From a99795d310f73ef05b2404ec0875f6131281301b Mon Sep 17 00:00:00 2001 From: nury-garryyev Date: Fri, 8 Jan 2021 12:00:11 +0500 Subject: [PATCH] SAML logout generic solution --- .gitignore | 3 ++ .../auth/impl/SAMLAuthenticationBackend.java | 3 -- .../security/WebSecurityConfig.java | 2 +- .../containerproxy/ui/LogoutController.java | 47 +++++++++++++++++++ 4 files changed, 51 insertions(+), 4 deletions(-) create mode 100644 src/main/java/eu/openanalytics/containerproxy/ui/LogoutController.java diff --git a/.gitignore b/.gitignore index 4fbe90b6..c37110cf 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ /target/ application.yml logs + +.idea +*.iml \ No newline at end of file diff --git a/src/main/java/eu/openanalytics/containerproxy/auth/impl/SAMLAuthenticationBackend.java b/src/main/java/eu/openanalytics/containerproxy/auth/impl/SAMLAuthenticationBackend.java index c4e1b056..9d5aa80d 100644 --- a/src/main/java/eu/openanalytics/containerproxy/auth/impl/SAMLAuthenticationBackend.java +++ b/src/main/java/eu/openanalytics/containerproxy/auth/impl/SAMLAuthenticationBackend.java @@ -79,9 +79,6 @@ public void configureHttpSecurity(HttpSecurity http, AuthorizedUrl anyRequestCon .addFilterBefore(metadataGeneratorFilter, ChannelProcessingFilter.class) .addFilterAfter(metadataDisplayFilter, MetadataGeneratorFilter.class) .addFilterAfter(samlFilter, BasicAuthenticationFilter.class); - http - .logout() - .disable(); } @Override diff --git a/src/main/java/eu/openanalytics/containerproxy/security/WebSecurityConfig.java b/src/main/java/eu/openanalytics/containerproxy/security/WebSecurityConfig.java index b3392695..44e5221e 100644 --- a/src/main/java/eu/openanalytics/containerproxy/security/WebSecurityConfig.java +++ b/src/main/java/eu/openanalytics/containerproxy/security/WebSecurityConfig.java @@ -135,7 +135,7 @@ protected void configure(HttpSecurity http) throws Exception { .loginPage("/login") .and() .logout() - .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) + .logoutRequestMatcher(new AntPathRequestMatcher("/simple/logout")) .addLogoutHandler(logoutHandler) .logoutSuccessUrl(auth.getLogoutSuccessURL()); diff --git a/src/main/java/eu/openanalytics/containerproxy/ui/LogoutController.java b/src/main/java/eu/openanalytics/containerproxy/ui/LogoutController.java new file mode 100644 index 00000000..e1a67876 --- /dev/null +++ b/src/main/java/eu/openanalytics/containerproxy/ui/LogoutController.java @@ -0,0 +1,47 @@ +/** + * ContainerProxy + * + * Copyright (C) 2016-2020 Open Analytics + * + * =========================================================================== + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the Apache License as published by + * The Apache Software Foundation, either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * Apache License for more details. + * + * You should have received a copy of the Apache License + * along with this program. If not, see + */ +package eu.openanalytics.containerproxy.ui; + +import eu.openanalytics.containerproxy.api.BaseController; +import eu.openanalytics.containerproxy.auth.IAuthenticationBackend; +import eu.openanalytics.containerproxy.auth.impl.SAMLAuthenticationBackend; + +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import javax.inject.Inject; + +@Controller +public class LogoutController extends BaseController { + + @Inject + private IAuthenticationBackend auth; + + @RequestMapping(value = "/logout", method = RequestMethod.GET) + public String logout() { + if (auth instanceof SAMLAuthenticationBackend) { + return "redirect:/saml/logout"; + } else { + return "redirect:/simple/logout"; + } + } +} \ No newline at end of file