BAEL-3901 Clear Site Data Header in Spring Security

spring-security-modules/pom.xml

@@ -17,6 +17,7 @@
         <module>spring-security-acl</module>
         <module>spring-security-angular/server</module>
         <module>spring-security-cache-control</module>
+        <module>spring-security-clear-site-data</module>
         <module>spring-security-core</module>
         <module>spring-security-cors</module>
         <module>spring-security-kerberos</module>

spring-security-modules/spring-security-clear-site-data/pom.xml

@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>com.baeldung</groupId>
+  <artifactId>spring-security-clear-site-data</artifactId>
+  <version>1.0-SNAPSHOT</version>
+  <name>spring-security-clear-site-data</name>
+  
+  <parent>
+        <groupId>com.baeldung</groupId>
+        <artifactId>parent-boot-2</artifactId>
+        <version>0.0.1-SNAPSHOT</version>
+        <relativePath>../../parent-boot-2</relativePath>
+    </parent>
+
+  <dependencies>
+    <dependency>
+        <groupId>org.springframework.security</groupId>
+        <artifactId>spring-security-web</artifactId>
+        <version>${spring.mvc.version}</version>
+    </dependency>
+    <dependency>
+        <groupId>org.springframework.security</groupId>
+        <artifactId>spring-security-config</artifactId>
+        <version>${spring.mvc.version}</version>
+    </dependency>
+    <dependency>
+        <groupId>org.springframework.security</groupId>
+        <artifactId>spring-security-test</artifactId>
+        <version>${spring.mvc.version}</version>
+        <scope>test</scope>
+    </dependency>
+    <dependency>
+        <groupId>org.springframework</groupId>
+        <artifactId>spring-webmvc</artifactId>
+        <version>${spring.mvc.version}</version>
+    </dependency>
+    <dependency>
+        <groupId>javax.servlet</groupId>
+        <artifactId>javax.servlet-api</artifactId>
+        <version>${javax.version}</version>
+    </dependency>
+  
+  </dependencies>
+
+  <properties>
+    <spring.mvc.version>5.2.2.RELEASE</spring.mvc.version>
+    <javax.version>4.0.1</javax.version>
+  </properties>
+
+</project>

spring-security-modules/spring-security-clear-site-data/src/main/java/com/baeldung/LogoutClearSiteDataController.java

@@ -0,0 +1,16 @@
+package com.baeldung;
+
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+
+@Controller
+public class LogoutClearSiteDataController {
+
+    @GetMapping(value = "/baeldung/logout")
+    public ResponseEntity<String> logout(@PathVariable String name) {
+        return ResponseEntity.ok().build();
+    }
+
+}

spring-security-modules/spring-security-clear-site-data/src/main/java/com/baeldung/SpringSecurityConfig.java

@@ -0,0 +1,35 @@
+package com.baeldung;
+
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler;
+import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter;
+
+import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.CACHE;
+import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.COOKIES;
+import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.STORAGE;
+
+@Configuration
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+
+        http.csrf()
+            .disable()
+            .formLogin()
+            .loginPage("/login.html")
+            .loginProcessingUrl("/perform_login")
+            .defaultSuccessUrl("/homepage.html", true)
+            .and()
+            .logout().logoutUrl("/baeldung/logout")
+            .addLogoutHandler(new HeaderWriterLogoutHandler(
+              new ClearSiteDataHeaderWriter(CACHE, COOKIES, STORAGE)));
+    }
+}

spring-security-modules/spring-security-clear-site-data/src/main/java/com/baeldung/WebConfig.java

@@ -0,0 +1,19 @@
+package com.baeldung;
+
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.CacheControl;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
+import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import org.springframework.web.servlet.mvc.WebContentInterceptor;
+
+import java.util.concurrent.TimeUnit;
+
+@EnableWebMvc
+@Configuration
+@ComponentScan(basePackages = {"com.baeldung"})
+public class WebConfig implements WebMvcConfigurer {
+}

spring-security-modules/spring-security-clear-site-data/src/test/java/com/baeldung/LogoutClearSiteDataControllerUnitTest.java

@@ -0,0 +1,47 @@
+package com.baeldung;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
+import org.springframework.test.web.servlet.result.MockMvcResultHandlers;
+import org.springframework.test.web.servlet.result.MockMvcResultMatchers;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+import javax.servlet.Filter;
+
+@ExtendWith(SpringExtension.class)
+@WebAppConfiguration
+@ContextConfiguration(classes = {SpringSecurityConfig.class, WebConfig.class})
+public class LogoutClearSiteDataControllerUnitTest {
+
+    @Autowired
+    private WebApplicationContext wac;
+
+    @Autowired
+    private Filter springSecurityFilterChain;
+
+    private MockMvc mockMvc;
+
+    @BeforeEach
+    void setup() throws Exception {
+        this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).addFilters(springSecurityFilterChain).build();
+    }
+
+    @Test
+    void whenResponseBody_thenReturnCacheHeader() throws Exception {
+        this.mockMvc
+          .perform(MockMvcRequestBuilders
+          .get("/baeldung/logout").secure(true))
+          .andDo(MockMvcResultHandlers.print())
+          .andExpect(MockMvcResultMatchers.status().is(302))
+          .andExpect(MockMvcResultMatchers.header()
+            .string("Clear-Site-Data", "\"cache\", \"cookies\", \"storage\""));
+    }
+
+}