org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler Java Examples
The following examples show how to use
org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: LogoutController.java From SpringSecurity-JWT-Vue-Deom with MIT License | 7 votes |
|
@GetMapping("/api/logout")
public ResultDetails logout(HttpServletRequest request, HttpServletResponse response) {
Cookie cookie = WebUtils.getCookie(request, TokenAuthenticationHelper.COOKIE_TOKEN);
Authentication authentication = TokenAuthenticationHelper.getAuthentication(request);
if (cookie != null) {
new SecurityContextLogoutHandler().logout(request, response, authentication);
cookie.setValue(null);
cookie.setMaxAge(0);
cookie.setPath("/");
cookie.setHttpOnly(true);
response.addCookie(cookie);
}
ResultDetails resultDetails = new ResultDetails();
resultDetails.setStatus(HttpStatus.OK.value());
resultDetails.setMessage("退出成功!");
resultDetails.setTimestamp(LocalDateTime.now());
return resultDetails;
}
Example #2
| Source File: AccoutJwtResource.java From albedo with GNU Lesser General Public License v3.0 | 7 votes |
|
/**
* @return org.springframework.http.ResponseEntity
* @description 登出
* @Param: [authHeader, request, response]
* @author somewhere
* @date 2020/5/30
*/
@AnonymousAccess
@GetMapping(value = "/logout")
@ApiOperation("登出")
public ResponseEntity logout(@RequestHeader(value = HttpHeaders.AUTHORIZATION, required = false) String authHeader,
HttpServletRequest request, HttpServletResponse response) {
String tokenValue = authHeader.replace("Bearer ", StrUtil.EMPTY).trim();
RedisUtil.delete(tokenValue);
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null) {
new SecurityContextLogoutHandler().logout(request, response, auth);
}
WebUtil.removeCookie(response, HttpHeaders.AUTHORIZATION);
request.getSession().invalidate();
return ResponseEntityBuilder.buildOk("退出登录成功");
}
Example #3
| Source File: SimpleSecurityConfiguration.java From tutorials with MIT License | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/cookies/**")
.authorizeRequests(authz -> authz.anyRequest().permitAll())
.logout(logout -> logout
.logoutUrl("/cookies/cookielogout")
.addLogoutHandler(new SecurityContextLogoutHandler())
.addLogoutHandler((request, response, auth) -> {
for (Cookie cookie : request.getCookies()) {
String cookieName = cookie.getName();
Cookie cookieToDelete = new Cookie(cookieName, null);
cookieToDelete.setMaxAge(0);
response.addCookie(cookieToDelete);
}
})
);
}
Example #4
| Source File: SecurityConfig.java From Spring with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
// .regexMatchers("/chief/.*").hasRole("CHIEF")
// .regexMatchers("/agent/.*").access("hasRole('USER') and principal.name='James Bond'")
.anyRequest().authenticated()
.and().httpBasic()
.and().requiresChannel().anyRequest().requiresSecure();
http.formLogin().loginPage("/login").permitAll();
http.exceptionHandling().accessDeniedPage("/accessDenied");
http
.logout()
.logoutUrl("/customlogout")
.logoutSuccessUrl("/")
.logoutSuccessHandler(new CustomLogoutSuccessHandler())
.invalidateHttpSession(true) //true by default
.addLogoutHandler(new SecurityContextLogoutHandler())
.deleteCookies("JSESSIONID");
}
Example #5
| Source File: SecurityConfig.java From Spring with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.regexMatchers("/chief/.*").hasRole("CHIEF")
.regexMatchers("/agent/.*").access("hasRole('USER') and principal.name='James Bond'")
.anyRequest().authenticated()
.and().httpBasic()
.and().requiresChannel().anyRequest().requiresSecure();
http.formLogin().loginPage("/login").permitAll();
