From 9b0503f3657a9dd29b1e6287ecb16353f4a48ee3 Mon Sep 17 00:00:00 2001
From: jerrypan44 <jerrypan44@gmail.com>
Date: Mon, 9 Dec 2019 13:36:22 +0000
Subject: [PATCH] implementing logout flow in spring security
---
docker/config/application.tmpl | 1 +
.../configuration/SecurityConfiguration.java | 52 ++++++++++++++++++-
src/main/resources/logback.xml | 6 ++-
3 files changed, 56 insertions(+), 3 deletions(-)
diff --git a/docker/config/application.tmpl b/docker/config/application.tmpl
index c05c497c1..0b8ee95bc 100644
--- a/docker/config/application.tmpl
+++ b/docker/config/application.tmpl
@@ -30,6 +30,7 @@ hbp:
clientSecret: {{ .Env.CLIENT_SECRET }}
accessTokenUri: {{ default .Env.TOKEN_URI "https://services.humanbrainproject.eu/oidc/token" }}
userAuthorizationUri: {{ default .Env.AUTH_URI "https://services.humanbrainproject.eu/oidc/authorize" }}
+ logoutUri: {{ default .Env.LOGOUT_URI }}
tokenName: access_token
authenticationScheme: query
clientAuthenticationScheme: form
diff --git a/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java b/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
index 9310be3de..675d5a2e0 100644
--- a/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
+++ b/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
@@ -53,6 +53,18 @@ import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
+//newlyadded for logout
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.MediaType;
+import org.springframework.http.RequestEntity;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.client.RestTemplate;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+import java.net.URI;
+
+
// See https://spring.io/guides/tutorials/spring-boot-oauth2/ for reference about configuring OAuth2 login
// also http://cscarioni.blogspot.ch/2013/04/pro-spring-security-and-oauth-2.html
@@ -76,6 +88,12 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
*/
@Value("#{'${frontend.loginUrl:/login/hbp}'}")
private String loginUrl;
+
+ /**
+ * Absolute URL to redirect to when logout is required
+ */
+ @Value("#{'${hbp.client.logoutUri:http://88.197.53.10:8095/auth/realms/Demo/protocol/openid-connect/logout}'}")
+ private String logoutUri;
/**
* Absolute URL to redirect to after successful login
@@ -94,6 +112,8 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
*/
@Value("#{'${hbp.resource.revokeTokenUri:https://services.humanbrainproject.eu/oidc/revoke}'}")
private String revokeTokenURI;
+
+
// @Autowired
// private HttpServletRequest request;
@@ -114,7 +134,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
//.anyRequest().authenticated()
.anyRequest().hasRole("Researcher")
.and().exceptionHandling().authenticationEntryPoint(new CustomLoginUrlAuthenticationEntryPoint(loginUrl))
- .and().logout().addLogoutHandler(new CustomLogoutHandler()).logoutSuccessUrl(redirectAfterLogoutUrl)
+ .and().logout().addLogoutHandler(authLogoutHandler()).logoutSuccessUrl(redirectAfterLogoutUrl)
.and().logout().permitAll()
.and().csrf().ignoringAntMatchers("/logout").csrfTokenRepository(csrfTokenRepository())
.and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
@@ -260,5 +280,35 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
return String.join(",", authorities);
}
}
+
+
+ private LogoutHandler authLogoutHandler() {
+ return (request, response, authentication) -> {
+ logout();
+ };
+ }
+
+
+ public void logout() {
+ // POSTã™ã‚‹ãƒªã‚¯ã‚¨ã‚¹ãƒˆãƒ‘ラメーターを作æˆ
+ UserActionLogging.LogAction("refresh token ", this.oauth2ClientContext.getAccessToken().getRefreshToken().getValue());
+ RestTemplate restTemplate = new RestTemplate();
+ MultiValueMap<String, String> formParams = new LinkedMultiValueMap<>();
+ formParams.add("client_id", hbp().getClientId());
+ // formParams.add("client_secret", registration.getClientSecret());
+ formParams.add("refresh_token", this.oauth2ClientContext.getAccessToken().getRefreshToken().getValue());
+ // リクエストヘッダーを作æˆ
+ HttpHeaders httpHeaders = new HttpHeaders();
+ httpHeaders.add(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE);
+ // リクエストを作æˆ
+ RequestEntity<MultiValueMap<String, String>> requestEntity =
+ new RequestEntity<>(formParams, httpHeaders, HttpMethod.POST,
+ //URI.create("http://88.197.53.10:8095/auth/realms/Demo/protocol/openid-connect/logout")); //todo make this parameter
+ URI.create(logoutUri)); //todo make this parameter
+ // POSTリクエストé€ä¿¡ï¼ˆãƒã‚°ã‚¢ã‚¦ãƒˆå®Ÿè¡Œï¼‰
+
+ ResponseEntity<String> responseEntity = restTemplate.exchange(requestEntity, String.class);
+ }
+
}
diff --git a/src/main/resources/logback.xml b/src/main/resources/logback.xml
index 3843fbca8..d1875652c 100644
--- a/src/main/resources/logback.xml
+++ b/src/main/resources/logback.xml
@@ -3,11 +3,13 @@
<file>logs/log1.txt</file>
<append>true</append>
<encoder>
- <pattern>%msg%n</pattern>
+ <pattern>%d{yyyy-MM-dd} %msg%n</pattern>
</encoder>
</appender>
-
+ <logger name="org.springframework">
+ <appender-ref ref="FILE1" />
+ </logger>
<logger name="eu.hbp.mip.utils" level="INFO" additivity="false">
<appender-ref ref="FILE1" />
</logger>
--
GitLab