GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add LogoutPageGeneratingWebFilter 

Fixes gh-4735
pull/4424/merge
Rob Winch 8 years ago
parent
0734d70d02
commit
5a5ec58ca4
5 changed files with 141 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      config/src/main/java/org/springframework/security/config/web/server/SecurityWebFiltersOrder.java
  2. 2
      config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
  3. 32
      config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
  4. 9
      config/src/test/java/org/springframework/security/config/web/server/LogoutBuilderTests.java
  5. 102
      web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java

1
config/src/main/java/org/springframework/security/config/web/server/SecurityWebFiltersOrder.java
Unescape View File

@ -41,6 +41,7 @@ public enum SecurityWebFiltersOrder { @@ -41,6 +41,7 @@ public enum SecurityWebFiltersOrder {
*/
REACTOR_CONTEXT,
LOGIN_PAGE_GENERATING,
LOGOUT_PAGE_GENERATING,
/**
* {@link org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter}
*/

2
config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
Unescape View File

@ -61,6 +61,7 @@ import org.springframework.security.web.server.header.StrictTransportSecuritySer @@ -61,6 +61,7 @@ import org.springframework.security.web.server.header.StrictTransportSecuritySer
import org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter;
import org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter;
import org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter;
import org.springframework.security.web.server.ui.LogoutPageGeneratingWebFilter;
import org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcherEntry;
@ -220,6 +221,7 @@ public class ServerHttpSecurity { @@ -220,6 +221,7 @@ public class ServerHttpSecurity {
}
if(this.formLogin.serverAuthenticationEntryPoint == null) {
this.webFilters.add(new OrderedWebFilter(new LoginPageGeneratingWebFilter(), SecurityWebFiltersOrder.LOGIN_PAGE_GENERATING.getOrder()));
this.webFilters.add(new OrderedWebFilter(new LogoutPageGeneratingWebFilter(), SecurityWebFiltersOrder.LOGOUT_PAGE_GENERATING.getOrder()));
}
this.formLogin.configure(this);
}

32
config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
Unescape View File

@ -78,9 +78,11 @@ public class FormLoginTests { @@ -78,9 +78,11 @@ public class FormLoginTests {
homePage.assertAt();
driver.get("http://localhost/logout");
loginPage = DefaultLogoutPage.to(driver)
.assertAt()
.logout();
DefaultLoginPage.create(driver)
loginPage
.assertAt()
.assertLogout();
}
@ -229,6 +231,32 @@ public class FormLoginTests { @@ -229,6 +231,32 @@ public class FormLoginTests {
}
}
public static class DefaultLogoutPage {
private WebDriver driver;
@FindBy(css = "button[type=submit]")
private WebElement submit;
public DefaultLogoutPage(WebDriver webDriver) {
this.driver = webDriver;
}
public DefaultLogoutPage assertAt() {
assertThat(this.driver.getTitle()).isEqualTo("Confirm Log Out?");
return this;
}
public DefaultLoginPage logout() {
this.submit.click();
return DefaultLoginPage.create(this.driver);
}
static DefaultLogoutPage to(WebDriver driver) {
driver.get("http://localhost/logout");
return PageFactory.initElements(driver, DefaultLogoutPage.class);
}
}
public static class HomePage {
private WebDriver driver;

9
config/src/test/java/org/springframework/security/config/web/server/LogoutBuilderTests.java
Unescape View File

