0ct0pu5/kafka-ui
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix basic auth logout page (#2106)

Browse source
This commit is contained in:
Roman Zabaluev 2022-06-03 16:36:06 +04:00 committed by GitHub
parent 4b70cbbde4
commit c1bdbec2b2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
kafka-ui-api/src/main/java/com/provectus/kafka/ui/config/auth/BasicAuthSecurityConfig.java
View file

@ -1,14 +1,18 @@
package com.provectus.kafka.ui.config.auth;
import com.provectus.kafka.ui.util.EmptyRedirectStrategy;
import java.net.URI;
import lombok.extern.log4j.Log4j2;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler;
import org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler;
import org.springframework.security.web.server.ui.LogoutPageGeneratingWebFilter;
@Configuration
@EnableWebFluxSecurity
@ -16,25 +20,28 @@ import org.springframework.security.web.server.authentication.RedirectServerAuth
@Log4j2
public class BasicAuthSecurityConfig extends AbstractAuthSecurityConfig {
public static final String LOGIN_URL = "/auth";
public static final String LOGOUT_URL = "/auth?logout";
@Bean
public SecurityWebFilterChain configure(ServerHttpSecurity http) {
log.info("Configuring LOGIN_FORM authentication.");
http.authorizeExchange()
.pathMatchers(AUTH_WHITELIST)
.permitAll()
.anyExchange()
.authenticated();
final RedirectServerAuthenticationSuccessHandler handler = new RedirectServerAuthenticationSuccessHandler();
handler.setRedirectStrategy(new EmptyRedirectStrategy());
final var authHandler = new RedirectServerAuthenticationSuccessHandler();
authHandler.setRedirectStrategy(new EmptyRedirectStrategy());
http
.httpBasic().and()
.formLogin()
.loginPage("/auth")
.authenticationSuccessHandler(handler);
final var logoutSuccessHandler = new RedirectServerLogoutSuccessHandler();
logoutSuccessHandler.setLogoutSuccessUrl(URI.create(LOGOUT_URL));
return http.csrf().disable().build();
return http
.addFilterAfter(new LogoutPageGeneratingWebFilter(), SecurityWebFiltersOrder.REACTOR_CONTEXT)
.csrf().disable()
.authorizeExchange()
.pathMatchers(AUTH_WHITELIST).permitAll()
.anyExchange().authenticated()
.and().formLogin().loginPage(LOGIN_URL).authenticationSuccessHandler(authHandler)
.and().logout().logoutSuccessHandler(logoutSuccessHandler)
.and().build();
}
}