Improve Spring Security adapter default configuration

2015-05-08 18:24:49 -04:00 · 2015-05-08 18:24:49 -04:00 · d37a9eada3
commit d37a9eada3
parent aaebcd074e
1 changed files with 11 additions and 6 deletions
--- a/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/config/KeycloakWebSecurityConfigurerAdapter.java
+++ b/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/config/KeycloakWebSecurityConfigurerAdapter.java
@ -17,8 +17,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.authentication.logout.LogoutFilter;
-import org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter;
 import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

 /**
 * Provides a convenient base class for creating a {@link WebSecurityConfigurer}
@ -37,13 +37,11 @@ public abstract class KeycloakWebSecurityConfigurerAdapter extends WebSecurityCo
        return new AdapterDeploymentContextBean();
    }

-    @Bean
    protected AuthenticationEntryPoint authenticationEntryPoint()
    {
        return new KeycloakAuthenticationEntryPoint();
    }

-    @Bean
    protected KeycloakAuthenticationProvider keycloakAuthenticationProvider() {
        return new KeycloakAuthenticationProvider();
    }
@ -69,7 +67,6 @@ public abstract class KeycloakWebSecurityConfigurerAdapter extends WebSecurityCo
        return  new HttpSessionManager();
    }

-    @Bean
    protected KeycloakLogoutHandler keycloakLogoutHandler() {
        return new KeycloakLogoutHandler(adapterDeploymentContextBean());
    }
@ -78,12 +75,20 @@ public abstract class KeycloakWebSecurityConfigurerAdapter extends WebSecurityCo

    @Override
    protected void configure(HttpSecurity http) throws Exception {
+
        http
+                .csrf().requireCsrfProtectionMatcher(keycloakCsrfRequestMatcher())
+                .and()
                .sessionManagement()
                .sessionAuthenticationStrategy(sessionAuthenticationStrategy())
                .and()
                .addFilterBefore(keycloakPreAuthActionsFilter(), LogoutFilter.class)
-                .addFilterBefore(keycloakAuthenticationProcessingFilter(), X509AuthenticationFilter.class)
-                .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint());
+                .addFilterBefore(keycloakAuthenticationProcessingFilter(), BasicAuthenticationFilter.class)
+                .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint())
+                .and()
+                .logout()
+                .addLogoutHandler(keycloakLogoutHandler())
+                .logoutUrl("/sso/logout").permitAll()
+                .logoutSuccessUrl("/");
    }
 }