From c1bdbec2b2d9158c9c210f77748d330812e28e2a Mon Sep 17 00:00:00 2001 From: Roman Zabaluev Date: Fri, 3 Jun 2022 16:36:06 +0400 Subject: [PATCH] Fix basic auth logout page (#2106) --- .../config/auth/BasicAuthSecurityConfig.java | 33 +++++++++++-------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/kafka-ui-api/src/main/java/com/provectus/kafka/ui/config/auth/BasicAuthSecurityConfig.java b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/config/auth/BasicAuthSecurityConfig.java index 4ee3e53b5b..6bd56a877f 100644 --- a/kafka-ui-api/src/main/java/com/provectus/kafka/ui/config/auth/BasicAuthSecurityConfig.java +++ b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/config/auth/BasicAuthSecurityConfig.java @@ -1,14 +1,18 @@ package com.provectus.kafka.ui.config.auth; import com.provectus.kafka.ui.util.EmptyRedirectStrategy; +import java.net.URI; import lombok.extern.log4j.Log4j2; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; +import org.springframework.security.config.web.server.SecurityWebFiltersOrder; import org.springframework.security.config.web.server.ServerHttpSecurity; import org.springframework.security.web.server.SecurityWebFilterChain; import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler; +import org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler; +import org.springframework.security.web.server.ui.LogoutPageGeneratingWebFilter; @Configuration @EnableWebFluxSecurity @@ -16,25 +20,28 @@ import org.springframework.security.web.server.authentication.RedirectServerAuth @Log4j2 public class BasicAuthSecurityConfig extends AbstractAuthSecurityConfig { + public static final String LOGIN_URL = "/auth"; + public static final String LOGOUT_URL = "/auth?logout"; + @Bean public SecurityWebFilterChain configure(ServerHttpSecurity http) { log.info("Configuring LOGIN_FORM authentication."); - http.authorizeExchange() - .pathMatchers(AUTH_WHITELIST) - .permitAll() - .anyExchange() - .authenticated(); - final RedirectServerAuthenticationSuccessHandler handler = new RedirectServerAuthenticationSuccessHandler(); - handler.setRedirectStrategy(new EmptyRedirectStrategy()); + final var authHandler = new RedirectServerAuthenticationSuccessHandler(); + authHandler.setRedirectStrategy(new EmptyRedirectStrategy()); - http - .httpBasic().and() - .formLogin() - .loginPage("/auth") - .authenticationSuccessHandler(handler); + final var logoutSuccessHandler = new RedirectServerLogoutSuccessHandler(); + logoutSuccessHandler.setLogoutSuccessUrl(URI.create(LOGOUT_URL)); - return http.csrf().disable().build(); + return http + .addFilterAfter(new LogoutPageGeneratingWebFilter(), SecurityWebFiltersOrder.REACTOR_CONTEXT) + .csrf().disable() + .authorizeExchange() + .pathMatchers(AUTH_WHITELIST).permitAll() + .anyExchange().authenticated() + .and().formLogin().loginPage(LOGIN_URL).authenticationSuccessHandler(authHandler) + .and().logout().logoutSuccessHandler(logoutSuccessHandler) + .and().build(); } }