Apply DefaultLoginPageConfigurer before logout
If they are not applied in this order, then the LogoutConfigurer cannot set the logoutSuccessUrl, because the DefaultLoginPageGeneratingFilter does not exist yet. This impacts users that inject the default HttpSecurity bean. Closes gh-9973
This commit is contained in:
parent
bfeb6bd756
commit
fdd017d935
|
@ -94,8 +94,8 @@ class HttpSecurityConfiguration {
|
|||
.requestCache(withDefaults())
|
||||
.anonymous(withDefaults())
|
||||
.servletApi(withDefaults())
|
||||
.logout(withDefaults())
|
||||
.apply(new DefaultLoginPageConfigurer<>());
|
||||
http.logout(withDefaults());
|
||||
// @formatter:on
|
||||
return http;
|
||||
}
|
||||
|
|
|
@ -187,6 +187,18 @@ public class HttpSecurityConfigurationTests {
|
|||
this.mockMvc.perform(get("/login")).andExpect(status().isOk());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loginWhenUsingDefaultsThenDefaultLoginFailurePageGenerated() throws Exception {
|
||||
this.spring.register(SecurityEnabledConfig.class).autowire();
|
||||
this.mockMvc.perform(get("/login?error")).andExpect(status().isOk());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loginWhenUsingDefaultsThenDefaultLogoutSuccessPageGenerated() throws Exception {
|
||||
this.spring.register(SecurityEnabledConfig.class).autowire();
|
||||
this.mockMvc.perform(get("/login?logout")).andExpect(status().isOk());
|
||||
}
|
||||
|
||||
@RestController
|
||||
static class NameController {
|
||||
|
||||
|
|
Loading…
Reference in New Issue