http.exceptionHandling().accessDeniedPage("/accessDenied");
http
.logout()
.logoutUrl("/customlogout")
.logoutSuccessUrl("/")
.logoutSuccessHandler(new CustomLogoutSuccessHandler())
.invalidateHttpSession(true) //true by default
.addLogoutHandler(new SecurityContextLogoutHandler())
.deleteCookies("JSESSIONID");
}
Example #6
| Source File: SecurityConfig.java From Spring with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.regexMatchers("/chief/.*").hasRole("CHIEF")
.regexMatchers("/agent/.*").access("hasRole('USER') and principal.name='James Bond'")
.anyRequest().authenticated()
.and().httpBasic()
.and().requiresChannel().anyRequest().requiresSecure();
http.formLogin()
.loginPage("/login").permitAll();
http.exceptionHandling().accessDeniedPage("/accessDenied");
// http.logout();
http.logout()
.logoutUrl("/customlogout")
.logoutSuccessUrl("/")
.logoutSuccessHandler(new CustomLogoutSuccessHandler())
.invalidateHttpSession(true) //true by default
.addLogoutHandler(new SecurityContextLogoutHandler())
.deleteCookies("JSESSIONID");
}
Example #7
| Source File: LogoutConfigurerTest.java From spring-boot-security-saml with MIT License | 5 votes |
|
@Test
public void configure_defaults() throws Exception {
LogoutConfigurer configurer = spy(new LogoutConfigurer());
SimpleUrlLogoutSuccessHandler successHandler = mock(SimpleUrlLogoutSuccessHandler.class);
SecurityContextLogoutHandler localHandler = mock(SecurityContextLogoutHandler.class);
SecurityContextLogoutHandler globalHandler = mock(SecurityContextLogoutHandler.class);
when(configurer.createDefaultSuccessHandler()).thenReturn(successHandler);
when(configurer.createDefaultLocalHandler()).thenReturn(localHandler);
when(configurer.createDefaultGlobalHandler()).thenReturn(globalHandler);
configurer.init(builder);
configurer.configure(builder);
ArgumentCaptor<SAMLLogoutFilter> logoutFilterCaptor = ArgumentCaptor.forClass(SAMLLogoutFilter.class);
ArgumentCaptor<SAMLLogoutProcessingFilter> logoutProcessingFilterCaptor = ArgumentCaptor.forClass(SAMLLogoutProcessingFilter.class);
verify(builder).setSharedObject(eq(SAMLLogoutFilter.class), logoutFilterCaptor.capture());
verify(builder).setSharedObject(eq(SAMLLogoutProcessingFilter.class), logoutProcessingFilterCaptor.capture());
verify(logoutProperties).getDefaultTargetUrl();
verify(logoutProperties, times(2)).isInvalidateSession();
verify(logoutProperties, times(2)).isClearAuthentication();
verify(logoutProperties).getLogoutUrl();
verify(logoutProperties).getSingleLogoutUrl();
verify(successHandler).setDefaultTargetUrl(eq(logoutProperties.getDefaultTargetUrl()));
verify(localHandler).setClearAuthentication(eq(logoutProperties.isClearAuthentication()));
verify(localHandler).setInvalidateHttpSession(eq(logoutProperties.isInvalidateSession()));
verify(globalHandler).setClearAuthentication(eq(logoutProperties.isClearAuthentication()));
verify(globalHandler).setInvalidateHttpSession(eq(logoutProperties.isInvalidateSession()));
SAMLLogoutFilter logoutFilter = logoutFilterCaptor.getValue();
SAMLLogoutProcessingFilter logoutProcessingFilter = logoutProcessingFilterCaptor.getValue();
assertThat(logoutFilter).isNotNull();
assertThat(logoutProcessingFilter).isNotNull();
assertThat(logoutFilter.getFilterProcessesUrl()).isEqualTo(logoutProperties.getLogoutUrl());
assertThat(logoutProcessingFilter.getFilterProcessesUrl()).isEqualTo(logoutProperties.getSingleLogoutUrl());
assertThat(serviceProviderEndpoints.getLogoutURL()).isEqualTo(logoutProperties.getLogoutUrl());
assertThat(serviceProviderEndpoints.getSingleLogoutURL()).isEqualTo(logoutProperties.getSingleLogoutUrl());
}
Example #8
