From 7618d236c4562491fb2cead8f866c04dabdca21f Mon Sep 17 00:00:00 2001
From: John Coyne <john.coyne@gmail.com>
Date: Thu, 22 Nov 2018 10:52:35 -0600
Subject: [PATCH] CookieClearingLogoutHandler updates based on comments Changed
 the implementation to use an anonymous function Issue: gh-6078

---
 .../logout/CookieClearingLogoutHandler.java   | 41 +++++++++++--------
 1 file changed, 24 insertions(+), 17 deletions(-)

diff --git a/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java b/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
index c3c50de457..c80c6bcf79 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
@@ -16,6 +16,8 @@
 package org.springframework.security.web.authentication.logout;
 
 import java.util.*;
+import java.util.function.Function;
+
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -33,40 +35,45 @@ import org.springframework.util.Assert;
  * @since 3.1
  */
 public final class CookieClearingLogoutHandler implements LogoutHandler {
-	private final List<Object> cookiesToClear;
+	private final List<Function<HttpServletRequest, Cookie>> cookiesToClear;
 
 	public CookieClearingLogoutHandler(String... cookiesToClear) {
 		Assert.notNull(cookiesToClear, "List of cookies cannot be null");
-		this.cookiesToClear =  Arrays.asList((Object[]) cookiesToClear);
+		List<Function<HttpServletRequest, Cookie>> cookieList = new ArrayList<>();
+		for (String cookieName : cookiesToClear) {
+			Function<HttpServletRequest, Cookie> f = (request) -> {
+				Cookie cookie = new Cookie(cookieName, null);
+				String cookiePath = request.getContextPath() + "/";
+				cookie.setPath(cookiePath);
+				cookie.setMaxAge(0);
+				return cookie;
+			};
+			cookieList.add(f);
+		}
+		this.cookiesToClear =  cookieList;
 	}
 
 	/**
-	 * @since 5.X
+	 * @since 5.2
 	 * @param cookiesToClear - One or more Cookie objects that must have maxAge of 0
 	 */
 	public CookieClearingLogoutHandler(Cookie... cookiesToClear) {
 		Assert.notNull(cookiesToClear, "List of cookies cannot be null");
-		List<Object> cookieList = new ArrayList<Object>();
+		List<Function<HttpServletRequest, Cookie>> cookieList = new ArrayList<>();
 		for (Cookie cookie : cookiesToClear) {
 			Assert.isTrue(cookie.getMaxAge() == 0, "Cookie maxAge must be 0");
-			cookieList.add(cookie);
+			Function<HttpServletRequest, Cookie> f = (request) -> {
+				return cookie;
+			};
+			cookieList.add(f);
 		}
 		this.cookiesToClear = cookieList;
 	}
 
 	public void logout(HttpServletRequest request, HttpServletResponse response,
 			Authentication authentication) {
-		for (Object cookie : cookiesToClear) {
-			Cookie realCookie = null;
-			if (cookie instanceof String) {
-				realCookie = new Cookie((String) cookie, null);
-				String cookiePath = request.getContextPath() + "/";
-				realCookie.setPath(cookiePath);
-				realCookie.setMaxAge(0);
-			}else if (cookie instanceof Cookie){
-				realCookie = (Cookie) cookie;
-			}
-			response.addCookie(realCookie);
-		}
+		cookiesToClear.forEach(
+			f -> response.addCookie(f.apply(request))
+		);
 	}
 }