/** * Specifies if {@link SecurityContextLogoutHandler} should clear the {@link Authentication} at the time of logout. * @param clearAuthentication true {@link SecurityContextLogoutHandler} should clear the {@link Authentication} (default), or false otherwise. * @return the {@link LogoutConfigurer} for further customization */ public LogoutConfigurer<H> clearAuthentication(boolean clearAuthentication) { contextLogoutHandler.setClearAuthentication(clearAuthentication); return this; }
/** * Configures {@link SecurityContextLogoutHandler} to invalidate the * {@link HttpSession} at the time of logout. * @param invalidateHttpSession true if the {@link HttpSession} should be invalidated * (default), or false otherwise. * @return the {@link LogoutConfigurer} for further customization */ public LogoutConfigurer<H> invalidateHttpSession(boolean invalidateHttpSession) { contextLogoutHandler.setInvalidateHttpSession(invalidateHttpSession); return this; }
private LogoutSuccessHandler createDefaultSuccessHandler() { SimpleUrlLogoutSuccessHandler urlLogoutHandler = new SimpleUrlLogoutSuccessHandler(); urlLogoutHandler.setDefaultTargetUrl(logoutSuccessUrl); if (defaultLogoutSuccessHandlerMappings.isEmpty()) { return urlLogoutHandler; } DelegatingLogoutSuccessHandler successHandler = new DelegatingLogoutSuccessHandler(defaultLogoutSuccessHandlerMappings); successHandler.setDefaultLogoutSuccessHandler(urlLogoutHandler); return successHandler; }
public void doLogout( HttpServletRequest request, HttpServletResponse response, String... skipHandlerName) throws IOException, ServletException { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (authentication != null) { List<LogoutHandler> logoutHandlers = calculateActiveLogoutHandlers(skipHandlerName); for (LogoutHandler h : logoutHandlers) { h.logout(request, response, authentication); } RememberMeServices rms = securityManager.getRememberMeService(); ((LogoutHandler) rms).logout(request, response, authentication); logoutHandler.logout(request, response, authentication); } String redirectUrl = (String) request.getAttribute(LOGOUT_REDIRECT_ATTR); if (StringUtils.hasLength(redirectUrl)) { SimpleUrlLogoutSuccessHandler h = new SimpleUrlLogoutSuccessHandler(); h.setDefaultTargetUrl(redirectUrl); h.onLogoutSuccess(request, response, authentication); return; } logoutSuccessHandler.onLogoutSuccess(request, response, authentication); }
@Override public void initializeFromConfig(SecurityNamedServiceConfig config) throws IOException { super.initializeFromConfig(config); logoutHandler = new SecurityContextLogoutHandler(); redirectUrl = ((LogoutFilterConfig) config).getRedirectURL(); logoutSuccessHandler = new SimpleUrlLogoutSuccessHandler(); if (StringUtils.hasLength(redirectUrl)) logoutSuccessHandler.setDefaultTargetUrl(redirectUrl); String formLogoutChain = (((LogoutFilterConfig) config).getFormLogoutChain() != null ? ((LogoutFilterConfig) config).getFormLogoutChain() : GeoServerSecurityFilterChain.FORM_LOGOUT_CHAIN); pathInfos = formLogoutChain.split(","); }
@Override protected void configure(HttpSecurity http) throws Exception { SimpleUrlLogoutSuccessHandler logoutSuccessHandler = new SimpleUrlLogoutSuccessHandler(); logoutSuccessHandler.setDefaultTargetUrl("/SuccessHandlerRefHttpLogoutConfig"); http .logout() .logoutSuccessHandler(logoutSuccessHandler); } }
new SecurityContextLogoutHandler().logout(request, response, auth);
/** * Creates the {@link LogoutFilter} using the {@link LogoutHandler} instances, the * {@link #logoutSuccessHandler(LogoutSuccessHandler)} and the * {@link #logoutUrl(String)}. * * @param http the builder to use * @return the {@link LogoutFilter} to use. * @throws Exception */ private LogoutFilter createLogoutFilter(H http) throws Exception { logoutHandlers.add(contextLogoutHandler); LogoutHandler[] handlers = logoutHandlers .toArray(new LogoutHandler[logoutHandlers.size()]); LogoutFilter result = new LogoutFilter(getLogoutSuccessHandler(), handlers); result.setLogoutRequestMatcher(getLogoutRequestMatcher(http)); result = postProcess(result); return result; }
@Override public void logout( HttpServletRequest request, HttpServletResponse response, Authentication authentication) { RememberMeServices rms = rms(); if (rms instanceof LogoutHandler) { ((LogoutHandler) rms).logout(request, response, authentication); } }
private void registerDefaultLogoutSuccessHandler(B http, RequestMatcher preferredMatcher) { LogoutConfigurer<B> logout = http .getConfigurer(LogoutConfigurer.class); if (logout == null) { return; } LogoutConfigurer<B> handler = logout.defaultLogoutSuccessHandlerFor( postProcess(new HttpStatusReturningLogoutSuccessHandler(HttpStatus.NO_CONTENT)), preferredMatcher); }
@Override protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) { String targetUrl = super.determineTargetUrl(request, response); return targetUrl; }
