8 years ago · 95de158909
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandler.java
@@ -0,0 +1,56 @@
 
				+/*
			
 
				+ * Copyright 2002-2017 the original author or authors.
			
 
				+ *
			
 
				+ * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				+ * you may not use this file except in compliance with the License.
			
 
				+ * You may obtain a copy of the License at
			
 
				+ *
			
 
				+ *      http://www.apache.org/licenses/LICENSE-2.0
			
 
				+ *
			
 
				+ * Unless required by applicable law or agreed to in writing, software
			
 
				+ * distributed under the License is distributed on an "AS IS" BASIS,
			
 
				+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
			
 
				+ * See the License for the specific language governing permissions and
			
 
				+ * limitations under the License.
			
 
				+ */
			
 
				+
			
 
				+package org.springframework.security.web.authentication.logout;
			
 
				+
			
 
				+import java.io.IOException;
			
 
				+
			
 
				+import javax.servlet.ServletException;
			
 
				+import javax.servlet.http.HttpServletRequest;
			
 
				+import javax.servlet.http.HttpServletResponse;
			
 
				+
			
 
				+import org.springframework.security.core.Authentication;
			
 
				+import org.springframework.security.web.util.UrlUtils;
			
 
				+import org.springframework.util.Assert;
			
 
				+
			
 
				+/**
			
 
				+ * {@link LogoutSuccessHandler} implementation that will perform a request dispatcher
			
 
				+ * "forward" to the specified target URL.
			
 
				+ *
			
 
				+ * @author Vedran Pavic
			
 
				+ * @since 5.0
			
 
				+ */
			
 
				+public class ForwardLogoutSuccessHandler implements LogoutSuccessHandler {
			
 
				+
			
 
				+	private final String targetUrl;
			
 
				+
			
 
				+	/**
			
 
				+	 * Construct a new {@link ForwardLogoutSuccessHandler} with the given target URL.
			
 
				+	 * @param targetUrl the target URL
			
 
				+	 */
			
 
				+	public ForwardLogoutSuccessHandler(String targetUrl) {
			
 
				+		Assert.isTrue(UrlUtils.isValidRedirectUrl(targetUrl), "'" + targetUrl
			
 
				+				+ "' is not a valid target URL");
			
 
				+		this.targetUrl = targetUrl;
			
 
				+	}
			
 
				+
			
 
				+	@Override
			
 
				+	public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response,
			
 
				+			Authentication authentication) throws IOException, ServletException {
			
 
				+		request.getRequestDispatcher(this.targetUrl).forward(request, response);
			
 
				+	}
			
 
				+
			
 
				+}
			
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/ForwardLogoutSuccessHandlerTests.java
@@ -0,0 +1,73 @@
 
				+/*
			
 
				+ * Copyright 2002-2017 the original author or authors.
			
 
				+ *
			
 
				+ * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				+ * you may not use this file except in compliance with the License.
			
 
				+ * You may obtain a copy of the License at
			
 
				+ *
			
 
				+ *      http://www.apache.org/licenses/LICENSE-2.0
			
 
				+ *
			
 
				+ * Unless required by applicable law or agreed to in writing, software
			
 
				+ * distributed under the License is distributed on an "AS IS" BASIS,
			
 
				+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
			
 
				+ * See the License for the specific language governing permissions and
			
 
				+ * limitations under the License.
			
 
				+ */
			
 
				+
			
 
				+package org.springframework.security.web.authentication.logout;
			
 
				+
			
 
				+import org.junit.Rule;
			
 
				+import org.junit.Test;
			
 
				+import org.junit.rules.ExpectedException;
			
 
				+import org.springframework.mock.web.MockHttpServletRequest;
			
 
				+import org.springframework.mock.web.MockHttpServletResponse;
			
 
				+import org.springframework.security.core.Authentication;
			
 
				+
			
 
				+import static org.assertj.core.api.Assertions.assertThat;
			
 
				+import static org.mockito.Mockito.mock;
			
 
				+
			
 
				+/**
			
 
				+ * Tests for {@link ForwardLogoutSuccessHandler}.
			
 
				+ *
			
 
				+ * @author Vedran Pavic
			
 
				+ */
			
 
				+public class ForwardLogoutSuccessHandlerTests {
			
 
				+
			
 
				+	@Rule
			
 
				+	public ExpectedException thrown = ExpectedException.none();
			
 
				+
			
 
				+	@Test
			
 
				+	public void invalidTargetUrl() {
			
 
				+		String targetUrl = "not.valid";
			
 
				+
			
 
				+		this.thrown.expect(IllegalArgumentException.class);
			
 
				+		this.thrown.expectMessage("'" + targetUrl + "' is not a valid target URL");
			
 
				+
			
 
				+		new ForwardLogoutSuccessHandler(targetUrl);
			
 
				+	}
			
 
				+
			
 
				+	@Test
			
 
				+	public void emptyTargetUrl() {
			
 
				+		String targetUrl = " ";
			
 
				+
			
 
				+		this.thrown.expect(IllegalArgumentException.class);
			
 
				+		this.thrown.expectMessage("'" + targetUrl + "' is not a valid target URL");
			
 
				+
			
 
				+		new ForwardLogoutSuccessHandler(targetUrl);
			
 
				+	}
			
 
				+
			
 
				+	@Test
			
 
				+	public void logoutSuccessIsHandled() throws Exception {
			
 
				+		String targetUrl = "/login?logout";
			
 
				+		ForwardLogoutSuccessHandler handler = new ForwardLogoutSuccessHandler(targetUrl);
			
 
				+
			
 
				+		MockHttpServletRequest request = new MockHttpServletRequest();
			
 
				+		MockHttpServletResponse response = new MockHttpServletResponse();
			
 
				+		Authentication authentication = mock(Authentication.class);
			
 
				+
			
 
				+		handler.onLogoutSuccess(request, response, authentication);
			
 
				+
			
 
				+		assertThat(response.getForwardedUrl()).isEqualTo(targetUrl);
			
 
				+	}
			
 
				+
			
 
				+}