| Source File: LogoutController.java From Mastering-Spring-5.0 with MIT License | 5 votes |
|
@RequestMapping(value = "/secure/logout", method = RequestMethod.GET)
public String logout(HttpServletRequest request,
HttpServletResponse response) {
Authentication auth = SecurityContextHolder.getContext()
.getAuthentication();
if (auth != null) {
new SecurityContextLogoutHandler().logout(request, response, auth);
request.getSession().invalidate();
}
return "redirect:/secure/welcome";
}
Example #9
| Source File: CasConfig.java From Spring-Security-Third-Edition with MIT License | 5 votes |
|
/**
* Request single point exit filter
*/
@Bean
public LogoutFilter casLogoutFilter() {
LogoutFilter logoutFilter = new LogoutFilter(
casServerLogout,
new SecurityContextLogoutHandler());
logoutFilter.setFilterProcessesUrl("/logout");
return logoutFilter;
}
Example #10
| Source File: CasConfig.java From Spring-Security-Third-Edition with MIT License | 5 votes |
|
/**
* Request single point exit filter
*/
@Bean
public LogoutFilter casLogoutFilter() {
LogoutFilter logoutFilter = new LogoutFilter(
casServerLogout,
new SecurityContextLogoutHandler());
logoutFilter.setFilterProcessesUrl("/logout");
return logoutFilter;
}
Example #11
| Source File: CasConfig.java From Spring-Security-Third-Edition with MIT License | 5 votes |
|
/**
* Request single point exit filter
*/
@Bean
public LogoutFilter casLogoutFilter() {
LogoutFilter logoutFilter = new LogoutFilter(
casServerLogout,
new SecurityContextLogoutHandler());
logoutFilter.setFilterProcessesUrl("/logout");
return logoutFilter;
}
Example #12
| Source File: CasConfig.java From Spring-Security-Third-Edition with MIT License | 5 votes |
|
/**
* Request single point exit filter
*/
@Bean
public LogoutFilter casLogoutFilter() {
LogoutFilter logoutFilter = new LogoutFilter(
casServerLogout,
new SecurityContextLogoutHandler());
logoutFilter.setFilterProcessesUrl("/logout");
return logoutFilter;
}
Example #13
| Source File: CasConfig.java From Spring-Security-Third-Edition with MIT License | 5 votes |
|
/**
* Request single point exit filter
*/
@Bean
public LogoutFilter casLogoutFilter() {
LogoutFilter logoutFilter = new LogoutFilter(
casServerLogout,
new SecurityContextLogoutHandler());
logoutFilter.setFilterProcessesUrl("/logout");
return logoutFilter;
}
Example #14
| Source File: AbsController.java From jeesupport with MIT License | 5 votes |
|
@RequestMapping( "/${jees.webs.logout}" )
public String logout( HttpServletRequest _request, HttpServletResponse _response ){
log.debug( "--用户登出" );
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if( auth != null )
new SecurityContextLogoutHandler().logout( _request, _response, auth );
sessionRegistry.removeSessionInformation( _request.getSession().getId() );
return "redirect:/";
}
Example #15
| Source File: BaseWebSecurityConfig.java From jump-the-queue with Apache License 2.0 | 5 votes |
|
/**
* Create a simple filter that allows logout on a REST Url /services/rest/logout and returns a simple HTTP status 200
* ok.
*
* @return the filter.
*/
protected Filter getSimpleRestLogoutFilter() {
LogoutFilter logoutFilter = new LogoutFilter(new LogoutSuccessHandlerReturningOkHttpStatusCode(),
new SecurityContextLogoutHandler());
// configure logout for rest logouts
logoutFilter.setLogoutRequestMatcher(new AntPathRequestMatcher("/services/rest/logout"));
return logoutFilter;
}
Example #16
| Source File: AppController.java From template-spring-boot-oauth2-wso2-is with Apache License 2.0 | 5 votes |
|
/**
* NOTE that this method assumes that the user performing this action is authenticated.
