Open CrazyParanoid opened 6 months ago
Thanks for the suggestion, @CrazyParanoid. Is there a reason that you are not using DelegatingServerLogoutHandler
?
Hi @jzheaux! Thanks for your feedback. Now this is exactly what I use:
@Bean
fun logoutHandler(): DelegatingServerLogoutHandler =
DelegatingServerLogoutHandler(
NotificationServerLogoutHandler(),
AuditServerLogoutHandler(),
SecurityContextServerLogoutHandler(),
WebSessionServerLogoutHandler(),
HeaderWriterServerLogoutHandler(
ClearSiteDataServerHttpHeadersWriter(
ClearSiteDataServerHttpHeadersWriter.Directive.COOKIES
)
)
)
It seemed to me that notifications and events about a successful logout would be most correctly sent to the ServerLogoutSuccessHandler
. In addition, support for continueOnError
is required either in DelegatingServerLogoutSuccessHandler
if it will be supported or in DelegatingServerLogoutHandler
. This is very useful, for example, for circuit breaker triggers in handlers such as NotificationServerLogoutHandler
, in my case, or any other errors caused by the infrastructure. Now I am forced to implement all this in my custom code.
For the same reason I need DelegatingAuthenticationSuccessHandler
in a servlet-based application. And I see that such implementations of AuthenticationSuccessHandler
are normal practice (example), but now you have to implement such components yourself.
Need to add
DelegatingServerLogoutSuccessHandler
, that iterates over multipleServerLogoutSuccessHandler
. This implementation of theServerLogoutSuccessHandler
would be very useful in cases where a redirect is not needed, but you need to return certain http code and, notify user about logout, and publish an event about successful logout: