Commit fd3d9acb authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

718: Logout not working for local authentication

Task-Url: https://minfba.de.dariah.eu/mantisbt/view.php?id=718
parent 0bd609c2
......@@ -47,6 +47,8 @@ public class HomeController {
public String getLogout(@RequestParam(value = "error", required = false) String error, @RequestParam(value = "url", defaultValue = "/") String url, HttpServletRequest request, HttpServletResponse response, Model model) throws IOException {
if (saml && authInfoHelper.getCurrentUserDetails(request).isAuth()) {
return "redirect:/saml/logout" + (!url.equals("/") ? "?loginRedirectUrl=" + url : "");
} else if (!saml && authInfoHelper.getCurrentUserDetails(request).isAuth()) {
return "redirect:/localsec/logout" + (!url.equals("/") ? "?loginRedirectUrl=" + url : "");
} else if (saml) {
return "common/logout";
}
......
......@@ -35,6 +35,11 @@
</security:http>
<!-- Handler for successful logout -->
<bean id="successLogoutHandler" class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">
<property name="defaultTargetUrl" value="/logout"/>
</bean>
<!-- This probably needs to be changed to a persisting extension of BaseUserService -->
......
......@@ -32,9 +32,30 @@
<security:request-cache ref="requestCache"/>
</security:http> -->
<bean id="authFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter" >
<!-- Filters for processing of local authentication -->
<bean id="authFilter" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map request-matcher="ant">
<security:filter-chain pattern="/localsec/login/**" filters="loginFilter"/>
<security:filter-chain pattern="/localsec/logout/**" filters="logoutFilter"/>
</security:filter-chain-map>
</bean>
<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg ref="successLogoutHandler" />
<constructor-arg ref="logoutHandler" />
<property name="filterProcessesUrl" value="/localsec/logout" />
</bean>
<bean id="loginFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter" >
<property name="authenticationManager" ref="authenticationManager" />
<property name="filterProcessesUrl" value="/localsec/login" />
</bean>
<bean id="logoutHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler">
<property name="invalidateHttpSession" value="true"/>
<property name="clearAuthentication" value="true" />
</bean>
<security:authentication-manager id="authenticationManager" alias="authenticationManager">
......
......@@ -35,20 +35,8 @@
<property name="defaultFailureUrl" value="/error.jsp"/>
</bean>
<!-- Handler for successful logout -->
<bean id="successLogoutHandler" class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">
<property name="defaultTargetUrl" value="/logout"/>
</bean>
<security:authentication-manager alias="authenticationManager">
<!-- Register authentication manager for SAML provider -->
<security:authentication-provider ref="samlAuthenticationProvider"/>
<!-- Register authentication manager for administration UI -->
<security:authentication-provider>
<security:user-service id="adminInterfaceService">
<security:user name="admin" password="admin" authorities="ROLE_ADMIN"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
<!-- Logger for SAML messages and events -->
......
......@@ -33,7 +33,7 @@
<div class="alert alert-danger" role="alert">Invalid credentials</div>
</c:if>
<form name='loginForm' class="form-horizontal" action="<c:url value='/login' />" method='POST'>
<form name='loginForm' class="form-horizontal" action="<c:url value='/localsec/login' />" method='POST'>
<input type="hidden" name="loginRedirectUrl" id="loginRedirectUrl" value="${redirectUrl}" />
<div class="form-group">
<label for="username" class="col-sm-2 control-label">Username</label>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment