Bael 3970 (#9236)

* Manual logout with Spring Security
- Basic manual logout
- logout with Clear Data Site Header

* Add missing annotation for controller. Change mapping URL value.

* Add intergration tests for manual logouts.

* BAEL-3970 - Add asserts on test. Fix tests names. Remove unused imports.

* BAEL-3970 - Use PostMapping annotation. Remove unnecessary information for security configuration.

* remove logout controllers

* Add multiple entrypoints configurations. Create custom handlers for different logouts (basic, cookie clearing, clear-site-data).

* Refactor configuration with lambda DSL.

* BAEL-3970 - Remove unnecessary handler for basic logout. Fix integration tests for basic logout.

spring-5-security/src/main/java/com/baeldung/manuallogout/SimpleSecurityConfiguration.java

@@ -2,14 +2,12 @@ package com.baeldung.manuallogout;
 
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler;
 import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler;
 import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
-import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
 import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter;
 
 import javax.servlet.http.Cookie;
@@ -30,8 +28,6 @@ public class SimpleSecurityConfiguration {
                 .authorizeRequests(authz -> authz.anyRequest().permitAll())
                 .logout(logout -> logout
                     .logoutUrl("/basic/basiclogout")
-                            .addLogoutHandler(new SecurityContextLogoutHandler())
-                            .addLogoutHandler(new CookieClearingLogoutHandler(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY))
                 );
         }
     }
@@ -54,8 +50,8 @@ public class SimpleSecurityConfiguration {
                             cookieToDelete.setMaxAge(0);
                             response.addCookie(cookieToDelete);
                         }
-                                    }
+                    })
-                            ));
+                );
         }
     }
 

spring-5-security/src/test/java/com/baeldung/manuallogout/ManualLogoutIntegrationTest.java

@@ -39,15 +39,10 @@ public class ManualLogoutIntegrationTest {
     @Test
     public void givenLoggedUserWhenUserLogoutThenSessionClearedAndNecessaryCookieCleared() throws Exception {
 
-        MockHttpServletRequest requestStateAfterLogout = this.mockMvc.perform(post("/basic/basiclogout").secure(true).with(csrf()))
+        this.mockMvc.perform(post("/basic/basiclogout").secure(true).with(csrf()))
                 .andExpect(status().is3xxRedirection())
                 .andExpect(unauthenticated())
-                .andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 0))
+                .andReturn();
-                .andReturn()
-                .getRequest();
-
-        HttpSession sessionStateAfterLogout = requestStateAfterLogout.getSession();
-        assertNull(sessionStateAfterLogout.getAttribute(ATTRIBUTE_NAME));
     }
 
     @WithMockUser(value = "spring")