Merge pull request #8875 from dev-chirag/master

BAEL3901 Clear Site Data Headers in Spring Security
This commit is contained in:
Eric Martin
2020-03-26 22:57:34 -05:00
committed by GitHub
5 changed files with 144 additions and 0 deletions
@@ -0,0 +1,16 @@
package com.baeldung.clearsitedata;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
@Controller
public class LogoutClearSiteDataController {
@GetMapping(value = "/baeldung/logout")
public ResponseEntity<String> logout(@PathVariable String name) {
return ResponseEntity.ok().build();
}
}
@@ -0,0 +1,35 @@
package com.baeldung.clearsitedata;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler;
import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter;
import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.CACHE;
import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.COOKIES;
import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.STORAGE;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf()
.disable()
.formLogin()
.loginPage("/login.html")
.loginProcessingUrl("/perform_login")
.defaultSuccessUrl("/homepage.html", true)
.and()
.logout().logoutUrl("/baeldung/logout")
.addLogoutHandler(new HeaderWriterLogoutHandler(
new ClearSiteDataHeaderWriter(CACHE, COOKIES, STORAGE)));
}
}
@@ -0,0 +1,19 @@
package com.baeldung.clearsitedata;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.CacheControl;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.mvc.WebContentInterceptor;
import java.util.concurrent.TimeUnit;
@EnableWebMvc
@Configuration
@ComponentScan(basePackages = {"com.baeldung.clearsitedata"})
public class WebConfig implements WebMvcConfigurer {
}