jzheaux
commented
5 months ago Thanks for the suggestion, @CrazyParanoid. Is there a reason that you are not using DelegatingServerLogoutHandler?
Open CrazyParanoid opened 6 months ago
jzheaux
commented
5 months ago Thanks for the suggestion, @CrazyParanoid. Is there a reason that you are not using DelegatingServerLogoutHandler?
CrazyParanoid
commented
5 months ago Hi @jzheaux! Thanks for your feedback. Now this is exactly what I use:
@Bean
fun logoutHandler(): DelegatingServerLogoutHandler =
DelegatingServerLogoutHandler(
NotificationServerLogoutHandler(),
AuditServerLogoutHandler(),
SecurityContextServerLogoutHandler(),
WebSessionServerLogoutHandler(),
HeaderWriterServerLogoutHandler(
ClearSiteDataServerHttpHeadersWriter(
ClearSiteDataServerHttpHeadersWriter.Directive.COOKIES
)
)
)It seemed to me that notifications and events about a successful logout would be most correctly sent to the ServerLogoutSuccessHandler. In addition, support for continueOnError is required either in DelegatingServerLogoutSuccessHandler if it will be supported or in DelegatingServerLogoutHandler. This is very useful, for example, for circuit breaker triggers in handlers such as NotificationServerLogoutHandler, in my case, or any other errors caused by the infrastructure. Now I am forced to implement all this in my custom code.
CrazyParanoid
commented
5 months ago For the same reason I need DelegatingAuthenticationSuccessHandler in a servlet-based application. And I see that such implementations of AuthenticationSuccessHandler are normal practice (example), but now you have to implement such components yourself.
Need to add
DelegatingServerLogoutSuccessHandler, that iterates over multipleServerLogoutSuccessHandler. This implementation of theServerLogoutSuccessHandlerwould be very useful in cases where a redirect is not needed, but you need to return certain http code and, notify user about logout, and publish an event about successful logout: