GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Polish LogoutBuilder 

Issue gh-4603
pull/4623/head
Rob Winch 8 years ago
parent
79e749790f
commit
370fc48afe
4 changed files with 44 additions and 11 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      config/src/main/java/org/springframework/security/config/annotation/web/reactive/HttpSecurityConfiguration.java
  2. 42
      config/src/main/java/org/springframework/security/config/web/server/HttpSecurity.java
  3. 1
      config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
  4. 9
      config/src/test/java/org/springframework/security/config/web/server/LogoutBuilderTests.java

3
config/src/main/java/org/springframework/security/config/annotation/web/reactive/HttpSecurityConfiguration.java
Unescape View File

@ -68,7 +68,8 @@ public class HttpSecurityConfiguration implements WebFluxConfigurer {
.authenticationManager(authenticationManager()) .authenticationManager(authenticationManager())
.headers().and() .headers().and()
.httpBasic().and() .httpBasic().and()
.formLogin().and(); .formLogin().and()
.logout().and();
} }
private ReactiveAuthenticationManager authenticationManager() { private ReactiveAuthenticationManager authenticationManager() {

42
config/src/main/java/org/springframework/security/config/web/server/HttpSecurity.java
Unescape View File

@ -24,8 +24,17 @@ import org.springframework.security.authorization.AuthenticatedAuthorizationMana
import org.springframework.security.authorization.AuthorityAuthorizationManager; import org.springframework.security.authorization.AuthorityAuthorizationManager;
import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.ReactiveAuthorizationManager; import org.springframework.security.authorization.ReactiveAuthorizationManager;
import org.springframework.security.web.server.*; import org.springframework.security.web.server.AuthenticationEntryPoint;
import org.springframework.security.web.server.authentication.*; import org.springframework.security.web.server.DelegatingAuthenticationEntryPoint;
import org.springframework.security.web.server.FormLoginAuthenticationConverter;
import org.springframework.security.web.server.HttpBasicAuthenticationConverter;
import org.springframework.security.web.server.MatcherSecurityWebFilterChain;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authentication.AuthenticationEntryPointFailureHandler;
import org.springframework.security.web.server.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.server.authentication.AuthenticationWebFilter;
import org.springframework.security.web.server.authentication.RedirectAuthenticationEntryPoint;
import org.springframework.security.web.server.authentication.RedirectAuthenticationSuccessHandler;
import org.springframework.security.web.server.authentication.logout.LogoutHandler; import org.springframework.security.web.server.authentication.logout.LogoutHandler;
import org.springframework.security.web.server.authentication.logout.LogoutWebFilter; import org.springframework.security.web.server.authentication.logout.LogoutWebFilter;
import org.springframework.security.web.server.authentication.logout.SecurityContextRepositoryLogoutHandler; import org.springframework.security.web.server.authentication.logout.SecurityContextRepositoryLogoutHandler;
@ -34,8 +43,19 @@ import org.springframework.security.web.server.authorization.AuthorizationContex
import org.springframework.security.web.server.authorization.AuthorizationWebFilter; import org.springframework.security.web.server.authorization.AuthorizationWebFilter;
import org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager; import org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager;
import org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter; import org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter;
import org.springframework.security.web.server.context.*; import org.springframework.security.web.server.context.AuthenticationReactorContextFilter;
import org.springframework.security.web.server.header.*; import org.springframework.security.web.server.context.SecurityContextRepository;
import org.springframework.security.web.server.context.SecurityContextRepositoryWebFilter;
import org.springframework.security.web.server.context.ServerWebExchangeAttributeSecurityContextRepository;
import org.springframework.security.web.server.context.WebSessionSecurityContextRepository;
import org.springframework.security.web.server.header.CacheControlHttpHeadersWriter;
import org.springframework.security.web.server.header.CompositeHttpHeadersWriter;
import org.springframework.security.web.server.header.ContentTypeOptionsHttpHeadersWriter;
import org.springframework.security.web.server.header.HttpHeaderWriterWebFilter;
import org.springframework.security.web.server.header.HttpHeadersWriter;
import org.springframework.security.web.server.header.StrictTransportSecurityHttpHeadersWriter;
import org.springframework.security.web.server.header.XFrameOptionsHttpHeadersWriter;
import org.springframework.security.web.server.header.XXssProtectionHttpHeadersWriter;
import org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter; import org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter;
import org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher; import org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher; import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
@ -177,7 +197,6 @@ public class HttpSecurity {
this.webFilters.add(new OrderedWebFilter(new LoginPageGeneratingWebFilter(), SecurityWebFiltersOrder.LOGIN_PAGE_GENERATING.getOrder())); this.webFilters.add(new OrderedWebFilter(new LoginPageGeneratingWebFilter(), SecurityWebFiltersOrder.LOGIN_PAGE_GENERATING.getOrder()));
} }
this.formLogin.configure(this); this.formLogin.configure(this);
this.addFilterAt(new LogoutWebFilter(), SecurityWebFiltersOrder.LOGOUT);
} }
if(this.logout != null) { if(this.logout != null) {
this.logout.configure(this); this.logout.configure(this);
@ -536,9 +555,11 @@ public class HttpSecurity {
public final class LogoutBuilder { public final class LogoutBuilder {
private LogoutHandler logoutHandler = new SecurityContextRepositoryLogoutHandler(); private LogoutHandler logoutHandler = new SecurityContextRepositoryLogoutHandler();
private String logoutUrl = "/logout"; private String logoutUrl = "/logout";
private ServerWebExchangeMatcher requiresLogout = ServerWebExchangeMatchers private ServerWebExchangeMatcher requiresLogout = ServerWebExchangeMatchers
.pathMatchers(logoutUrl); .pathMatchers(this.logoutUrl);
public LogoutBuilder logoutHandler(LogoutHandler logoutHandler) { public LogoutBuilder logoutHandler(LogoutHandler logoutHandler) {
Assert.notNull(logoutHandler, "logoutHandler must not be null"); Assert.notNull(logoutHandler, "logoutHandler must not be null");
@ -547,12 +568,17 @@ public class HttpSecurity {
} }
public LogoutBuilder logoutUrl(String logoutUrl) { public LogoutBuilder logoutUrl(String logoutUrl) {
Assert.notNull(logoutHandler, "logoutUrl must not be null"); Assert.notNull(this.logoutHandler, "logoutUrl must not be null");
this.logoutUrl = logoutUrl; this.logoutUrl = logoutUrl;
this.requiresLogout = ServerWebExchangeMatchers.pathMatchers(logoutUrl); this.requiresLogout = ServerWebExchangeMatchers.pathMatchers(logoutUrl);
return this; return this;
} }
public HttpSecurity disable() {
HttpSecurity.this.logout = null;
return and();
}
public HttpSecurity and() { public HttpSecurity and() {
return HttpSecurity.this; return HttpSecurity.this;
} }
@ -569,6 +595,8 @@ public class HttpSecurity {
return logoutWebFilter; return logoutWebFilter;
} }
private LogoutBuilder() {}
} }
private static class OrderedWebFilter implements WebFilter, Ordered { private static class OrderedWebFilter implements WebFilter, Ordered {