* This is implied by the implementation, noting it here in addition to this.
*/
@RequestMapping(value="/logout", method = RequestMethod.GET)
public String logoutPage (HttpServletRequest request, HttpServletResponse response) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null) {
new SecurityContextLogoutHandler().logout(request, response, auth);
}
return "redirect:/";
}
Example #17
| Source File: LogoutController.java From Mastering-Spring-5.1 with MIT License | 5 votes |
|
@RequestMapping(value = "/secure/logout", method = RequestMethod.GET)
public String logout(HttpServletRequest request,
HttpServletResponse response) {
Authentication auth = SecurityContextHolder.getContext()
.getAuthentication();
if (auth != null) {
new SecurityContextLogoutHandler().logout(request, response, auth);
request.getSession().invalidate();
}
return "redirect:/secure/welcome";
}
Example #18
| Source File: LogoutConfigurerTest.java From spring-boot-security-saml with MIT License | 5 votes |
|
@Test
public void configure_handlers_defaults() throws Exception {
LogoutConfigurer configurer = new LogoutConfigurer();
SimpleUrlLogoutSuccessHandler successHandler = mock(SimpleUrlLogoutSuccessHandler.class);
SecurityContextLogoutHandler localHandler = mock(SecurityContextLogoutHandler.class);
SecurityContextLogoutHandler globalHandler = mock(SecurityContextLogoutHandler.class);
configurer
.successHandler(successHandler)
.localHandler(localHandler)
.globalHandler(globalHandler);
configurer.init(builder);
configurer.configure(builder);
ArgumentCaptor<SAMLLogoutFilter> logoutFilterCaptor = ArgumentCaptor.forClass(SAMLLogoutFilter.class);
ArgumentCaptor<SAMLLogoutProcessingFilter> logoutProcessingFilterCaptor = ArgumentCaptor.forClass(SAMLLogoutProcessingFilter.class);
verify(builder).setSharedObject(eq(SAMLLogoutFilter.class), logoutFilterCaptor.capture());
verify(builder).setSharedObject(eq(SAMLLogoutProcessingFilter.class), logoutProcessingFilterCaptor.capture());
verify(logoutProperties, never()).getDefaultTargetUrl();
verify(logoutProperties, never()).isInvalidateSession();
verify(logoutProperties, never()).isClearAuthentication();
verify(logoutProperties).getLogoutUrl();
verify(logoutProperties).getSingleLogoutUrl();
verifyZeroInteractions(successHandler, localHandler, globalHandler);
SAMLLogoutFilter logoutFilter = logoutFilterCaptor.getValue();
SAMLLogoutProcessingFilter logoutProcessingFilter = logoutProcessingFilterCaptor.getValue();
assertThat(logoutFilter).isNotNull();
assertThat(logoutProcessingFilter).isNotNull();
assertThat(logoutFilter.getFilterProcessesUrl()).isEqualTo(logoutProperties.getLogoutUrl());
assertThat(logoutProcessingFilter.getFilterProcessesUrl()).isEqualTo(logoutProperties.getSingleLogoutUrl());
assertThat(serviceProviderEndpoints.getLogoutURL()).isEqualTo(logoutProperties.getLogoutUrl());
assertThat(serviceProviderEndpoints.getSingleLogoutURL()).isEqualTo(logoutProperties.getSingleLogoutUrl());
}
Example #19
| Source File: LogoutConfigurerTest.java From spring-boot-security-saml with MIT License | 5 votes |
|
@Test
public void configure_arguments() throws Exception {
LogoutConfigurer configurer = spy(new LogoutConfigurer());
SimpleUrlLogoutSuccessHandler successHandler = mock(SimpleUrlLogoutSuccessHandler.class);
SecurityContextLogoutHandler localHandler = mock(SecurityContextLogoutHandler.class);
SecurityContextLogoutHandler globalHandler = mock(SecurityContextLogoutHandler.class);
when(configurer.createDefaultSuccessHandler()).thenReturn(successHandler);
when(configurer.createDefaultLocalHandler()).thenReturn(localHandler);
when(configurer.createDefaultGlobalHandler()).thenReturn(globalHandler);
