iSharkFly-Docs/java-tutorials
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bael 3970 (#9132)

Browse Source 
* Manual logout with Spring Security
- Basic manual logout
- logout with Clear Data Site Header

* Add missing annotation for controller. Change mapping URL value.

* Add intergration tests for manual logouts.

* BAEL-3970 - Add asserts on test. Fix tests names. Remove unused imports.

* BAEL-3970 - Use PostMapping annotation. Remove unnecessary information for security configuration.

* remove logout controllers

* Add multiple entrypoints configurations. Create custom handlers for different logouts (basic, cookie clearing, clear-site-data).

* Refactor configuration with lambda DSL.
This commit is contained in:
SippingCode
2020-04-30 08:16:05 +02:00
committed by GitHub
parent 9ae7596d5e
commit 2c99a832cd
4 changed files with 84 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files
spring-5-security/src/test/java/com/baeldung/manuallogout/ManualLogoutIntegrationTest.java
+19 -5
View File
@@ -7,6 +7,7 @@ import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.web.servlet.MockMvc;
@@ -36,7 +37,22 @@ public class ManualLogoutIntegrationTest {
@WithMockUser(value = "spring")
@Test
public void givenLoggedUserWhenUserLogoutThenSessionCleared() throws Exception {
public void givenLoggedUserWhenUserLogoutThenSessionClearedAndNecessaryCookieCleared() throws Exception {
MockHttpServletRequest requestStateAfterLogout = this.mockMvc.perform(post("/basic/basiclogout").secure(true).with(csrf()))
.andExpect(status().is3xxRedirection())
.andExpect(unauthenticated())
.andExpect(cookie().maxAge(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 0))
.andReturn()
.getRequest();
HttpSession sessionStateAfterLogout = requestStateAfterLogout.getSession();
assertNull(sessionStateAfterLogout.getAttribute(ATTRIBUTE_NAME));
}
@WithMockUser(value = "spring")
@Test
public void givenLoggedUserWhenUserLogoutThenSessionClearedAndAllCookiesCleared() throws Exception {
MockHttpSession session = new MockHttpSession();
session.setAttribute(ATTRIBUTE_NAME, ATTRIBUTE_VALUE);
@@ -44,7 +60,7 @@ public class ManualLogoutIntegrationTest {
Cookie randomCookie = new Cookie(COOKIE_NAME, COOKIE_VALUE);
randomCookie.setMaxAge(EXPIRY); // 10 minutes
MockHttpServletRequest requestStateAfterLogout = this.mockMvc.perform(post("/basiclogout").secure(true).with(csrf()).session(session).cookie(randomCookie))
MockHttpServletRequest requestStateAfterLogout = this.mockMvc.perform(post("/cookies/cookielogout").secure(true).with(csrf()).session(session).cookie(randomCookie))
.andExpect(status().is3xxRedirection())
.andExpect(unauthenticated())
.andExpect(cookie().maxAge(COOKIE_NAME, 0))
@@ -53,15 +69,13 @@ public class ManualLogoutIntegrationTest {
HttpSession sessionStateAfterLogout = requestStateAfterLogout.getSession();
assertNull(sessionStateAfterLogout.getAttribute(ATTRIBUTE_NAME));
}
@WithMockUser(value = "spring")
@Test
public void givenLoggedUserWhenUserLogoutThenClearDataSiteHeaderPresent() throws Exception {
this.mockMvc.perform(post("/csdlogout").secure(true).with(csrf()))
this.mockMvc.perform(post("/csd/csdlogout").secure(true).with(csrf()))
.andDo(print())
.andExpect(status().is3xxRedirection())
.andExpect(header().exists(CLEAR_SITE_DATA_HEADER))