Merge pull request #11298 from azhwani/BAEL-5100
BAEL-5100: Update Manual Logout With Spring Security
This commit is contained in:
commit
d00d394011
|
@ -1,8 +1,17 @@
|
|||
package com.baeldung.manuallogout;
|
||||
|
||||
import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.CACHE;
|
||||
import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.COOKIES;
|
||||
import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.EXECUTION_CONTEXTS;
|
||||
import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.STORAGE;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.Cookie;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.annotation.Order;
|
||||
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
|
@ -10,25 +19,40 @@ import org.springframework.security.web.authentication.logout.HeaderWriterLogout
|
|||
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
|
||||
import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter;
|
||||
|
||||
import javax.servlet.http.Cookie;
|
||||
|
||||
import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.*;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class SimpleSecurityConfiguration {
|
||||
|
||||
private static Logger logger = LoggerFactory.getLogger(SimpleSecurityConfiguration.class);
|
||||
|
||||
@Order(4)
|
||||
@Configuration
|
||||
public static class LogoutOnRequestConfiguration extends WebSecurityConfigurerAdapter {
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.antMatcher("/request/**")
|
||||
.authorizeRequests(authz -> authz.anyRequest()
|
||||
.permitAll())
|
||||
.logout(logout -> logout.logoutUrl("/request/logout")
|
||||
.addLogoutHandler((request, response, auth) -> {
|
||||
try {
|
||||
request.logout();
|
||||
} catch (ServletException e) {
|
||||
logger.error(e.getMessage());
|
||||
}
|
||||
}));
|
||||
}
|
||||
}
|
||||
|
||||
@Order(3)
|
||||
@Configuration
|
||||
public static class DefaultLogoutConfiguration extends WebSecurityConfigurerAdapter {
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.antMatcher("/basic/**")
|
||||
.authorizeRequests(authz -> authz.anyRequest().permitAll())
|
||||
.logout(logout -> logout
|
||||
.logoutUrl("/basic/basiclogout")
|
||||
);
|
||||
http.antMatcher("/basic/**")
|
||||
.authorizeRequests(authz -> authz.anyRequest()
|
||||
.permitAll())
|
||||
.logout(logout -> logout.logoutUrl("/basic/basiclogout"));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -37,11 +61,10 @@ public class SimpleSecurityConfiguration {
|
|||
public static class AllCookieClearingLogoutConfiguration extends WebSecurityConfigurerAdapter {
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.antMatcher("/cookies/**")
|
||||
.authorizeRequests(authz -> authz.anyRequest().permitAll())
|
||||
.logout(logout -> logout
|
||||
.logoutUrl("/cookies/cookielogout")
|
||||
http.antMatcher("/cookies/**")
|
||||
.authorizeRequests(authz -> authz.anyRequest()
|
||||
.permitAll())
|
||||
.logout(logout -> logout.logoutUrl("/cookies/cookielogout")
|
||||
.addLogoutHandler(new SecurityContextLogoutHandler())
|
||||
.addLogoutHandler((request, response, auth) -> {
|
||||
for (Cookie cookie : request.getCookies()) {
|
||||
|
@ -50,8 +73,7 @@ public class SimpleSecurityConfiguration {
|
|||
cookieToDelete.setMaxAge(0);
|
||||
response.addCookie(cookieToDelete);
|
||||
}
|
||||
})
|
||||
);
|
||||
}));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -59,18 +81,15 @@ public class SimpleSecurityConfiguration {
|
|||
@Configuration
|
||||
public static class ClearSiteDataHeaderLogoutConfiguration extends WebSecurityConfigurerAdapter {
|
||||
|
||||
private static final ClearSiteDataHeaderWriter.Directive[] SOURCE =
|
||||
{CACHE, COOKIES, STORAGE, EXECUTION_CONTEXTS};
|
||||
private static final ClearSiteDataHeaderWriter.Directive[] SOURCE = { CACHE, COOKIES, STORAGE, EXECUTION_CONTEXTS };