configurer
.defaultTargetURL("/default")
.clearAuthentication(false)
.invalidateSession(true)
.logoutURL("/lo")
.singleLogoutURL("/slo");
configurer.init(builder);
configurer.configure(builder);
ArgumentCaptor<SAMLLogoutFilter> logoutFilterCaptor = ArgumentCaptor.forClass(SAMLLogoutFilter.class);
ArgumentCaptor<SAMLLogoutProcessingFilter> logoutProcessingFilterCaptor = ArgumentCaptor.forClass(SAMLLogoutProcessingFilter.class);
verify(builder).setSharedObject(eq(SAMLLogoutFilter.class), logoutFilterCaptor.capture());
verify(builder).setSharedObject(eq(SAMLLogoutProcessingFilter.class), logoutProcessingFilterCaptor.capture());
verify(logoutProperties, never()).getDefaultTargetUrl();
verify(logoutProperties, never()).isInvalidateSession();
verify(logoutProperties, never()).isClearAuthentication();
verify(logoutProperties, never()).getLogoutUrl();
verify(logoutProperties, never()).getSingleLogoutUrl();
verify(successHandler).setDefaultTargetUrl(eq("/default"));
verify(localHandler).setClearAuthentication(eq(false));
verify(localHandler).setInvalidateHttpSession(eq(true));
verify(globalHandler).setClearAuthentication(eq(false));
verify(globalHandler).setInvalidateHttpSession(eq(true));
SAMLLogoutFilter logoutFilter = logoutFilterCaptor.getValue();
SAMLLogoutProcessingFilter logoutProcessingFilter = logoutProcessingFilterCaptor.getValue();
assertThat(logoutFilter).isNotNull();
assertThat(logoutProcessingFilter).isNotNull();
assertThat(logoutFilter.getFilterProcessesUrl()).isEqualTo("/lo");
assertThat(logoutProcessingFilter.getFilterProcessesUrl()).isEqualTo("/slo");
assertThat(serviceProviderEndpoints.getLogoutURL()).isEqualTo("/lo");
assertThat(serviceProviderEndpoints.getSingleLogoutURL()).isEqualTo("/slo");
}
Example #20
| Source File: LogoutController.java From SpringMvcStepByStep with MIT License | 5 votes |
|
@RequestMapping(value = "/logout", method = RequestMethod.GET)
public String logout(HttpServletRequest request,
HttpServletResponse response) {
Authentication auth = SecurityContextHolder.getContext()
.getAuthentication();
if (auth != null) {
new SecurityContextLogoutHandler().logout(request, response, auth);
request.getSession().invalidate();
}
return "redirect:/";
}
Example #21
| Source File: SAMLConfig.java From spring-boot-security-saml-samples with MIT License | 5 votes |
|
@Bean
public SecurityContextLogoutHandler logoutHandler() {
SecurityContextLogoutHandler handler = new SecurityContextLogoutHandler();
//handler.setInvalidateHttpSession(true);
handler.setClearAuthentication(true);
return handler;
}
Example #22
| Source File: LogoutController.java From SpringMvcStepByStep with MIT License | 5 votes |
|
@RequestMapping(value = "/logout", method = RequestMethod.GET)
public String logout(HttpServletRequest request,
HttpServletResponse response) {
Authentication auth = SecurityContextHolder.getContext()
.getAuthentication();
if (auth != null) {
new SecurityContextLogoutHandler().logout(request, response, auth);
request.getSession().invalidate();
}
return "redirect:/";
}
Example #23
| Source File: SecurityConfiguration.java From demo-spring-security-cas with Apache License 2.0 | 5 votes |
|
@Bean
public LogoutFilter requestCasGlobalLogoutFilter() {
LogoutFilter logoutFilter = new LogoutFilter(env.getRequiredProperty(CAS_URL_LOGOUT) + "?service="
+ env.getRequiredProperty(APP_SERVICE_HOME), new SecurityContextLogoutHandler());
// logoutFilter.setFilterProcessesUrl("/logout");
// logoutFilter.setFilterProcessesUrl("/j_spring_cas_security_logout");
logoutFilter.setLogoutRequestMatcher(new AntPathRequestMatcher("/logout", "POST"));
return logoutFilter;
