diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/manuallogout/SimpleSecurityConfiguration.java b/spring-security-modules/spring-5-security/src/main/java/com/baeldung/manuallogout/SimpleSecurityConfiguration.java index 08c2d83b99..303a139215 100644 --- a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/manuallogout/SimpleSecurityConfiguration.java +++ b/spring-security-modules/spring-5-security/src/main/java/com/baeldung/manuallogout/SimpleSecurityConfiguration.java @@ -1,8 +1,17 @@ package com.baeldung.manuallogout; +import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.CACHE; +import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.COOKIES; +import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.EXECUTION_CONTEXTS; +import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.STORAGE; + +import javax.servlet.ServletException; +import javax.servlet.http.Cookie; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; - import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; @@ -10,25 +19,40 @@ import org.springframework.security.web.authentication.logout.HeaderWriterLogout import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler; import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter; -import javax.servlet.http.Cookie; - -import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.*; - @Configuration @EnableWebSecurity public class SimpleSecurityConfiguration { + private static Logger logger = LoggerFactory.getLogger(SimpleSecurityConfiguration.class); + + @Order(4) + @Configuration + public static class LogoutOnRequestConfiguration extends WebSecurityConfigurerAdapter { + @Override + protected void configure(HttpSecurity http) throws Exception { + http.antMatcher("/request/**") + .authorizeRequests(authz -> authz.anyRequest() + .permitAll()) + .logout(logout -> logout.logoutUrl("/request/logout") + .addLogoutHandler((request, response, auth) -> { + try { + request.logout(); + } catch (ServletException e) { + logger.error(e.getMessage()); + } + })); + } + } + @Order(3) @Configuration public static class DefaultLogoutConfiguration extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { - http - .antMatcher("/basic/**") - .authorizeRequests(authz -> authz.anyRequest().permitAll()) - .logout(logout -> logout - .logoutUrl("/basic/basiclogout") - ); + http.antMatcher("/basic/**") + .authorizeRequests(authz -> authz.anyRequest() + .permitAll()) + .logout(logout -> logout.logoutUrl("/basic/basiclogout")); } } @@ -37,11 +61,10 @@ public class SimpleSecurityConfiguration { public static class AllCookieClearingLogoutConfiguration extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { - http - .antMatcher("/cookies/**") - .authorizeRequests(authz -> authz.anyRequest().permitAll()) - .logout(logout -> logout - .logoutUrl("/cookies/cookielogout") + http.antMatcher("/cookies/**") + .authorizeRequests(authz -> authz.anyRequest() + .permitAll()) + .logout(logout -> logout.logoutUrl("/cookies/cookielogout") .addLogoutHandler(new SecurityContextLogoutHandler()) .addLogoutHandler((request, response, auth) -> { for (Cookie cookie : request.getCookies()) { @@ -50,8 +73,7 @@ public class SimpleSecurityConfiguration { cookieToDelete.setMaxAge(0); response.addCookie(cookieToDelete); } - }) - ); + })); } } @@ -59,18 +81,15 @@ public class SimpleSecurityConfiguration { @Configuration public static class ClearSiteDataHeaderLogoutConfiguration extends WebSecurityConfigurerAdapter { - private static final ClearSiteDataHeaderWriter.Directive[] SOURCE = - {CACHE, COOKIES, STORAGE, EXECUTION_CONTEXTS}; + private static final ClearSiteDataHeaderWriter.Directive[] SOURCE = { CACHE, COOKIES, STORAGE, EXECUTION_CONTEXTS }; @Override protected void configure(HttpSecurity http) throws Exception { - http - .antMatcher("/csd/**") - .authorizeRequests(authz -> authz.anyRequest().permitAll()) - .logout(logout -> logout - .logoutUrl("/csd/csdlogout") - .addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(SOURCE))) - ); + http.antMatcher("/csd/**") + .authorizeRequests(authz -> authz.anyRequest() + .permitAll()) + .logout(logout -> logout.logoutUrl("/csd/csdlogout") + .addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(SOURCE)))); } } } diff --git a/spring-security-modules/spring-5-security/src/test/java/com/baeldung/manuallogout/ManualLogoutIntegrationTest.java b/spring-security-modules/spring-5-security/src/test/java/com/baeldung/manuallogout/ManualLogoutIntegrationTest.java index 8909dc2620..06dc01e116 100644 --- a/spring-security-modules/spring-5-security/src/test/java/com/baeldung/manuallogout/ManualLogoutIntegrationTest.java +++ b/spring-security-modules/spring-5-security/src/test/java/com/baeldung/manuallogout/ManualLogoutIntegrationTest.java @@ -1,5 +1,17 @@ package com.baeldung.manuallogout; +import static org.junit.Assert.assertNull; +import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf; +import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; +import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.cookie; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpSession; + import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; @@ -7,20 +19,9 @@ import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpSession; import org.springframework.security.test.context.support.WithMockUser; -import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices; import org.springframework.test.context.junit4.SpringRunner; import org.springframework.test.web.servlet.MockMvc; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpSession; - -import static org.junit.Assert.assertNull; -import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf; -import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated; -import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; -import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*; - @RunWith(SpringRunner.class) @WebMvcTest() public class ManualLogoutIntegrationTest { @@ -39,10 +40,11 @@ public class ManualLogoutIntegrationTest { @Test public void givenLoggedUserWhenUserLogoutThenSessionClearedAndNecessaryCookieCleared() throws Exception { - this.mockMvc.perform(post("/basic/basiclogout").secure(true).with(csrf())) - .andExpect(status().is3xxRedirection()) - .andExpect(unauthenticated()) - .andReturn(); + this.mockMvc.perform(post("/basic/basiclogout").secure(true) + .with(csrf())) + .andExpect(status().is3xxRedirection()) + .andExpect(unauthenticated()) + .andReturn(); } @WithMockUser(value = "spring") @@ -55,12 +57,15 @@ public class ManualLogoutIntegrationTest { Cookie randomCookie = new Cookie(COOKIE_NAME, COOKIE_VALUE); randomCookie.setMaxAge(EXPIRY); // 10 minutes - MockHttpServletRequest requestStateAfterLogout = this.mockMvc.perform(post("/cookies/cookielogout").secure(true).with(csrf()).session(session).cookie(randomCookie)) - .andExpect(status().is3xxRedirection()) - .andExpect(unauthenticated()) - .andExpect(cookie().maxAge(COOKIE_NAME, 0)) - .andReturn() - .getRequest(); + MockHttpServletRequest requestStateAfterLogout = this.mockMvc.perform(post("/cookies/cookielogout").secure(true) + .with(csrf()) + .session(session) + .cookie(randomCookie)) + .andExpect(status().is3xxRedirection()) + .andExpect(unauthenticated()) + .andExpect(cookie().maxAge(COOKIE_NAME, 0)) + .andReturn() + .getRequest(); HttpSession sessionStateAfterLogout = requestStateAfterLogout.getSession(); assertNull(sessionStateAfterLogout.getAttribute(ATTRIBUTE_NAME)); @@ -70,10 +75,22 @@ public class ManualLogoutIntegrationTest { @Test public void givenLoggedUserWhenUserLogoutThenClearDataSiteHeaderPresent() throws Exception { - this.mockMvc.perform(post("/csd/csdlogout").secure(true).with(csrf())) - .andDo(print()) - .andExpect(status().is3xxRedirection()) - .andExpect(header().exists(CLEAR_SITE_DATA_HEADER)) - .andReturn(); + this.mockMvc.perform(post("/csd/csdlogout").secure(true) + .with(csrf())) + .andDo(print()) + .andExpect(status().is3xxRedirection()) + .andExpect(header().exists(CLEAR_SITE_DATA_HEADER)) + .andReturn(); + } + + @WithMockUser(value = "spring") + @Test + public void givenLoggedUserWhenUserLogoutOnRequestThenSessionCleared() throws Exception { + + this.mockMvc.perform(post("/request/logout").secure(true) + .with(csrf())) + .andExpect(status().is3xxRedirection()) + .andExpect(unauthenticated()) + .andReturn(); } } \ No newline at end of file