Class AuthenticationLogoutHandler
java.lang.Object
com.broadleafcommerce.auth.user.web.logout.AuthenticationLogoutHandler
- All Implemented Interfaces:
org.springframework.security.web.authentication.logout.LogoutHandler
public class AuthenticationLogoutHandler
extends Object
implements org.springframework.security.web.authentication.logout.LogoutHandler
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected AuthorizedClientfindClient(String clientId) protected AuthorizationServerfindServer(AuthorizedClient client) protected AuthorizationServerService<AuthorizationServer>protected AuthorizedClientService<AuthorizedClient>protected RememberMeLogoutHandlerDelegateprotected StatelessUtilprotected StringgetStringClaim(String claimName, Map<String, Object> claims) voidlogout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authentication) protected voidrevokeOAuth2AuthorizedClientIfApplicable(Map<String, Object> existingSessionCookieClaims, AuthorizedClient authorizedClient, AuthorizationServer authorizationServer) Revokes any 3rd Party IDP Login state, if applicable.voidsetAuthorizationServerService(AuthorizationServerService<AuthorizationServer> authorizationServerService) voidsetAuthorizedClientService(AuthorizedClientService<AuthorizedClient> authorizedClientService) voidsetOAuth2AuthorizedClientEntityService(OAuth2AuthorizedClientEntityService<OAuth2AuthorizedClientEntity> oAuth2AuthorizedClientEntityService) voidsetRememberMeLogoutHandlerDelegate(RememberMeLogoutHandlerDelegate rememberMeLogoutHandlerDelegate)
-
Constructor Details
-
AuthenticationLogoutHandler
-
-
Method Details
-
logout
public void logout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authentication) - Specified by:
logoutin interfaceorg.springframework.security.web.authentication.logout.LogoutHandler
-
revokeOAuth2AuthorizedClientIfApplicable
protected void revokeOAuth2AuthorizedClientIfApplicable(Map<String, Object> existingSessionCookieClaims, AuthorizedClient authorizedClient, AuthorizationServer authorizationServer) Revokes any 3rd Party IDP Login state, if applicable.We cannot use
OAuth2AuthorizedClientRepository.removeAuthorizedClient(String, Authentication, HttpServletRequest, HttpServletResponse), because it typically expects something likeOAuth2LoginAuthenticationTokenas the authentication argument. However, in this logout handler, theAuthenticationwe get will be null since the logout filter does not have any security on it.Thus, we invoke
OAuth2AuthorizedClientEntityServicedirectly with parameters we harvest from other sources.- Parameters:
existingSessionCookieClaims- a map of claims harvested from the existing Broadleaf session cookieauthorizedClient- theAuthorizedClientthat this logout is being initiated forauthorizationServer- theAuthorizationServerunder which theauthorizedClientexists
-
getStringClaim
-
findClient
-
findServer
-
getSessionUtil
-
setOAuth2AuthorizedClientEntityService
@Autowired public void setOAuth2AuthorizedClientEntityService(OAuth2AuthorizedClientEntityService<OAuth2AuthorizedClientEntity> oAuth2AuthorizedClientEntityService) -
getOAuth2AuthorizedClientEntityService
protected OAuth2AuthorizedClientEntityService<OAuth2AuthorizedClientEntity> getOAuth2AuthorizedClientEntityService() -
setAuthorizedClientService
@Autowired public void setAuthorizedClientService(AuthorizedClientService<AuthorizedClient> authorizedClientService) -
getAuthorizedClientService
-
setAuthorizationServerService
@Autowired public void setAuthorizationServerService(AuthorizationServerService<AuthorizationServer> authorizationServerService) -
getAuthorizationServerService
-
setRememberMeLogoutHandlerDelegate
@Autowired(required=false) public void setRememberMeLogoutHandlerDelegate(RememberMeLogoutHandlerDelegate rememberMeLogoutHandlerDelegate) -
getRememberMeLogoutHandlerDelegate
-