0ct0pu5/kafka-ui
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix basic auth logout page (#2106)

Browse source
This commit is contained in:
Roman Zabaluev 2022-06-03 16:36:06 +04:00 committed by GitHub
parent 4b70cbbde4
commit c1bdbec2b2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
kafka-ui-api/src/main/java/com/provectus/kafka/ui/config/auth/BasicAuthSecurityConfig.java
View file

@ -1,14 +1,18 @@
package com.provectus.kafka.ui.config.auth; package com.provectus.kafka.ui.config.auth;
import com.provectus.kafka.ui.util.EmptyRedirectStrategy; import com.provectus.kafka.ui.util.EmptyRedirectStrategy;
import java.net.URI;
import lombok.extern.log4j.Log4j2; import lombok.extern.log4j.Log4j2;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
import org.springframework.security.config.web.server.ServerHttpSecurity; import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain; import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler; import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler;
import org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler;
import org.springframework.security.web.server.ui.LogoutPageGeneratingWebFilter;
@Configuration @Configuration
@EnableWebFluxSecurity @EnableWebFluxSecurity
@ -16,25 +20,28 @@ import org.springframework.security.web.server.authentication.RedirectServerAuth
@Log4j2 @Log4j2
public class BasicAuthSecurityConfig extends AbstractAuthSecurityConfig { public class BasicAuthSecurityConfig extends AbstractAuthSecurityConfig {
public static final String LOGIN_URL = "/auth";
public static final String LOGOUT_URL = "/auth?logout";
@Bean @Bean
public SecurityWebFilterChain configure(ServerHttpSecurity http) { public SecurityWebFilterChain configure(ServerHttpSecurity http) {
log.info("Configuring LOGIN_FORM authentication."); log.info("Configuring LOGIN_FORM authentication.");
http.authorizeExchange()
.pathMatchers(AUTH_WHITELIST)
.permitAll()
.anyExchange()
.authenticated();
final RedirectServerAuthenticationSuccessHandler handler = new RedirectServerAuthenticationSuccessHandler(); final var authHandler = new RedirectServerAuthenticationSuccessHandler();
handler.setRedirectStrategy(new EmptyRedirectStrategy()); authHandler.setRedirectStrategy(new EmptyRedirectStrategy());
http final var logoutSuccessHandler = new RedirectServerLogoutSuccessHandler();
.httpBasic().and() logoutSuccessHandler.setLogoutSuccessUrl(URI.create(LOGOUT_URL));
.formLogin()
.loginPage("/auth")
.authenticationSuccessHandler(handler);
return http.csrf().disable().build(); return http
.addFilterAfter(new LogoutPageGeneratingWebFilter(), SecurityWebFiltersOrder.REACTOR_CONTEXT)
.csrf().disable()
.authorizeExchange()
.pathMatchers(AUTH_WHITELIST).permitAll()
.anyExchange().authenticated()
.and().formLogin().loginPage(LOGIN_URL).authenticationSuccessHandler(authHandler)
.and().logout().logoutSuccessHandler(logoutSuccessHandler)
.and().build();
} }
} }