We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
kafka-ui
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix basic auth logout page (#2106)

Roman Zabaluev 3 years ago
parent
4b70cbbde4
commit
c1bdbec2b2
1 changed files with 23 additions and 16 deletions
Split View Show Diff Stats
  1. 23 16
      kafka-ui-api/src/main/java/com/provectus/kafka/ui/config/auth/BasicAuthSecurityConfig.java

+ 23 - 16
kafka-ui-api/src/main/java/com/provectus/kafka/ui/config/auth/BasicAuthSecurityConfig.java
View File 

@@ -1,14 +1,18 @@
 
 package com.provectus.kafka.ui.config.auth;
 
 
 import com.provectus.kafka.ui.util.EmptyRedirectStrategy;
 
+import java.net.URI;
 
 import lombok.extern.log4j.Log4j2;
 
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 
 import org.springframework.context.annotation.Bean;
 
 import org.springframework.context.annotation.Configuration;
 
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 
+import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
 
 import org.springframework.security.config.web.server.ServerHttpSecurity;
 
 import org.springframework.security.web.server.SecurityWebFilterChain;
 
 import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler;
 
+import org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler;
 
+import org.springframework.security.web.server.ui.LogoutPageGeneratingWebFilter;
 
 
 @Configuration
 
 @EnableWebFluxSecurity
 
@@ -16,25 +20,28 @@ import org.springframework.security.web.server.authentication.RedirectServerAuth
 
 @Log4j2
 
 public class BasicAuthSecurityConfig extends AbstractAuthSecurityConfig {
 
 
+  public static final String LOGIN_URL = "/auth";
 
+  public static final String LOGOUT_URL = "/auth?logout";
 
+
 
   @Bean
 
   public SecurityWebFilterChain configure(ServerHttpSecurity http) {
 
     log.info("Configuring LOGIN_FORM authentication.");
 
-    http.authorizeExchange()
 
-        .pathMatchers(AUTH_WHITELIST)
 
-        .permitAll()
 
-        .anyExchange()
 
-        .authenticated();
 
-
 
-    final RedirectServerAuthenticationSuccessHandler handler = new RedirectServerAuthenticationSuccessHandler();
 
-    handler.setRedirectStrategy(new EmptyRedirectStrategy());
 
-
 
-    http
 
-        .httpBasic().and()
 
-        .formLogin()
 
-        .loginPage("/auth")
 
-        .authenticationSuccessHandler(handler);
 
-
 
-    return http.csrf().disable().build();
 
+
 
+    final var authHandler = new RedirectServerAuthenticationSuccessHandler();
 
+    authHandler.setRedirectStrategy(new EmptyRedirectStrategy());
 
+
 
+    final var logoutSuccessHandler = new RedirectServerLogoutSuccessHandler();
 
+    logoutSuccessHandler.setLogoutSuccessUrl(URI.create(LOGOUT_URL));
 
+
 
+    return http
 
+        .addFilterAfter(new LogoutPageGeneratingWebFilter(), SecurityWebFiltersOrder.REACTOR_CONTEXT)
 
+        .csrf().disable()
 
+        .authorizeExchange()
 
+        .pathMatchers(AUTH_WHITELIST).permitAll()
 
+        .anyExchange().authenticated()
 
+        .and().formLogin().loginPage(LOGIN_URL).authenticationSuccessHandler(authHandler)
 
+        .and().logout().logoutSuccessHandler(logoutSuccessHandler)
 
+        .and().build();
 
   }
 
 
 }

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5