7 年之前 · 26f53a20b3
--- a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandler.java
@@ -0,0 +1,56 @@
 
				+/*
			
 
				+ * Copyright 2002-2018 the original author or authors.
			
 
				+ *
			
 
				+ * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				+ * you may not use this file except in compliance with the License.
			
 
				+ * You may obtain a copy of the License at
			
 
				+ *
			
 
				+ *      http://www.apache.org/licenses/LICENSE-2.0
			
 
				+ *
			
 
				+ * Unless required by applicable law or agreed to in writing, software
			
 
				+ * distributed under the License is distributed on an "AS IS" BASIS,
			
 
				+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
			
 
				+ * See the License for the specific language governing permissions and
			
 
				+ * limitations under the License.
			
 
				+ */
			
 
				+
			
 
				+package org.springframework.security.web.server.csrf;
			
 
				+
			
 
				+import org.springframework.security.core.Authentication;
			
 
				+import org.springframework.security.web.server.WebFilterExchange;
			
 
				+import org.springframework.security.web.server.authentication.logout.ServerLogoutHandler;
			
 
				+import org.springframework.util.Assert;
			
 
				+
			
 
				+import reactor.core.publisher.Mono;
			
 
				+
			
 
				+/**
			
 
				+ * {@link CsrfServerLogoutHandler} is in charge of removing the {@link CsrfToken} upon logout. A
			
 
				+ * new {@link CsrfToken} will then be generated by the framework upon the next request.
			
 
				+ *
			
 
				+ * @author Eric Deandrea
			
 
				+ * @since 5.1
			
 
				+ */
			
 
				+public class CsrfServerLogoutHandler implements ServerLogoutHandler {
			
 
				+	private final ServerCsrfTokenRepository csrfTokenRepository;
			
 
				+
			
 
				+	/**
			
 
				+	 * Creates a new instance
			
 
				+	 * @param csrfTokenRepository The {@link ServerCsrfTokenRepository} to use
			
 
				+	 */
			
 
				+	public CsrfServerLogoutHandler(ServerCsrfTokenRepository csrfTokenRepository) {
			
 
				+		Assert.notNull(csrfTokenRepository, "csrfTokenRepository cannot be null");
			
 
				+		this.csrfTokenRepository = csrfTokenRepository;
			
 
				+	}
			
 
				+
			
 
				+	/**
			
 
				+	 * Clears the {@link CsrfToken}
			
 
				+	 *
			
 
				+	 * @param exchange the exchange
			
 
				+	 * @param authentication the {@link Authentication}
			
 
				+	 * @return A completion notification (success or error)
			
 
				+	 */
			
 
				+	@Override
			
 
				+	public Mono<Void> logout(WebFilterExchange exchange, Authentication authentication) {
			
 
				+		return this.csrfTokenRepository.saveToken(exchange.getExchange(), null);
			
 
				+	}
			
 
				+}
			
--- a/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/csrf/CsrfServerLogoutHandlerTests.java
@@ -0,0 +1,62 @@
 
				+package org.springframework.security.web.server.csrf;
			
 
				+
			
 
				+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
			
 
				+import static org.mockito.Mockito.*;
			
 
				+
			
 
				+import org.junit.Before;
			
 
				+import org.junit.Test;
			
 
				+import org.junit.runner.RunWith;
			
 
				+import org.mockito.Mock;
			
 
				+import org.mockito.junit.MockitoJUnitRunner;
			
 
				+
			
 
				+import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
			
 
				+import org.springframework.mock.web.server.MockServerWebExchange;
			
 
				+import org.springframework.security.authentication.TestingAuthenticationToken;
			
 
				+import org.springframework.security.web.server.WebFilterExchange;
			
 
				+import org.springframework.web.server.WebFilterChain;
			
 
				+
			
 
				+import reactor.core.publisher.Mono;
			
 
				+
			
 
				+/**
			
 
				+ * @author Eric Deandrea
			
 
				+ * @since 5.1
			
 
				+ */
			
 
				+@RunWith(MockitoJUnitRunner.class)
			
 
				+public class CsrfServerLogoutHandlerTests {
			
 
				+	@Mock
			
 
				+	private ServerCsrfTokenRepository csrfTokenRepository;
			
 
				+
			
 
				+	@Mock
			
 
				+	private WebFilterChain filterChain;
			
 
				+
			
 
				+	private MockServerWebExchange exchange;
			
 
				+
			
 
				+	private WebFilterExchange filterExchange;
			
 
				+
			
 
				+	private CsrfServerLogoutHandler handler;
			
 
				+
			
 
				+	@Before
			
 
				+	public void setup() {
			
 
				+		this.exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
			
 
				+		this.filterExchange = new WebFilterExchange(this.exchange, this.filterChain);
			
 
				+		this.handler = new CsrfServerLogoutHandler(this.csrfTokenRepository);
			
 
				+		when(this.csrfTokenRepository.saveToken(this.exchange, null)).thenReturn(Mono.empty());
			
 
				+	}
			
 
				+
			
 
				+	@Test
			
 
				+	public void constructorNullCsrfTokenRepository() {
			
 
				+		assertThatExceptionOfType(IllegalArgumentException.class)
			
 
				+				.isThrownBy(() -> new CsrfServerLogoutHandler(null))
			
 
				+				.withMessage("csrfTokenRepository cannot be null")
			
 
				+				.withNoCause();
			
 
				+	}
			
 
				+
			
 
				+	@Test
			
 
				+	public void logoutRemovesCsrfToken() {
			
 
				+		this.handler.logout(
			
 
				+				this.filterExchange,
			
 
				+				new TestingAuthenticationToken("user", "password", "ROLE_USER")).block();
			
 
				+
			
 
				+		verify(this.csrfTokenRepository).saveToken(this.exchange, null);
			
 
				+	}
			
 
				+}