Merge pull request #9814 from azhwani/BAEL4178

BAEL-4178: How to disable spring security logout redirects
2020-08-10 14:52:03 -03:00 · 2020-08-10 14:52:03 -03:00 · ba7a7285fd
parent 67e82173b0 0c41375443
commit ba7a7285fd
4 changed files with 77 additions and 1 deletions
--- a/spring-5-security/src/main/java/com/baeldung/logoutredirects/LogoutApplication.java
+++ b/spring-5-security/src/main/java/com/baeldung/logoutredirects/LogoutApplication.java
@ -0,0 +1,13 @@
+package com.baeldung.logoutredirects;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class LogoutApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(LogoutApplication.class, args);
+    }
+
+}
--- a/spring-5-security/src/main/java/com/baeldung/logoutredirects/securityconfig/SpringSecurityConfig.java
+++ b/spring-5-security/src/main/java/com/baeldung/logoutredirects/securityconfig/SpringSecurityConfig.java
@ -0,0 +1,27 @@
+package com.baeldung.logoutredirects.securityconfig;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@EnableWebSecurity
+public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests(authz -> authz.mvcMatchers("/login")
+            .permitAll()
+            .anyRequest()
+            .authenticated())
+            .logout(logout -> logout.permitAll()
+                .logoutSuccessHandler((request, response, authentication) -> {
+                    response.setStatus(HttpServletResponse.SC_OK);
+                }));
+
+    }
+
+}
--- a/spring-5-security/src/main/resources/application.properties
+++ b/spring-5-security/src/main/resources/application.properties
@ -2,4 +2,6 @@ server.port=8081

 logging.level.root=INFO

-logging.level.com.baeldung.dsl.ClientErrorLoggingFilter=DEBUG
+logging.level.com.baeldung.dsl.ClientErrorLoggingFilter=DEBUG
+
+logging.level.org.springframework.security=DEBUG
--- a/spring-5-security/src/test/java/com/baeldung/logoutredirects/LogoutApplicationUnitTest.java
+++ b/spring-5-security/src/test/java/com/baeldung/logoutredirects/LogoutApplicationUnitTest.java
@ -0,0 +1,34 @@
+package com.baeldung.logoutredirects;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
+import org.springframework.security.test.context.support.WithMockUser;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.web.servlet.MockMvc;
+
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
+import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
+
+@RunWith(SpringRunner.class)
+@WebMvcTest()
+public class LogoutApplicationUnitTest {
+
+    @Autowired
+    private MockMvc mockMvc;
+
+    @WithMockUser(value = "spring")
+    @Test
+    public void whenLogout_thenDisableRedirect() throws Exception {
+
+        this.mockMvc.perform(post("/logout").with(csrf()))
+            .andExpect(status().isOk())
+            .andExpect(jsonPath("$").doesNotExist())
+            .andExpect(unauthenticated())
+            .andReturn();
+    }
+
+}