Remove obsolete OIDC logout handling (#1781)
Obsolete with removing th UI - no loging anymore Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com
This commit is contained in:
@@ -61,14 +61,8 @@ import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
|
|||||||
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
|
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
|
||||||
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
||||||
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
|
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
|
||||||
import org.springframework.security.web.authentication.logout.LogoutHandler;
|
|
||||||
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
|
|
||||||
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
|
|
||||||
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
|
|
||||||
import org.springframework.util.CollectionUtils;
|
import org.springframework.util.CollectionUtils;
|
||||||
import org.springframework.util.StringUtils;
|
import org.springframework.util.StringUtils;
|
||||||
import org.springframework.web.client.RestTemplate;
|
|
||||||
import org.springframework.web.util.UriComponentsBuilder;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Auto-configuration for OpenID Connect user management.
|
* Auto-configuration for OpenID Connect user management.
|
||||||
@@ -87,22 +81,6 @@ public class OidcUserManagementAutoConfiguration {
|
|||||||
return new OidcAuthenticationSuccessHandler(systemManagement, systemSecurityContext);
|
return new OidcAuthenticationSuccessHandler(systemManagement, systemSecurityContext);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* @return the logout success handler for OpenID Connect
|
|
||||||
*/
|
|
||||||
@Bean
|
|
||||||
public LogoutSuccessHandler oidcLogoutSuccessHandler() {
|
|
||||||
return new OidcLogoutSuccessHandler();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @return the OpenID Connect logout handler
|
|
||||||
*/
|
|
||||||
@Bean
|
|
||||||
public LogoutHandler oidcLogoutHandler() {
|
|
||||||
return new OidcLogoutHandler();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return a jwt authorities extractor which interprets the roles of a user
|
* @return a jwt authorities extractor which interprets the roles of a user
|
||||||
* as their authorities.
|
* as their authorities.
|
||||||
@@ -218,48 +196,6 @@ public class OidcUserManagementAutoConfiguration {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* LogoutHandler to invalidate OpenID Connect tokens
|
|
||||||
*/
|
|
||||||
private static class OidcLogoutHandler extends SecurityContextLogoutHandler {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void logout(final HttpServletRequest request, final HttpServletResponse response,
|
|
||||||
final Authentication authentication) {
|
|
||||||
super.logout(request, response, authentication);
|
|
||||||
|
|
||||||
final Object principal = authentication.getPrincipal();
|
|
||||||
if (principal instanceof OidcUser) {
|
|
||||||
final OidcUser user = (OidcUser) authentication.getPrincipal();
|
|
||||||
final String endSessionEndpoint = user.getIssuer() + "/protocol/openid-connect/logout";
|
|
||||||
|
|
||||||
final UriComponentsBuilder builder = UriComponentsBuilder.fromUriString(endSessionEndpoint)
|
|
||||||
.queryParam("id_token_hint", user.getIdToken().getTokenValue());
|
|
||||||
|
|
||||||
final RestTemplate restTemplate = new RestTemplate();
|
|
||||||
restTemplate.getForEntity(builder.toUriString(), String.class);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* LogoutSuccessHandler that decides where to redirect to after logout, depending on
|
|
||||||
* the previously used auth mechanism
|
|
||||||
*/
|
|
||||||
private static class OidcLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
|
|
||||||
throws IOException, ServletException {
|
|
||||||
if (authentication instanceof OAuth2AuthenticationToken) {
|
|
||||||
this.setTargetUrlParameter("/");
|
|
||||||
} else {
|
|
||||||
this.setTargetUrlParameter("login");
|
|
||||||
}
|
|
||||||
super.onLogoutSuccess(request, response, authentication);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Utility class to extract authorities out of the jwt. It interprets the user's
|
* Utility class to extract authorities out of the jwt. It interprets the user's
|
||||||
* role as their authorities.
|
* role as their authorities.
|
||||||
|
|||||||
Reference in New Issue
Block a user