Skip to content

Allow multiple ServerLogoutHandler instances in WebFlux #17381

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -3022,14 +3022,15 @@ public final class LogoutSpec {

private final SecurityContextServerLogoutHandler DEFAULT_LOGOUT_HANDLER = new SecurityContextServerLogoutHandler();

private List<ServerLogoutHandler> logoutHandlers = new ArrayList<>(Arrays.asList(this.DEFAULT_LOGOUT_HANDLER));
private List<ServerLogoutHandler> logoutHandlers = new ArrayList<>();

private LogoutSpec() {
}

/**
* Configures the logout handler. Default is
* {@code SecurityContextServerLogoutHandler}
* {@code SecurityContextServerLogoutHandler}. This clears any previous handlers
* configured.
* @param logoutHandler
* @return the {@link LogoutSpec} to configure
*/
Expand All @@ -3039,7 +3040,12 @@ public LogoutSpec logoutHandler(ServerLogoutHandler logoutHandler) {
return addLogoutHandler(logoutHandler);
}

private LogoutSpec addLogoutHandler(ServerLogoutHandler logoutHandler) {
/**
* Adds a logout handler in the last position.
* @param logoutHandler
* @return the {@link LogoutSpec} to configure
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will you please add @since 7.0

*/
public LogoutSpec addLogoutHandler(ServerLogoutHandler logoutHandler) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of exposing addLogoutHandler, would logout(Consumer<List<ServerLogoutHandler>> consumer) also service your needs? The reason this is nice it because it also allows you to remove values. Please see OneTimeTokenLogoutSpec#authenticationSuccessHandler for an example.

Assert.notNull(logoutHandler, "logoutHandler cannot be null");
this.logoutHandlers.add(logoutHandler);
return this;
Expand Down Expand Up @@ -3088,7 +3094,7 @@ private ServerLogoutHandler createLogoutHandler() {
this.DEFAULT_LOGOUT_HANDLER.setSecurityContextRepository(securityContextRepository);
}
if (this.logoutHandlers.isEmpty()) {
return null;
return DEFAULT_LOGOUT_HANDLER;
}
if (this.logoutHandlers.size() == 1) {
return this.logoutHandlers.get(0);
Expand Down
Loading