@Bean(HTTPSECURITY_BEAN_NAME) @Scope("prototype") public ServerHttpSecurity httpSecurity() { ContextAwareServerHttpSecurity http = new ContextAwareServerHttpSecurity(); return http .authenticationManager(authenticationManager()) .headers().and() .logout().and(); }
/** * Configures what URL a POST to will trigger a log out. * @param logoutUrl the url to trigger a log out (i.e. "/signout" would mean a POST to "/signout" would trigger * log out) * @return the {@link LogoutSpec} to configure */ public LogoutSpec logoutUrl(String logoutUrl) { Assert.notNull(logoutUrl, "logoutUrl must not be null"); ServerWebExchangeMatcher requiresLogout = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, logoutUrl); return requiresLogout(requiresLogout); }
/** * Configures the logout handler. Default is {@code SecurityContextServerLogoutHandler} * @param logoutHandler * @return the {@link LogoutSpec} to configure */ public LogoutSpec logoutHandler(ServerLogoutHandler logoutHandler) { Assert.notNull(logoutHandler, "logoutHandler cannot be null"); this.logoutHandlers.clear(); return addLogoutHandler(logoutHandler); }
this.logout.configure(this);
/** * Configures log out. An example configuration can be found below: * * <pre class="code"> * @Bean * public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { * http * // ... * .logout() * // configures how log out is done * .logoutHandler(logoutHandler) * // log out will be performed on POST /signout * .logoutUrl("/signout") * // configure what is done on logout success * .logoutSuccessHandler(successHandler); * return http.build(); * } * </pre> * @return the {@link LogoutSpec} to customize */ public LogoutSpec logout() { if (this.logout == null) { this.logout = new LogoutSpec(); } return this.logout; }
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { log.info("Configuring SecurityWebFilterChain ..."); formLogin(http); // Configure form login authorizeExchange(http); // configure authorization oauth2Login(http); // configure OAuth2 login return http .securityContextRepository(NoOpServerSecurityContextRepository.getInstance()) .exceptionHandling() .accessDeniedHandler(accessDeniedHandler()) .authenticationEntryPoint(authenticationEntryPoint()) .and() .cors() .and() .csrf().disable() .addFilterAt(tokenAuthenticationFilter(), SecurityWebFiltersOrder.AUTHENTICATION) .logout().disable() .build(); }
protected void configure(ServerHttpSecurity http) { createLogoutHandler().ifPresent(this.logoutWebFilter::setLogoutHandler); http.addFilterAt(this.logoutWebFilter, SecurityWebFiltersOrder.LOGOUT); }
/** * Configures the logout handler. Default is {@code SecurityContextServerLogoutHandler} * @param logoutHandler * @return the {@link LogoutSpec} to configure */ public LogoutSpec logoutHandler(ServerLogoutHandler logoutHandler) { Assert.notNull(logoutHandler, "logoutHandler cannot be null"); this.logoutHandlers.clear(); return addLogoutHandler(logoutHandler); }
@Bean(HTTPSECURITY_BEAN_NAME) @Scope("prototype") public ServerHttpSecurity httpSecurity() { ContextAwareServerHttpSecurity http = new ContextAwareServerHttpSecurity(); return http .authenticationManager(authenticationManager()) .headers().and() .logout().and(); }
/** * Disables log out * @return the {@link ServerHttpSecurity} to continue configuring */ public ServerHttpSecurity disable() { ServerHttpSecurity.this.logout = null; return and(); }
/** * Configures what URL a POST to will trigger a log out. * @param logoutUrl the url to trigger a log out (i.e. "/signout" would mean a POST to "/signout" would trigger * log out) * @return the {@link LogoutSpec} to configure */ public LogoutSpec logoutUrl(String logoutUrl) { Assert.notNull(logoutUrl, "logoutUrl must not be null"); ServerWebExchangeMatcher requiresLogout = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, logoutUrl); return requiresLogout(requiresLogout); }
this.logout.configure(this);
/** * Configures log out. An example configuration can be found below: * * <pre class="code"> * @Bean * public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { * http * // ... * .logout() * // configures how log out is done * .logoutHandler(logoutHandler) * // log out will be performed on POST /signout * .logoutUrl("/signout") * // configure what is done on logout success * .logoutSuccessHandler(successHandler); * return http.build(); * } * </pre> * @return the {@link LogoutSpec} to customize */ public LogoutSpec logout() { if (this.logout == null) { this.logout = new LogoutSpec(); } return this.logout; }
protected void configure(ServerHttpSecurity http) { createLogoutHandler().ifPresent(this.logoutWebFilter::setLogoutHandler); http.addFilterAt(this.logoutWebFilter, SecurityWebFiltersOrder.LOGOUT); }
/** * Disables log out * @return the {@link ServerHttpSecurity} to continue configuring */ public ServerHttpSecurity disable() { ServerHttpSecurity.this.logout = null; return and(); }
@Bean(HTTPSECURITY_BEAN_NAME) @Scope("prototype") public ServerHttpSecurity httpSecurity() { ContextAwareServerHttpSecurity http = new ContextAwareServerHttpSecurity(); return http .authenticationManager(authenticationManager()) .headers().and() .logout().and(); }
/** * Configures what URL a POST to will trigger a log out. * @param logoutUrl the url to trigger a log out (i.e. "/signout" would mean a POST to "/signout" would trigger * log out) * @return the {@link LogoutSpec} to configure */ public LogoutSpec logoutUrl(String logoutUrl) { Assert.notNull(logoutUrl, "logoutUrl must not be null"); ServerWebExchangeMatcher requiresLogout = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, logoutUrl); return requiresLogout(requiresLogout); }
/** * Configures the logout handler. Default is {@code SecurityContextServerLogoutHandler} * @param logoutHandler * @return the {@link LogoutSpec} to configure */ public LogoutSpec logoutHandler(ServerLogoutHandler logoutHandler) { Assert.notNull(logoutHandler, "logoutHandler cannot be null"); this.logoutHandlers.clear(); return addLogoutHandler(logoutHandler); }
this.logout.configure(this);
.formLogin().and() .logout() .requiresLogout(ServerWebExchangeMatchers.pathMatchers("/custom-logout")) .and() .build();