1
config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
Unescape View File

@ -55,6 +55,7 @@ public class FormLoginTests {
.anyExchange().authenticated() .anyExchange().authenticated()
.and() .and()
.formLogin().and() .formLogin().and()
.logout().and()
.build(); .build();
WebTestClient webTestClient = WebTestClientBuilder WebTestClient webTestClient = WebTestClientBuilder

9
config/src/test/java/org/springframework/security/config/web/server/LogoutBuilderTests.java
Unescape View File

@ -47,6 +47,7 @@ public class LogoutBuilderTests {
.anyExchange().authenticated() .anyExchange().authenticated()
.and() .and()
.formLogin().and() .formLogin().and()
.logout().and()
.build(); .build();
WebTestClient webTestClient = WebTestClientBuilder WebTestClient webTestClient = WebTestClientBuilder
@ -85,10 +86,12 @@ public class LogoutBuilderTests {
SecurityWebFilterChain securityWebFilter = this.http SecurityWebFilterChain securityWebFilter = this.http
.authenticationManager(this.manager) .authenticationManager(this.manager)
.authorizeExchange() .authorizeExchange()
.anyExchange().authenticated() .anyExchange().authenticated()
.and() .and()
.formLogin().and() .formLogin().and()
.logout().logoutUrl("/custom-logout").and() .logout()
.logoutUrl("/custom-logout")
.and()
.build(); .build();
WebTestClient webTestClient = WebTestClientBuilder WebTestClient webTestClient = WebTestClientBuilder

Write Preview
Loading…
Cancel
Save