Search in sources :

Example 1 with LogoutHandler

use of org.springframework.security.web.authentication.logout.LogoutHandler in project summerb by skarpushin.

the class RestLogoutFilter method doFilter.

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    if (requiresLogout(request, response)) {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        if (logger.isDebugEnabled()) {
            logger.debug("Logging out user '" + auth + "' and transferring to logout destination");
        }
        for (LogoutHandler handler : handlers) {
            handler.logout(request, response, auth);
        }
        response.setStatus(200);
        jsonResponseHelper.writeResponseBody("Logged out", response);
        return;
    }
    chain.doFilter(request, response);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Authentication(org.springframework.security.core.Authentication) HttpServletResponse(javax.servlet.http.HttpServletResponse) LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler)

Example 2 with LogoutHandler

use of org.springframework.security.web.authentication.logout.LogoutHandler in project spring-security by spring-projects.

the class Saml2LogoutConfigurer method createLogoutRequestProcessingFilter.

private Saml2LogoutRequestFilter createLogoutRequestProcessingFilter(RelyingPartyRegistrationResolver registrations) {
    LogoutHandler[] logoutHandlers = this.logoutHandlers.toArray(new LogoutHandler[0]);
    Saml2LogoutResponseResolver logoutResponseResolver = createSaml2LogoutResponseResolver(registrations);
    Saml2LogoutRequestFilter filter = new Saml2LogoutRequestFilter(registrations, this.logoutRequestConfigurer.logoutRequestValidator(), logoutResponseResolver, logoutHandlers);
    filter.setLogoutRequestMatcher(createLogoutRequestMatcher());
    return postProcess(filter);
}
Also used : Saml2LogoutRequestFilter(org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestFilter) Saml2LogoutResponseResolver(org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseResolver) CsrfLogoutHandler(org.springframework.security.web.csrf.CsrfLogoutHandler) LogoutSuccessEventPublishingLogoutHandler(org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler) SecurityContextLogoutHandler(org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler) LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler)

Example 3 with LogoutHandler

use of org.springframework.security.web.authentication.logout.LogoutHandler in project spring-security by spring-projects.

the class LogoutConfigurer method createLogoutFilter.

/**
 * Creates the {@link LogoutFilter} using the {@link LogoutHandler} instances, the
 * {@link #logoutSuccessHandler(LogoutSuccessHandler)} and the
 * {@link #logoutUrl(String)}.
 * @param http the builder to use
 * @return the {@link LogoutFilter} to use.
 */
private LogoutFilter createLogoutFilter(H http) {
    this.logoutHandlers.add(this.contextLogoutHandler);
    this.logoutHandlers.add(postProcess(new LogoutSuccessEventPublishingLogoutHandler()));
    LogoutHandler[] handlers = this.logoutHandlers.toArray(new LogoutHandler[0]);
    LogoutFilter result = new LogoutFilter(getLogoutSuccessHandler(), handlers);
    result.setLogoutRequestMatcher(getLogoutRequestMatcher(http));
    result = postProcess(result);
    return result;
}
Also used : LogoutSuccessEventPublishingLogoutHandler(org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler) LogoutSuccessEventPublishingLogoutHandler(org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler) SecurityContextLogoutHandler(org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler) CookieClearingLogoutHandler(org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler) LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler) LogoutFilter(org.springframework.security.web.authentication.logout.LogoutFilter)

Example 4 with LogoutHandler

use of org.springframework.security.web.authentication.logout.LogoutHandler in project spring-security by spring-projects.

the class RememberMeConfigurer method getRememberMeServices.

/**
 * Gets the {@link RememberMeServices} or creates the {@link RememberMeServices}.
 * @param http the {@link HttpSecurity} to lookup shared objects
 * @param key the {@link #key(String)}
 * @return the {@link RememberMeServices} to use
 * @throws Exception
 */
private RememberMeServices getRememberMeServices(H http, String key) throws Exception {
    if (this.rememberMeServices != null) {
        if (this.rememberMeServices instanceof LogoutHandler && this.logoutHandler == null) {
            this.logoutHandler = (LogoutHandler) this.rememberMeServices;
        }
        return this.rememberMeServices;
    }
    AbstractRememberMeServices tokenRememberMeServices = createRememberMeServices(http, key);
    tokenRememberMeServices.setParameter(this.rememberMeParameter);
    tokenRememberMeServices.setCookieName(this.rememberMeCookieName);
    if (this.rememberMeCookieDomain != null) {
        tokenRememberMeServices.setCookieDomain(this.rememberMeCookieDomain);
    }
    if (this.tokenValiditySeconds != null) {
        tokenRememberMeServices.setTokenValiditySeconds(this.tokenValiditySeconds);
    }
    if (this.useSecureCookie != null) {
        tokenRememberMeServices.setUseSecureCookie(this.useSecureCookie);
    }
    if (this.alwaysRemember != null) {
        tokenRememberMeServices.setAlwaysRemember(this.alwaysRemember);
    }
    tokenRememberMeServices.afterPropertiesSet();
    this.logoutHandler = tokenRememberMeServices;
    this.rememberMeServices = tokenRememberMeServices;
    return tokenRememberMeServices;
}
Also used : LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler) AbstractRememberMeServices(org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices)

Example 5 with LogoutHandler

use of org.springframework.security.web.authentication.logout.LogoutHandler in project spring-security by spring-projects.

the class Saml2LogoutConfigurerTests method saml2LogoutWhenLogoutGetThenLogsOutAndSendsLogoutRequest.

@Test
public void saml2LogoutWhenLogoutGetThenLogsOutAndSendsLogoutRequest() throws Exception {
    this.spring.register(Saml2LogoutWithHttpGet.class).autowire();
    MvcResult result = this.mvc.perform(get("/logout").with(authentication(this.user))).andExpect(status().isFound()).andReturn();
    String location = result.getResponse().getHeader("Location");
    LogoutHandler logoutHandler = this.spring.getContext().getBean(LogoutHandler.class);
    assertThat(location).startsWith("https://ap.example.org/logout/saml2/request");
    verify(logoutHandler).logout(any(), any(), any());
}
Also used : Matchers.containsString(org.hamcrest.Matchers.containsString) LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler) MvcResult(org.springframework.test.web.servlet.MvcResult) Test(org.junit.jupiter.api.Test)

Aggregations

LogoutHandler (org.springframework.security.web.authentication.logout.LogoutHandler)15 Test (org.junit.jupiter.api.Test)7 SecurityContextLogoutHandler (org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler)6 LogoutFilter (org.springframework.security.web.authentication.logout.LogoutFilter)5 LogoutSuccessEventPublishingLogoutHandler (org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler)5 ConcurrentSessionFilter (org.springframework.security.web.session.ConcurrentSessionFilter)4 Matchers.containsString (org.hamcrest.Matchers.containsString)3 MvcResult (org.springframework.test.web.servlet.MvcResult)3 SessionRegistry (org.springframework.security.core.session.SessionRegistry)2 CompositeLogoutHandler (org.springframework.security.web.authentication.logout.CompositeLogoutHandler)2 CsrfLogoutHandler (org.springframework.security.web.csrf.CsrfLogoutHandler)2 Date (java.util.Date)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 ApplicationContext (org.springframework.context.ApplicationContext)1 MockFilterChain (org.springframework.mock.web.MockFilterChain)1 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)1 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)1 MockHttpSession (org.springframework.mock.web.MockHttpSession)1 AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)1