-1

The addLogoutHandler is not working.

When visiting the API request /logout It still using the default handler CompositeLogoutHandler and SimpleUrlLogoutSuccessHandler.

logoutRequestMatcher,addLogoutHandler,logoutSuccessHandler are all not working.

I am using the spring-boot, part of the dependencies.

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.0.0.RELEASE</version>
        <relativePath/>
    </parent>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.security.oauth</groupId>
            <artifactId>spring-security-oauth2</artifactId>
            <version>2.0.15.RELEASE</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-jwt</artifactId>
            <version>1.0.9.RELEASE</version>
        </dependency>
    </dependencies>

@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();
        http.logout()
                .logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET"))
                .addLogoutHandler((request,response,authentication) -> System.out.println("=====1====="))
                .addLogoutHandler((request,response,authentication) -> System.out.println("=====2======"))
                .addLogoutHandler((request,response,authentication) -> System.out.println("=====3======"))
                .logoutSuccessHandler(((request, response, authentication) -> {
                    System.out.println("=====4=======");
                    response.sendRedirect("/html/logoutsuccess1.html");
                }))
                .clearAuthentication(true)
                .invalidateHttpSession(true);
    }

}

So how to make the customize LogoutHandler and LogoutSuccessHandler working.

buddha
  • 795
  • 5
  • 11
  • @BalusC **Comment is related to Edit History**, Need clarification. Spring security is a filter based framework, and also we can not use `spring-security` without `spring-mvc`. And spring-mvc is definitely java-ee component as entry point for spring-mvc is `dispatcher-servlet`. Definitely `spring-mvc` and `spring-security` belongs to `java-ee`. Please let me know if i am wrong. – PraveenKumar Lalasangi Nov 11 '19 at 16:15
  • 2
    @PraveenKumarLalasangi: nope, normally Spring is to be installed on a custom built servlet-based stack (e.g. Tomcat, Jetty, etc), not on a Java EE server (e.g. WildFly, TomEE, etc). Whilst Servlet is indeed part of Java EE, Spring is certainly not part of Java EE. See also https://stackoverflow.com/q/7295096 for explanation on Java EE and also https://javaee.github.io/javaee-spec/javadocs/ for confirmation that it doesn't contain anything Spring-related. – BalusC Nov 11 '19 at 16:16
  • @BalusC I agree about spring, but `spring-mvc` and `spring-security` we can not use outside `java-ee` server. Right? – PraveenKumar Lalasangi Nov 11 '19 at 16:23
  • 2
    That's not true. You can certainly use Spring on a non-Java EE-server such as Tomcat and Jetty. That's the whole idea behind Spring. See also the first link of my previous comment. – BalusC Nov 11 '19 at 16:23

1 Answers1

0

@EnableResourceServer Because I have added this annotation.

@Configuration public class ResourceServerConfiguration extends WebSecurityConfigurerAdapter implements Ordered {

In this class, it also configured the HttpSecurity.

buddha
  • 795
  • 5
  • 11