diff --git a/gateway/src/main/java/org/georchestra/gateway/security/GatewaySecurityConfiguration.java b/gateway/src/main/java/org/georchestra/gateway/security/GatewaySecurityConfiguration.java index a5d77d16..7e222fce 100644 --- a/gateway/src/main/java/org/georchestra/gateway/security/GatewaySecurityConfiguration.java +++ b/gateway/src/main/java/org/georchestra/gateway/security/GatewaySecurityConfiguration.java @@ -29,14 +29,14 @@ import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; import org.springframework.security.config.web.server.ServerHttpSecurity; import org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec; -import org.springframework.security.oauth2.client.oidc.web.server.logout.OidcClientInitiatedServerLogoutSuccessHandler; -import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler; import org.springframework.security.web.server.SecurityWebFilterChain; import org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler; import org.springframework.security.web.server.authentication.logout.ServerLogoutSuccessHandler; +import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers; import lombok.extern.slf4j.Slf4j; @@ -85,10 +85,6 @@ SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http, // by proxified webapps, not the gateway. http.csrf().disable(); - http.formLogin() - .authenticationFailureHandler(new ExtendedRedirectServerAuthenticationFailureHandler("login?error")) - .loginPage("/login"); - sortedCustomizers(customizers).forEach(customizer -> { log.debug("Applying security customizer {}", customizer.getName()); customizer.customize(http); @@ -99,7 +95,8 @@ SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http, RedirectServerLogoutSuccessHandler defaultRedirect = new RedirectServerLogoutSuccessHandler(); defaultRedirect.setLogoutSuccessUrl(URI.create(georchestraLogoutUrl)); - LogoutSpec logoutUrl = http.formLogin().loginPage("/login").and().logout().logoutUrl("/logout") + LogoutSpec logoutUrl = http.formLogin().loginPage("/login").and().logout() + .requiresLogout(ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/logout")) .logoutSuccessHandler(oidcLogoutSuccessHandler != null ? oidcLogoutSuccessHandler : defaultRedirect); return logoutUrl.and().build(); diff --git a/gateway/src/main/resources/templates/logout.html b/gateway/src/main/resources/templates/logout.html deleted file mode 100644 index 44d6f7f9..00000000 --- a/gateway/src/main/resources/templates/logout.html +++ /dev/null @@ -1,25 +0,0 @@ - - -
- - - - -