Example 6 with LogoutHandler
use of org.springframework.security.web.authentication.logout.LogoutHandler in project spring-security by spring-projects.
the class Saml2LogoutConfigurerTests method logoutWhenDefaultsAndNotSaml2LoginThenDefaultLogout.
@Test
public void logoutWhenDefaultsAndNotSaml2LoginThenDefaultLogout() throws Exception {
this.spring.register(Saml2LogoutDefaultsConfig.class).autowire();
TestingAuthenticationToken user = new TestingAuthenticationToken("user", "password");
MvcResult result = this.mvc.perform(post("/logout").with(authentication(user)).with(csrf())).andExpect(status().isFound()).andReturn();
String location = result.getResponse().getHeader("Location");
LogoutHandler logoutHandler = this.spring.getContext().getBean(LogoutHandler.class);
assertThat(location).isEqualTo("/login?logout");
verify(logoutHandler).logout(any(), any(), any());
}
Also used :
Matchers.containsString(org.hamcrest.Matchers.containsString)
LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
MvcResult(org.springframework.test.web.servlet.MvcResult)
Test(org.junit.jupiter.api.Test)
Example 7 with LogoutHandler
use of org.springframework.security.web.authentication.logout.LogoutHandler in project spring-security by spring-projects.
the class ServletApiConfigurerTests method checkSecurityContextAwareAndLogoutFilterHasSameSizeAndHasLogoutSuccessEventPublishingLogoutHandler.
@Test
public void checkSecurityContextAwareAndLogoutFilterHasSameSizeAndHasLogoutSuccessEventPublishingLogoutHandler() {
this.spring.register(ServletApiWithLogoutConfig.class);
SecurityContextHolderAwareRequestFilter scaFilter = getFilter(SecurityContextHolderAwareRequestFilter.class);
LogoutFilter logoutFilter = getFilter(LogoutFilter.class);
LogoutHandler lfLogoutHandler = getFieldValue(logoutFilter, "handler");
assertThat(lfLogoutHandler).isInstanceOf(CompositeLogoutHandler.class);
List<LogoutHandler> scaLogoutHandlers = getFieldValue(scaFilter, "logoutHandlers");
List<LogoutHandler> lfLogoutHandlers = getFieldValue(lfLogoutHandler, "logoutHandlers");
assertThat(scaLogoutHandlers).hasSameSizeAs(lfLogoutHandlers);
assertThat(scaLogoutHandlers).hasAtLeastOneElementOfType(LogoutSuccessEventPublishingLogoutHandler.class);
assertThat(lfLogoutHandlers).hasAtLeastOneElementOfType(LogoutSuccessEventPublishingLogoutHandler.class);
}
Also used :
SecurityContextHolderAwareRequestFilter(org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter)
LogoutFilter(org.springframework.security.web.authentication.logout.LogoutFilter)
LogoutSuccessEventPublishingLogoutHandler(org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler)
LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler)
CompositeLogoutHandler(org.springframework.security.web.authentication.logout.CompositeLogoutHandler)
Test(org.junit.jupiter.api.Test)
Example 8 with LogoutHandler
use of org.springframework.security.web.authentication.logout.LogoutHandler in project spring-security by spring-projects.
the class ConcurrentSessionFilterTests method doFilterWhenCustomLogoutHandlersThenHandlersUsed.
@Test
public void doFilterWhenCustomLogoutHandlersThenHandlersUsed() throws Exception {
LogoutHandler handler = mock(LogoutHandler.class);
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpSession session = new MockHttpSession();
request.setSession(session);
MockHttpServletResponse response = new MockHttpServletResponse();
SessionRegistry registry = mock(SessionRegistry.class);
SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000));
information.expireNow();
given(registry.getSessionInformation(anyString())).willReturn(information);
ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry);
filter.setLogoutHandlers(new LogoutHandler[] { handler });
filter.doFilter(request, response, new MockFilterChain());
verify(handler).logout(eq(request), eq(response), any());
}
Also used :
SessionInformation(org.springframework.security.core.session.SessionInformation)
SessionRegistry(org.springframework.security.core.session.SessionRegistry)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
MockHttpSession(org.springframework.mock.web.MockHttpSession)
ConcurrentSessionFilter(org.springframework.security.web.session.ConcurrentSessionFilter)
SecurityContextLogoutHandler(org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler)
LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler)
MockFilterChain(org.springframework.mock.web.MockFilterChain)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Date(java.util.Date)
Test(org.junit.jupiter.api.Test)
Example 9 with LogoutHandler
use of org.springframework.security.web.authentication.logout.LogoutHandler in project motech by motech.
