCCESS_URL); - - private ServerRedirectStrategy serverRedirectStrategy = new DefaultServerRedirectStrategy(); + private ServerLogoutSuccessHandler serverLogoutSuccessHandler = new RedirectServerLogoutSuccessHandler(); @Override public Mono logout(WebFilterExchange exchange, Authentication authentication) { return this.serverSecurityContextRepository.save(exchange.getExchange(), null) - .then(this.serverRedirectStrategy - .sendRedirect(exchange.getExchange(), this.logoutSuccessUrl)); + .then(this.serverLogoutSuccessHandler.onLogoutSuccess(exchange)); } /** - * The URL to redirect to after successfully logging out. - * @param logoutSuccessUrl the url to redirect to. Default is "/login?logout". + * Sets the {@link ServerLogoutSuccessHandler}. The default is {@link RedirectServerLogoutSuccessHandler}. + * @param serverLogoutSuccessHandler the handler to use */ - public void setLogoutSuccessUrl(URI logoutSuccessUrl) { - Assert.notNull(logoutSuccessUrl, "logoutSuccessUrl cannot be null"); - this.logoutSuccessUrl = logoutSuccessUrl; + public void setServerLogoutSuccessHandler( + ServerLogoutSuccessHandler serverLogoutSuccessHandler) { + Assert.notNull(serverLogoutSuccessHandler, "serverLogoutSuccessHandler cannot be null"); + this.serverLogoutSuccessHandler = serverLogoutSuccessHandler; } /** diff --git a/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutSuccessHandler.java b/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutSuccessHandler.java new file mode 100644 index 0000000000..d97d48dfdc --- /dev/null +++ b/webflux/src/main/java/org/springframework/security/web/server/authentication/logout/ServerLogoutSuccessHandler.java @@ -0,0 +1,29 @@ +/* + * Copyright 2002-2017 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.web.server.authentication.logout; + +import org.springframework.security.web.server.WebFilterExchange; +import reactor.core.publisher.Mono; + +/** + * @author Rob Winch + * @since 5.0 + */ +public interface ServerLogoutSuccessHandler { + + Mono onLogoutSuccess(WebFilterExchange exchange); +}