security work

Author: eugenp

spring-security-login/src/main/java/org/baeldung/spring/security/CustomLogoutSuccessHandler.java

@@ -0,0 +1,29 @@
+package org.baeldung.spring.security;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
+import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
+
+public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler implements LogoutSuccessHandler {
+
+    public CustomLogoutSuccessHandler() {
+        super();
+    }
+
+    // API
+
+    @Override
+    public void onLogoutSuccess(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws IOException, ServletException {
+        final String refererUrl = request.getHeader("Referer");
+        System.out.println(refererUrl);
+
+        super.onLogoutSuccess(request, response, authentication);
+    }
+
+}

spring-security-login/src/main/java/org/baeldung/spring/web/config/ClientWebConfig.java

@@ -13,28 +13,30 @@
 @Configuration
 public class ClientWebConfig extends WebMvcConfigurerAdapter {
 
-	public ClientWebConfig() {
-		super();
-	}
+    public ClientWebConfig() {
+        super();
+    }
 
-	// API
+    // API
 
-	@Override
-	public void addViewControllers(final ViewControllerRegistry registry) {
-		super.addViewControllers(registry);
+    @Override
+    public void addViewControllers(final ViewControllerRegistry registry) {
+        super.addViewControllers(registry);
 
-		registry.addViewController("/login.html");
-		registry.addViewController("/homepage.html");
-	}
+        registry.addViewController("/anonymous.html");
 
-	@Bean
-	public ViewResolver viewResolver() {
-		final InternalResourceViewResolver bean = new InternalResourceViewResolver();
+        registry.addViewController("/login.html");
+        registry.addViewController("/homepage.html");
+    }
 
-		bean.setViewClass(JstlView.class);
-		bean.setPrefix("/WEB-INF/view/");
-		bean.setSuffix(".jsp");
+    @Bean
+    public ViewResolver viewResolver() {
+        final InternalResourceViewResolver bean = new InternalResourceViewResolver();
 
-		return bean;
-	}
+        bean.setViewClass(JstlView.class);
+        bean.setPrefix("/WEB-INF/view/");
+        bean.setSuffix(".jsp");
+
+        return bean;
+    }
 }

spring-security-login/src/main/resources/webSecurityConfig.xml

@@ -5,9 +5,14 @@
 		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
 		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd">
 
-	<http use-expressions="true">
-		<intercept-url pattern="/login*" access="permitAll" />
-		<intercept-url pattern="/**" access="isAuthenticated()" />
+    <debug/>
+    
+	<http use-expressions="true" >
+		<intercept-url pattern="/anonymous*" access="isAnonymous()" />
+		
+        <intercept-url pattern="/login*" access="permitAll" />
+        
+        <intercept-url pattern="/**" access="isAuthenticated()" />
 
 		<form-login 
 			login-page='/login.html' 
@@ -16,9 +21,14 @@
 			authentication-failure-url="/login.html?error=true" 
 			always-use-default-target="true"/>
 
-            <logout/>
-
+            <logout 
+            	logout-url="/perform_logout"
+                delete-cookies="JSESSIONID"
+                success-handler-ref="customLogoutSuccessHandler" />
+            
 	</http>
+    
+    <beans:bean name="customLogoutSuccessHandler" class="org.baeldung.spring.security.CustomLogoutSuccessHandler" />
 
 	<authentication-manager>
 		<authentication-provider>

spring-security-login/src/main/webapp/WEB-INF/view/anonymous.jsp

@@ -0,0 +1,10 @@
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<html>
+<head></head>
+
+<body>
+	<h1>Anonymous page</h1>
+
+	<a href="<c:url value="/login.html" />">To Login</a>
+</body>
+</html>

spring-security-login/src/main/webapp/WEB-INF/view/homepage.jsp

@@ -4,6 +4,6 @@
 
 <body>
 	<h1>This is the body of the sample view</h1>
-	<a href="<c:url value="j_spring_security_logout" />"> Logout</a>
+	<a href="<c:url value="/perform_logout" />">Logout</a>
 </body>
 </html>

spring-security-login/src/main/webapp/WEB-INF/web.xml

@@ -45,8 +45,8 @@
 		<url-pattern>/*</url-pattern>
 	</filter-mapping>
 
-	<welcome-file-list>
-		<welcome-file>index.html</welcome-file>
-	</welcome-file-list>
+<!-- 	<welcome-file-list> -->
+<!-- 		<welcome-file>index.html</welcome-file> -->
+<!-- 	</welcome-file-list> -->
 
 </web-app>