Merge pull request #8875 from dev-chirag/master

BAEL3901 Clear Site Data Headers in Spring Security
2020-03-26 22:57:34 -05:00 · 2020-03-26 22:57:34 -05:00 · 0681590c1c
parent 566c18ad7e 108cca4b4b
commit 0681590c1c
5 changed files with 144 additions and 0 deletions
--- a/spring-security-modules/spring-security-mvc/pom.xml
+++ b/spring-security-modules/spring-security-mvc/pom.xml
@ -64,9 +64,36 @@
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
+            <version>${spring.mvc.version}</version>
            <scope>test</scope>
        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-web</artifactId>
+            <version>${spring.mvc.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-config</artifactId>
+            <version>${spring.mvc.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-webmvc</artifactId>
+            <version>${spring.mvc.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>javax.servlet-api</artifactId>
+            <version>${javax.version}</version>
+        </dependency>
    </dependencies>
+    
+    <properties>
+        <spring.mvc.version>5.2.2.RELEASE</spring.mvc.version>
+        <javax.version>4.0.1</javax.version>
+    </properties>
+

    <build>
        <plugins>
--- a/spring-security-modules/spring-security-mvc/src/main/java/com/baeldung/clearsitedata/LogoutClearSiteDataController.java
+++ b/spring-security-modules/spring-security-mvc/src/main/java/com/baeldung/clearsitedata/LogoutClearSiteDataController.java
@ -0,0 +1,16 @@
+package com.baeldung.clearsitedata;
+
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+
+@Controller
+public class LogoutClearSiteDataController {
+
+    @GetMapping(value = "/baeldung/logout")
+    public ResponseEntity<String> logout(@PathVariable String name) {
+        return ResponseEntity.ok().build();
+    }
+
+}
--- a/spring-security-modules/spring-security-mvc/src/main/java/com/baeldung/clearsitedata/SpringSecurityConfig.java
+++ b/spring-security-modules/spring-security-mvc/src/main/java/com/baeldung/clearsitedata/SpringSecurityConfig.java
@ -0,0 +1,35 @@
+package com.baeldung.clearsitedata;
+
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler;
+import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter;
+
+import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.CACHE;
+import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.COOKIES;
+import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.STORAGE;
+
+@Configuration
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+
+        http.csrf()
+            .disable()
+            .formLogin()
+            .loginPage("/login.html")
+            .loginProcessingUrl("/perform_login")
+            .defaultSuccessUrl("/homepage.html", true)
+            .and()
+            .logout().logoutUrl("/baeldung/logout")
+            .addLogoutHandler(new HeaderWriterLogoutHandler(
+              new ClearSiteDataHeaderWriter(CACHE, COOKIES, STORAGE)));
+    }
+}
--- a/spring-security-modules/spring-security-mvc/src/main/java/com/baeldung/clearsitedata/WebConfig.java
+++ b/spring-security-modules/spring-security-mvc/src/main/java/com/baeldung/clearsitedata/WebConfig.java
@ -0,0 +1,19 @@
+package com.baeldung.clearsitedata;
+
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.CacheControl;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
+import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import org.springframework.web.servlet.mvc.WebContentInterceptor;
+
+import java.util.concurrent.TimeUnit;
+
+@EnableWebMvc
+@Configuration
+@ComponentScan(basePackages = {"com.baeldung.clearsitedata"})
+public class WebConfig implements WebMvcConfigurer {
+}
--- a/spring-security-modules/spring-security-mvc/src/test/java/com/baeldung/clearsitedata/LogoutClearSiteDataControllerUnitTest.java
+++ b/spring-security-modules/spring-security-mvc/src/test/java/com/baeldung/clearsitedata/LogoutClearSiteDataControllerUnitTest.java
@ -0,0 +1,47 @@
+package com.baeldung.clearsitedata;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
+import org.springframework.test.web.servlet.result.MockMvcResultHandlers;
+import org.springframework.test.web.servlet.result.MockMvcResultMatchers;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+import javax.servlet.Filter;
+
+@ExtendWith(SpringExtension.class)
+@WebAppConfiguration
+@ContextConfiguration(classes = {SpringSecurityConfig.class, WebConfig.class})
+public class LogoutClearSiteDataControllerUnitTest {
+
+    @Autowired
+    private WebApplicationContext wac;
+
+    @Autowired
+    private Filter springSecurityFilterChain;
+
+    private MockMvc mockMvc;
+
+    @BeforeEach
+    void setup() throws Exception {
+        this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).addFilters(springSecurityFilterChain).build();
+    }
+
+    @Test
+    void whenResponseBody_thenReturnCacheHeader() throws Exception {
+        this.mockMvc
+          .perform(MockMvcRequestBuilders
+          .get("/baeldung/logout").secure(true))
+          .andDo(MockMvcResultHandlers.print())
+          .andExpect(MockMvcResultMatchers.status().is(302))
+          .andExpect(MockMvcResultMatchers.header()
+            .string("Clear-Site-Data", "\"cache\", \"cookies\", \"storage\""));
+    }
+
+}