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.antMatcher("/csd/**")
|
||||
.authorizeRequests(authz -> authz.anyRequest().permitAll())
|
||||
.logout(logout -> logout
|
||||
.logoutUrl("/csd/csdlogout")
|
||||
.addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(SOURCE)))
|
||||
);
|
||||
http.antMatcher("/csd/**")
|
||||
.authorizeRequests(authz -> authz.anyRequest()
|
||||
.permitAll())
|
||||
.logout(logout -> logout.logoutUrl("/csd/csdlogout")
|
||||
.addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(SOURCE))));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,5 +1,17 @@
|
|||
package com.baeldung.manuallogout;
|
||||
|
||||
import static org.junit.Assert.assertNull;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
|
||||
import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.cookie;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpSession;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
|
@ -7,20 +19,9 @@ import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
|
|||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpSession;
|
||||
import org.springframework.security.test.context.support.WithMockUser;
|
||||
import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
|
||||
import org.springframework.test.context.junit4.SpringRunner;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpSession;
|
||||
|
||||
import static org.junit.Assert.assertNull;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
|
||||
import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
|
||||
|
||||
@RunWith(SpringRunner.class)
|
||||
@WebMvcTest()
|
||||
public class ManualLogoutIntegrationTest {
|
||||
|
@ -39,7 +40,8 @@ public class ManualLogoutIntegrationTest {
|
|||
@Test
|
||||
public void givenLoggedUserWhenUserLogoutThenSessionClearedAndNecessaryCookieCleared() throws Exception {
|
||||
|
||||
this.mockMvc.perform(post("/basic/basiclogout").secure(true).with(csrf()))
|
||||
this.mockMvc.perform(post("/basic/basiclogout").secure(true)
|
||||
.with(csrf()))
|
||||
.andExpect(status().is3xxRedirection())
|
||||
.andExpect(unauthenticated())
|
||||
.andReturn();
|
||||
|
@ -55,7 +57,10 @@ public class ManualLogoutIntegrationTest {
|
|||
Cookie randomCookie = new Cookie(COOKIE_NAME, COOKIE_VALUE);
|
||||
randomCookie.setMaxAge(EXPIRY); // 10 minutes
|
||||
|
||||
MockHttpServletRequest requestStateAfterLogout = this.mockMvc.perform(post("/cookies/cookielogout").secure(true).with(csrf()).session(session).cookie(randomCookie))
|
||||
MockHttpServletRequest requestStateAfterLogout = this.mockMvc.perform(post("/cookies/cookielogout").secure(true)
|
||||
.with(csrf())
|
||||
.session(session)
|
||||
.cookie(randomCookie))
|
||||
.andExpect(status().is3xxRedirection())
|
||||
.andExpect(unauthenticated())
|
||||
.andExpect(cookie().maxAge(COOKIE_NAME, 0))
|
||||
|
@ -70,10 +75,22 @@ public class ManualLogoutIntegrationTest {
|
|||
@Test
|
||||
public void givenLoggedUserWhenUserLogoutThenClearDataSiteHeaderPresent() throws Exception {
|
||||
|
||||
this.mockMvc.perform(post("/csd/csdlogout").secure(true).with(csrf()))
|
||||
this.mockMvc.perform(post("/csd/csdlogout").secure(true)
|
||||
.with(csrf()))
|
||||
.andDo(print())
|
||||
.andExpect(status().is3xxRedirection())
|
||||
.andExpect(header().exists(CLEAR_SITE_DATA_HEADER))
|
||||
.andReturn();
|
||||
}
|
||||
|
||||
@WithMockUser(value = "spring")
|
||||
@Test
|
||||
public void givenLoggedUserWhenUserLogoutOnRequestThenSessionCleared() throws Exception {
|
||||
|
||||
this.mockMvc.perform(post("/request/logout").secure(true)
|
||||
.with(csrf()))
|
||||
.andExpect(status().is3xxRedirection())
|
||||
.andExpect(unauthenticated())
|
||||
.andReturn();
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue