Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add DelegatingServerLogoutSuccessHandler #14813

Open
CrazyParanoid opened this issue Mar 27, 2024 · 3 comments
Open

Add DelegatingServerLogoutSuccessHandler #14813

CrazyParanoid opened this issue Mar 27, 2024 · 3 comments
Assignees
@jzheaux
Labels
in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement

Comments

@CrazyParanoid
Copy link

CrazyParanoid commented Mar 27, 2024
edited

Need to add DelegatingServerLogoutSuccessHandler, that iterates over multiple ServerLogoutSuccessHandler. This implementation of the ServerLogoutSuccessHandler would be very useful in cases where a redirect is not needed, but you need to return certain http code and, notify user about logout, and publish an event about successful logout:

DelegatingServerLogoutSuccessHandler handler = new DelegatingServerLogoutSuccessHandler(
new HttpStatusReturningServerLogoutSuccessHandler(HttpStatus.OK), 
new NotificationServerLogoutSuccessHandler(),
new AuditServerLogoutSuccessHandler());
@CrazyParanoid CrazyParanoid added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Mar 27, 2024
CrazyParanoid pushed a commit to CrazyParanoid/spring-security that referenced this issue Mar 27, 2024
Add DelegatingServerLogoutSuccessHandler.
60f176e 
Closes spring-projectsgh-14813
@CrazyParanoid CrazyParanoid mentioned this issue Mar 27, 2024
Closed
@jzheaux
Copy link
Contributor

jzheaux commented Apr 16, 2024

Thanks for the suggestion, @CrazyParanoid. Is there a reason that you are not using DelegatingServerLogoutHandler?

@jzheaux jzheaux added in: web An issue in web modules (web, webmvc) and removed status: waiting-for-triage An issue we've not yet triaged labels Apr 16, 2024
@jzheaux jzheaux self-assigned this Apr 16, 2024
@CrazyParanoid
Copy link
Author

Hi @jzheaux! Thanks for your feedback. Now this is exactly what I use:

    @Bean
    fun logoutHandler(): DelegatingServerLogoutHandler =
            DelegatingServerLogoutHandler(
                    NotificationServerLogoutHandler(),
                    AuditServerLogoutHandler(),
                    SecurityContextServerLogoutHandler(),
                    WebSessionServerLogoutHandler(),
                    HeaderWriterServerLogoutHandler(
                            ClearSiteDataServerHttpHeadersWriter(
                                    ClearSiteDataServerHttpHeadersWriter.Directive.COOKIES
                            )
                    )
            )

It seemed to me that notifications and events about a successful logout would be most correctly sent to the ServerLogoutSuccessHandler. In addition, support for continueOnError is required either in DelegatingServerLogoutSuccessHandler if it will be supported or in DelegatingServerLogoutHandler. This is very useful, for example, for circuit breaker triggers in handlers such as NotificationServerLogoutHandler, in my case, or any other errors caused by the infrastructure. Now I am forced to implement all this in my custom code.

@CrazyParanoid
Copy link
Author

For the same reason I need DelegatingAuthenticationSuccessHandler in a servlet-based application. And I see that such implementations of AuthenticationSuccessHandler are normal practice (example), but now you have to implement such components yourself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add DelegatingServerLogoutSuccessHandler. CrazyParanoid/spring-security
2 participants
@jzheaux @CrazyParanoid