}
Example #24
| Source File: UserRestController.java From jakduk-api with MIT License | 5 votes |
|
@DeleteMapping("")
public EmptyJsonResponse deleteUser(
HttpServletRequest request,
HttpServletResponse response) {
SessionUser sessionUser = AuthUtils.getSessionProfile();
userService.deleteUser(sessionUser.getId());
// 참고 @{link http://websystique.com/spring-security/spring-security-4-logout-example/}
new SecurityContextLogoutHandler().logout(request, response, SecurityContextHolder.getContext().getAuthentication());
return EmptyJsonResponse.newInstance();
}
Example #25
| Source File: AuthController.java From tutorials with MIT License | 5 votes |
|
@GetMapping("/logout")
public String logout(HttpServletRequest request, HttpServletResponse response, SecurityContextLogoutHandler logoutHandler) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
CookieClearingLogoutHandler cookieClearingLogoutHandler = new CookieClearingLogoutHandler(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
cookieClearingLogoutHandler.logout(request, response, auth);
logoutHandler.logout(request, response, auth);
return "auth/logout";
}
Example #26
| Source File: LoginController.java From itweet-boot with Apache License 2.0 | 5 votes |
|
/**
* This method handles logout requests.
* Toggle the handlers if you are RememberMe functionality is useless in your app.
*/
@RequestMapping(value="/admin/logout", method = RequestMethod.GET)
public String logout(HttpServletRequest request, HttpServletResponse response) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null){
new SecurityContextLogoutHandler().logout(request, response, auth);
SecurityContextHolder.getContext().setAuthentication(null);
}
return "redirect:/admin/login";
}
Example #27
| Source File: LoginController.java From cola with MIT License | 5 votes |
|
@RequestMapping(value = "/logout", method = RequestMethod.GET)
public String logoutPage(HttpServletRequest request, HttpServletResponse response) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null) {
new SecurityContextLogoutHandler().logout(request, response, auth);
}
return "redirect:/login?logout";
}
Example #28
| Source File: CustomSpringSecurityFilterChain.java From Spring with Apache License 2.0 | 5 votes |
|
private static List<SecurityFilterChain> filterChains() {
final List<SecurityFilterChain> filterChain = new ArrayList<>();
final LogoutFilter customLogoutFilter =
new LogoutFilter(new CustomLogoutSuccessHandler(), new SecurityContextLogoutHandler());
customLogoutFilter.setFilterProcessesUrl("/customlogout");
filterChain.add(new DefaultSecurityFilterChain(
new AntPathRequestMatcher("/customlogout**"), customLogoutFilter));
return filterChain;
}
Example #29
| Source File: LogoutController.java From kubernetes-crash-course with MIT License | 5 votes |
|
@RequestMapping(value = "/logout", method = RequestMethod.GET)
public String logout(HttpServletRequest request,
HttpServletResponse response) {
Authentication authentication = SecurityContextHolder.getContext()
.getAuthentication();
if (authentication != null) {
new SecurityContextLogoutHandler().logout(request, response,
authentication);
}
return "redirect:/";
}
Example #30
| Source File: LogoutController.java From kubernetes-crash-course with MIT License | 5 votes |
|
@RequestMapping(value = "/logout", method = RequestMethod.GET)
public String logout(HttpServletRequest request,
HttpServletResponse response) {
Authentication authentication = SecurityContextHolder.getContext()
.getAuthentication();
if (authentication != null) {
new SecurityContextLogoutHandler().logout(request, response,
authentication);
}
return "redirect:/";
}
