Skip to content

Commit

Permalink
fix(BE): Logout Cookie 제거 및 리프레시 토큰 제거 - 개발 서버 반영 후 결과 파악 #114
Browse files Browse the repository at this point in the history
  • Loading branch information
namhyo01 committed Oct 18, 2023
1 parent 116efdc commit dda4ea5
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 22 deletions.
33 changes: 11 additions & 22 deletions src/main/java/com/example/api/auth/config/SecurityConfig.java
Original file line number Diff line number Diff line change
Expand Up @@ -78,29 +78,18 @@ public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Excepti
oauth2.failureHandler(oAuth2LoginFailureHandler);//핸들러
oauth2.successHandler(oAUth2LoginSuccessHandler);
});
httpSecurity.logout(logout -> logout
.logoutUrl("/logout")
.addLogoutHandler(((request, response, authentication) -> {
Cookie[] cookies = request.getCookies();
if(cookies != null) {
for (Cookie cookie : request.getCookies()) {
String cookieName = cookie.getName();
CookieUtils.addCookie(response, cookieName, null, 0);
}
}
}))
httpSecurity.logout(
logout ->
logout
.logoutUrl("/logout")
.clearAuthentication(true)
.addLogoutHandler(((request, response, authentication) -> {

}))
.logoutSuccessHandler(myLogoutSuccessHandler)
.permitAll()

);
// httpSecurity.logout(
// httpSecurityLogoutConfigurer ->
// httpSecurityLogoutConfigurer
// .logoutRequestMatcher(new AntPathRequestMatcher("/auth/logout"))
// .invalidateHttpSession(true)
// .deleteCookies("access_token")
// .clearAuthentication(true)
// .logoutSuccessHandler(myLogoutSuccessHandler)
// .permitAll()
//
// );
// httpSecurity.logout(logout -> logout.logoutSuccessUrl("/"));

return httpSecurity
Expand Down
Original file line number Diff line number Diff line change
@@ -1,10 +1,14 @@
package com.example.api.auth.handler;

import com.example.api.auth.application.port.in.LogoutUsecase;
import com.example.api.auth.utils.CookieUtils;
import com.fasterxml.jackson.databind.ObjectMapper;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.stereotype.Component;
Expand All @@ -14,11 +18,27 @@

@Component
@RequiredArgsConstructor
@Slf4j
public class MyLogoutSuccessHandler implements LogoutSuccessHandler {
private final ObjectMapper objectMapper;
private final LogoutUsecase logoutUsecase;

@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
//로그 아웃 성공시 ok 보내자
Cookie[] cookies = request.getCookies();
if(cookies != null) {
for (Cookie cookie : request.getCookies()) {
String cookieName = cookie.getName();
if(cookieName.equals("access_token")){
String accessToken = cookie.getValue();
log.info("access_token : {}", accessToken);
logoutUsecase.removeToken(accessToken);
}
CookieUtils.addCookie(response, cookieName, null, 0);
}
}

response.setStatus(HttpServletResponse.SC_OK);
}
}

0 comments on commit dda4ea5

Please sign in to comment.