@ -26,6 +26,7 @@ import org.springframework.security.core.userdetails.User; @@ -26,6 +26,7 @@ import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.htmlunit.server.WebTestClientHtmlUnitDriverBuilder;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
import org.springframework.test.web.reactive.server.WebTestClient;
import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
@ -70,9 +71,11 @@ public class LogoutBuilderTests { @@ -70,9 +71,11 @@ public class LogoutBuilderTests {
homePage.assertAt();
driver.get("http://localhost/logout");
loginPage = FormLoginTests.DefaultLogoutPage.to(driver)
.assertAt()
.logout();
FormLoginTests.DefaultLoginPage.create(driver)
loginPage
.assertAt()
.assertLogout();
}
@ -85,7 +88,7 @@ public class LogoutBuilderTests { @@ -85,7 +88,7 @@ public class LogoutBuilderTests {
.and()
.formLogin().and()
.logout()
.logoutUrl("/custom-logout")
.requiresLogout(ServerWebExchangeMatchers.pathMatchers("/custom-logout"))
.and()
.build();

102
web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java
Unescape View File

@ -0,0 +1,102 @@ @@ -0,0 +1,102 @@
/*
* Copyright 2002-2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.server.ui;
import org.springframework.core.io.buffer.DataBuffer;
import org.springframework.core.io.buffer.DataBufferFactory;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.security.web.server.csrf.CsrfToken;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
import org.springframework.util.MultiValueMap;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;
import java.nio.charset.Charset;
/**
* @author Rob Winch
* @since 5.0
*/
public class LogoutPageGeneratingWebFilter implements WebFilter {
private ServerWebExchangeMatcher matcher = ServerWebExchangeMatchers
.pathMatchers(HttpMethod.GET, "/logout");
@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
return this.matcher.matches(exchange)
.filter(ServerWebExchangeMatcher.MatchResult::isMatch)
.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
.flatMap(matchResult -> render(exchange));
}
private Mono<Void> render(ServerWebExchange exchange) {
ServerHttpResponse result = exchange.getResponse();
result.setStatusCode(HttpStatus.OK);
result.getHeaders().setContentType(MediaType.TEXT_HTML);
return result.writeWith(createBuffer(exchange));
// .doOnError( error -> DataBufferUtils.release(buffer));
}
private Mono<DataBuffer> createBuffer(ServerWebExchange exchange) {
Mono<CsrfToken> token = (Mono<CsrfToken>) exchange.getAttributes()
.getOrDefault(CsrfToken.class.getName(), Mono.<CsrfToken>empty());
return token
.map(LogoutPageGeneratingWebFilter::csrfToken)
.defaultIfEmpty("")
.map(csrfTokenHtmlInput -> {
byte[] bytes = createPage(csrfTokenHtmlInput);
DataBufferFactory bufferFactory = exchange.getResponse().bufferFactory();
return bufferFactory.wrap(bytes);
});
}
private static byte[] createPage(String csrfTokenHtmlInput) {
String page = "<!DOCTYPE html>\n"
+ "<html lang=\"en\">\n"
+ " <head>\n"
+ " <meta charset=\"utf-8\">\n"
+ " <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
+ " <meta name=\"description\" content=\"\">\n"
+ " <meta name=\"author\" content=\"\">\n"
+ " <title>Confirm Log Out?</title>\n"
+ " <link href=\"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" crossorigin=\"anonymous\">\n"
+ " <link href=\"http://getbootstrap.com/docs/4.0/examples/signin/signin.css\" rel=\"stylesheet\" crossorigin=\"anonymous\"/>\n"
+ " </head>\n"
+ " <body>\n"
+ " <div class=\"container\">\n"
+ " <form class=\"form-signin\" method=\"post\" action=\"/logout\">\n"
+ " <h2 class=\"form-signin-heading\">Are you sure you want to log out?</h2>\n"
+ csrfTokenHtmlInput
+ " <button class=\"btn btn-lg btn-primary btn-block\" type=\"submit\">Log Out</button>\n"
+ " </form>\n"
+ " </div>\n"
+ " </body>\n"
+ "</html>";
return page.getBytes(Charset.defaultCharset());
}
private static String csrfToken(CsrfToken token) {
return " <input type=\"hidden\" name=\"" + token.getParameterName() + "\" value=\"" + token.getToken() + "\">\n";
}
}
Write Preview
Loading…
Cancel
Save