Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Apply DefaultLoginPageConfigurer before logout

If they are not applied in this order, then the LogoutConfigurer cannot
set the logoutSuccessUrl, because the DefaultLoginPageGeneratingFilter
does not exist yet.
This impacts users that inject the default HttpSecurity bean.

Closes gh-9973
Eleftheria Stein 4 years ago
parent
bfeb6bd756
commit
fdd017d935
2 changed files with 13 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
  2. 12 0
      config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java

+ 1 - 1
config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
View File 

@@ -94,8 +94,8 @@ class HttpSecurityConfiguration {
 
 			.requestCache(withDefaults())
 
 			.anonymous(withDefaults())
 
 			.servletApi(withDefaults())
 
-			.logout(withDefaults())
 
 			.apply(new DefaultLoginPageConfigurer<>());
 
+		http.logout(withDefaults());
 
 		// @formatter:on
 
 		return http;
 
 	}

+ 12 - 0
config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
View File 

@@ -187,6 +187,18 @@ public class HttpSecurityConfigurationTests {
 
 		this.mockMvc.perform(get("/login")).andExpect(status().isOk());
 
 	}
 
 
+	@Test
 
+	public void loginWhenUsingDefaultsThenDefaultLoginFailurePageGenerated() throws Exception {
 
+		this.spring.register(SecurityEnabledConfig.class).autowire();
 
+		this.mockMvc.perform(get("/login?error")).andExpect(status().isOk());
 
+	}
 
+
 
+	@Test
 
+	public void loginWhenUsingDefaultsThenDefaultLogoutSuccessPageGenerated() throws Exception {
 
+		this.spring.register(SecurityEnabledConfig.class).autowire();
 
+		this.mockMvc.perform(get("/login?logout")).andExpect(status().isOk());
 
+	}
 
+
 
 	@RestController
 
 	static class NameController {