Need to add DelegatingServerLogoutSuccessHandler, that iterates over multiple ServerLogoutSuccessHandler. This implementation of the ServerLogoutSuccessHandler would be very useful in cases where a redirect is not needed, but you need to return certain http code and, notify user about logout, and publish an event about successful logout:
DelegatingServerLogoutSuccessHandler handler = new DelegatingServerLogoutSuccessHandler(
new HttpStatusReturningServerLogoutSuccessHandler(HttpStatus.OK),
new NotificationServerLogoutSuccessHandler(),
new AuditServerLogoutSuccessHandler());
Comment From: jzheaux
Thanks for the suggestion, @CrazyParanoid. Is there a reason that you are not using DelegatingServerLogoutHandler?
Comment From: franticticktick
Hi @jzheaux! Thanks for your feedback. Now this is exactly what I use:
@Bean
fun logoutHandler(): DelegatingServerLogoutHandler =
DelegatingServerLogoutHandler(
NotificationServerLogoutHandler(),
AuditServerLogoutHandler(),
SecurityContextServerLogoutHandler(),
WebSessionServerLogoutHandler(),
HeaderWriterServerLogoutHandler(
ClearSiteDataServerHttpHeadersWriter(
ClearSiteDataServerHttpHeadersWriter.Directive.COOKIES
)
)
)
It seemed to me that notifications and events about a successful logout would be most correctly sent to the ServerLogoutSuccessHandler. In addition, support for continueOnError is required either in DelegatingServerLogoutSuccessHandler if it will be supported or in DelegatingServerLogoutHandler. This is very useful, for example, for circuit breaker triggers in handlers such as NotificationServerLogoutHandler, in my case, or any other errors caused by the infrastructure. Now I am forced to implement all this in my custom code.
Comment From: franticticktick
For the same reason I need DelegatingAuthenticationSuccessHandler in a servlet-based application. And I see that such implementations of AuthenticationSuccessHandler are normal practice (example), but now you have to implement such components yourself.