the class SecurityRuleBuilder method addLogoutFilter.
private void addLogoutFilter(List<Filter> filters, MotechURLSecurityRule securityRule) {
if (securityRule.isRest()) {
return;
}
LogoutHandler springLogoutHandler = new SecurityContextLogoutHandler();
LogoutFilter logoutFilter = new LogoutFilter("/module/server/login", motechLogoutHandler, springLogoutHandler);
logoutFilter.setFilterProcessesUrl("/module/server/j_spring_security_logout");
filters.add(logoutFilter);
}
Also used :
SecurityContextLogoutHandler(org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler)
LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler)
SecurityContextLogoutHandler(org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler)
LogoutFilter(org.springframework.security.web.authentication.logout.LogoutFilter)
Example 10 with LogoutHandler
use of org.springframework.security.web.authentication.logout.LogoutHandler in project spring-security by spring-projects.
the class ServletApiConfigurer method configure.
@Override
@SuppressWarnings("unchecked")
public void configure(H http) {
this.securityContextRequestFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
ExceptionHandlingConfigurer<H> exceptionConf = http.getConfigurer(ExceptionHandlingConfigurer.class);
AuthenticationEntryPoint authenticationEntryPoint = (exceptionConf != null) ? exceptionConf.getAuthenticationEntryPoint(http) : null;
this.securityContextRequestFilter.setAuthenticationEntryPoint(authenticationEntryPoint);
LogoutConfigurer<H> logoutConf = http.getConfigurer(LogoutConfigurer.class);
List<LogoutHandler> logoutHandlers = (logoutConf != null) ? logoutConf.getLogoutHandlers() : null;
this.securityContextRequestFilter.setLogoutHandlers(logoutHandlers);
AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);
if (trustResolver != null) {
this.securityContextRequestFilter.setTrustResolver(trustResolver);
}
ApplicationContext context = http.getSharedObject(ApplicationContext.class);
if (context != null) {
String[] grantedAuthorityDefaultsBeanNames = context.getBeanNamesForType(GrantedAuthorityDefaults.class);
if (grantedAuthorityDefaultsBeanNames.length == 1) {
GrantedAuthorityDefaults grantedAuthorityDefaults = context.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
this.securityContextRequestFilter.setRolePrefix(grantedAuthorityDefaults.getRolePrefix());
}
}
this.securityContextRequestFilter = postProcess(this.securityContextRequestFilter);
http.addFilter(this.securityContextRequestFilter);
}
Also used :
AuthenticationManager(org.springframework.security.authentication.AuthenticationManager)
ApplicationContext(org.springframework.context.ApplicationContext)
GrantedAuthorityDefaults(org.springframework.security.config.core.GrantedAuthorityDefaults)
AuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint)
LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler)
AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver)
Aggregations
LogoutHandler (org.springframework.security.web.authentication.logout.LogoutHandler)15
Test (org.junit.jupiter.api.Test)7
SecurityContextLogoutHandler (org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler)6
LogoutFilter (org.springframework.security.web.authentication.logout.LogoutFilter)5
LogoutSuccessEventPublishingLogoutHandler (org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler)5
ConcurrentSessionFilter (org.springframework.security.web.session.ConcurrentSessionFilter)4
Matchers.containsString (org.hamcrest.Matchers.containsString)3
MvcResult (org.springframework.test.web.servlet.MvcResult)3
SessionRegistry (org.springframework.security.core.session.SessionRegistry)2
CompositeLogoutHandler (org.springframework.security.web.authentication.logout.CompositeLogoutHandler)2
CsrfLogoutHandler (org.springframework.security.web.csrf.CsrfLogoutHandler)2
Date (java.util.Date)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
ApplicationContext (org.springframework.context.ApplicationContext)1
MockFilterChain (org.springframework.mock.web.MockFilterChain)1
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)1
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)1
MockHttpSession (org.springframework.mock.web.MockHttpSession)1
AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)1
