diff --git a/config/src/main/java/org/springframework/security/config/web/server/OidcBackChannelLogoutWebFilter.java b/config/src/main/java/org/springframework/security/config/web/server/OidcBackChannelLogoutWebFilter.java index 1922f90defe..e9be3aae9a8 100644 --- a/config/src/main/java/org/springframework/security/config/web/server/OidcBackChannelLogoutWebFilter.java +++ b/config/src/main/java/org/springframework/security/config/web/server/OidcBackChannelLogoutWebFilter.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -18,12 +18,12 @@ import java.util.Collections; -import jakarta.servlet.http.HttpServletResponse; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import reactor.core.publisher.Mono; import org.springframework.core.ResolvableType; +import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.codec.EncoderHttpMessageWriter; import org.springframework.http.codec.HttpMessageWriter; @@ -47,6 +47,7 @@ * A filter for the Client-side OIDC Back-Channel Logout endpoint * * @author Josh Cummings + * @author Andrey Litvitski * @since 6.2 * @see OIDC Back-Channel Logout @@ -108,7 +109,7 @@ public Mono filter(ServerWebExchange exchange, WebFilterChain chain) { private Mono handleAuthenticationFailure(ServerWebExchange exchange, Exception ex) { this.logger.debug("Failed to process OIDC Back-Channel Logout", ex); - exchange.getResponse().setRawStatusCode(HttpServletResponse.SC_BAD_REQUEST); + exchange.getResponse().setRawStatusCode(HttpStatus.BAD_REQUEST.value()); return this.errorHttpMessageConverter.write(Mono.just(oauth2Error(ex)), ResolvableType.forClass(Object.class), ResolvableType.forClass(Object.class), MediaType.APPLICATION_JSON, exchange.getRequest(), exchange.getResponse(), Collections.emptyMap()); diff --git a/config/src/main/java/org/springframework/security/config/web/server/OidcBackChannelServerLogoutHandler.java b/config/src/main/java/org/springframework/security/config/web/server/OidcBackChannelServerLogoutHandler.java index e31eb766d9d..5e71364b6df 100644 --- a/config/src/main/java/org/springframework/security/config/web/server/OidcBackChannelServerLogoutHandler.java +++ b/config/src/main/java/org/springframework/security/config/web/server/OidcBackChannelServerLogoutHandler.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,13 +22,13 @@ import java.util.Map; import java.util.concurrent.atomic.AtomicInteger; -import jakarta.servlet.http.HttpServletResponse; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import reactor.core.publisher.Mono; import org.springframework.core.ResolvableType; import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.http.codec.EncoderHttpMessageWriter; @@ -54,6 +54,7 @@ * Back-Channel Logout Token and invalidates each one. * * @author Josh Cummings + * @author Andrey Litvitski * @since 6.4 * @see OIDC Back-Channel Logout @@ -170,7 +171,7 @@ private OAuth2Error oauth2Error(Collection errors) { } private Mono handleLogoutFailure(ServerWebExchange exchange, OAuth2Error error) { - exchange.getResponse().setRawStatusCode(HttpServletResponse.SC_BAD_REQUEST); + exchange.getResponse().setRawStatusCode(HttpStatus.BAD_REQUEST.value()); return this.errorHttpMessageConverter.write(Mono.just(error), ResolvableType.forClass(Object.class), ResolvableType.forClass(Object.class), MediaType.APPLICATION_JSON, exchange.getRequest(), exchange.getResponse(), Collections.emptyMap());