Merge pull request #8875 from dev-chirag/master

BAEL3901 Clear Site Data Headers in Spring Security
This commit is contained in:
Eric Martin 2020-03-26 22:57:34 -05:00 committed by GitHub
commit 0681590c1c
5 changed files with 144 additions and 0 deletions

View File

@ -64,10 +64,37 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<version>${spring.mvc.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.mvc.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.mvc.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.mvc.version}</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>${javax.version}</version>
</dependency>
</dependencies>
<properties>
<spring.mvc.version>5.2.2.RELEASE</spring.mvc.version>
<javax.version>4.0.1</javax.version>
</properties>
<build>
<plugins>
<plugin>

View File

@ -0,0 +1,16 @@
package com.baeldung.clearsitedata;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
@Controller
public class LogoutClearSiteDataController {
@GetMapping(value = "/baeldung/logout")
public ResponseEntity<String> logout(@PathVariable String name) {
return ResponseEntity.ok().build();
}
}

View File

@ -0,0 +1,35 @@
package com.baeldung.clearsitedata;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler;
import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter;
import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.CACHE;
import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.COOKIES;
import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.STORAGE;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf()
.disable()
.formLogin()
.loginPage("/login.html")
.loginProcessingUrl("/perform_login")
.defaultSuccessUrl("/homepage.html", true)
.and()
.logout().logoutUrl("/baeldung/logout")
.addLogoutHandler(new HeaderWriterLogoutHandler(
new ClearSiteDataHeaderWriter(CACHE, COOKIES, STORAGE)));
}
}

View File

@ -0,0 +1,19 @@
package com.baeldung.clearsitedata;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.CacheControl;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.mvc.WebContentInterceptor;
import java.util.concurrent.TimeUnit;
@EnableWebMvc
@Configuration
@ComponentScan(basePackages = {"com.baeldung.clearsitedata"})
public class WebConfig implements WebMvcConfigurer {
}

View File

@ -0,0 +1,47 @@
package com.baeldung.clearsitedata;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit.jupiter.SpringExtension;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.result.MockMvcResultHandlers;
import org.springframework.test.web.servlet.result.MockMvcResultMatchers;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import org.springframework.web.context.WebApplicationContext;
import javax.servlet.Filter;
@ExtendWith(SpringExtension.class)
@WebAppConfiguration
@ContextConfiguration(classes = {SpringSecurityConfig.class, WebConfig.class})
public class LogoutClearSiteDataControllerUnitTest {
@Autowired
private WebApplicationContext wac;
@Autowired
private Filter springSecurityFilterChain;
private MockMvc mockMvc;
@BeforeEach
void setup() throws Exception {
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).addFilters(springSecurityFilterChain).build();
}
@Test
void whenResponseBody_thenReturnCacheHeader() throws Exception {
this.mockMvc
.perform(MockMvcRequestBuilders
.get("/baeldung/logout").secure(true))
.andDo(MockMvcResultHandlers.print())
.andExpect(MockMvcResultMatchers.status().is(302))
.andExpect(MockMvcResultMatchers.header()
.string("Clear-Site-Data", "\"cache\", \"cookies\", \"storage\""));
}
}