From 886d7c1fbf773f0768c821a682c319d461676bff Mon Sep 17 00:00:00 2001
From: h_sharifi <h_sharifi@modernisc.com>
Date: Wed, 14 Sep 2022 11:03:04 +0430
Subject: [PATCH] #BAEL-5443: add logout handler

---
 .../keycloak/KeycloakLogoutHandler.java       | 45 +++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/keycloak/KeycloakLogoutHandler.java

diff --git a/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/keycloak/KeycloakLogoutHandler.java b/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/keycloak/KeycloakLogoutHandler.java
new file mode 100644
index 0000000000..06c41e9b1d
--- /dev/null
+++ b/spring-boot-modules/spring-boot-keycloak/src/main/java/com/baeldung/keycloak/KeycloakLogoutHandler.java
@@ -0,0 +1,45 @@
+package com.baeldung.keycloak;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.core.oidc.user.OidcUser;
+import org.springframework.security.web.authentication.logout.LogoutHandler;
+import org.springframework.stereotype.Component;
+import org.springframework.web.client.RestTemplate;
+import org.springframework.web.util.UriComponentsBuilder;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@Component
+public class KeycloakLogoutHandler implements LogoutHandler {
+
+    private static final Logger logger = LoggerFactory.getLogger(KeycloakLogoutHandler.class);
+    private final RestTemplate restTemplate;
+
+    public KeycloakLogoutHandler(RestTemplate restTemplate) {
+        this.restTemplate = restTemplate;
+    }
+
+    @Override
+    public void logout(HttpServletRequest request, HttpServletResponse response, Authentication auth) {
+        logoutFromKeycloak((OidcUser) auth.getPrincipal());
+    }
+
+    private void logoutFromKeycloak(OidcUser user) {
+        String endSessionEndpoint = user.getIssuer() + "/protocol/openid-connect/logout";
+        UriComponentsBuilder builder = UriComponentsBuilder
+          .fromUriString(endSessionEndpoint)
+          .queryParam("id_token_hint", user.getIdToken().getTokenValue());
+
+        ResponseEntity<String> logoutResponse = restTemplate.getForEntity(builder.toUriString(), String.class);
+        if (logoutResponse.getStatusCode().is2xxSuccessful()) {
+            logger.info("Successfulley logged out from Keycloak");
+        } else {
+            logger.error("Could not propagate logout to Keycloak");
+        }
+    }
+
+}