/** * Allows specifying the names of cookies to be removed on logout success. This is a * shortcut to easily invoke {@link #addLogoutHandler(LogoutHandler)} with a * {@link CookieClearingLogoutHandler}. * * @param cookieNamesToClear the names of cookies to be removed on logout success. * @return the {@link LogoutConfigurer} for further customization */ public LogoutConfigurer<H> deleteCookies(String... cookieNamesToClear) { return addLogoutHandler(new CookieClearingLogoutHandler(cookieNamesToClear)); }
@Override public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { RequestWrapper requestWrapper = new RequestWrapper(request); String relayState = request.getParameter("RelayState"); Map<String, String> params = JsonUtils.readValue(relayState, new TypeReference<Map<String, String>>() {}); if(params != null) { String redirect = params.get("redirect"); if(StringUtils.hasText(redirect)) { requestWrapper.setParameter("redirect", redirect); } String clientId = params.get("client_id"); if(StringUtils.hasText(clientId)) { requestWrapper.setParameter("client_id", clientId); } } wrappedHandler.onLogoutSuccess(requestWrapper, response, authentication); }
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); http.headers().frameOptions().sameOrigin(); http.authorizeRequests() .antMatchers("/openapi/**", "/vendor/**", "/styles/**", "/scripts/**", "/views/**", "/img/**").permitAll() .antMatchers("/**").authenticated(); http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic(); SimpleUrlLogoutSuccessHandler urlLogoutHandler = new SimpleUrlLogoutSuccessHandler(); urlLogoutHandler.setDefaultTargetUrl("/signin?#/logout"); http.logout().logoutUrl("/user/logout").invalidateHttpSession(true).clearAuthentication(true) .logoutSuccessHandler(urlLogoutHandler); http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin")); }
private LogoutSuccessHandler createDefaultSuccessHandler() { SimpleUrlLogoutSuccessHandler urlLogoutHandler = new SimpleUrlLogoutSuccessHandler(); urlLogoutHandler.setDefaultTargetUrl(logoutSuccessUrl); if (defaultLogoutSuccessHandlerMappings.isEmpty()) { return urlLogoutHandler; } DelegatingLogoutSuccessHandler successHandler = new DelegatingLogoutSuccessHandler(defaultLogoutSuccessHandlerMappings); successHandler.setDefaultLogoutSuccessHandler(urlLogoutHandler); return successHandler; }
public static void myLogoff(HttpServletRequest request, HttpServletResponse response) { CookieClearingLogoutHandler cookieClearingLogoutHandler = new CookieClearingLogoutHandler(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); SecurityContextLogoutHandler securityContextLogoutHandler = new SecurityContextLogoutHandler(); cookieClearingLogoutHandler.logout(request, response, null); securityContextLogoutHandler.logout(request, response, null); }
/** * Configures {@link SecurityContextLogoutHandler} to invalidate the * {@link HttpSession} at the time of logout. * @param invalidateHttpSession true if the {@link HttpSession} should be invalidated * (default), or false otherwise. * @return the {@link LogoutConfigurer} for further customization */ public LogoutConfigurer<H> invalidateHttpSession(boolean invalidateHttpSession) { contextLogoutHandler.setInvalidateHttpSession(invalidateHttpSession); return this; }
/** * Specifies if {@link SecurityContextLogoutHandler} should clear the {@link Authentication} at the time of logout. * @param clearAuthentication true {@link SecurityContextLogoutHandler} should clear the {@link Authentication} (default), or false otherwise. * @return the {@link LogoutConfigurer} for further customization */ public LogoutConfigurer<H> clearAuthentication(boolean clearAuthentication) { contextLogoutHandler.setClearAuthentication(clearAuthentication); return this; }
@Override protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) { String targetUrl = super.determineTargetUrl(request, response); if(isInternalRedirect(targetUrl, request)) { return targetUrl; } String defaultTargetUrl = getDefaultTargetUrl(); if (targetUrl.equals(defaultTargetUrl)) { return targetUrl; } Set<String> clientWhitelist = getClientWhitelist(request); Set<String> combinedWhitelist = combineSets(whitelist, clientWhitelist); String whiteListRedirect = findMatchingRedirectUri(combinedWhitelist, targetUrl, defaultTargetUrl); return whiteListRedirect; }
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); http.headers().frameOptions().sameOrigin(); http.authorizeRequests() .antMatchers("/openapi/**", "/vendor/**", "/styles/**", "/scripts/**", "/views/**", "/img/**").permitAll() .antMatchers("/**").hasAnyRole(USER_ROLE); http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic(); SimpleUrlLogoutSuccessHandler urlLogoutHandler = new SimpleUrlLogoutSuccessHandler(); urlLogoutHandler.setDefaultTargetUrl("/signin?#/logout"); http.logout().logoutUrl("/user/logout").invalidateHttpSession(true).clearAuthentication(true) .logoutSuccessHandler(urlLogoutHandler); http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin")); }