Allow multiple ServerLogoutHandler instances in WebFlux #17381
Conversation
…gout handlers like with Servlet. Signed-off-by: Blake Bauman <[email protected]>
spring-projects-issues
added
the
status: waiting-for-triage
There was a problem hiding this comment.
Thanks, @blake-bauman, for the PR! In addition to my inline feedback, will you please add some tests to confirm that the new functionality works?
| * @param logoutHandler | ||
| * @return the {@link LogoutSpec} to configure | ||
| */ | ||
| public LogoutSpec addLogoutHandler(ServerLogoutHandler logoutHandler) { |
There was a problem hiding this comment.
Instead of exposing addLogoutHandler, would logout(Consumer<List<ServerLogoutHandler>> consumer) also service your needs? The reason this is nice it because it also allows you to remove values. Please see OneTimeTokenLogoutSpec#authenticationSuccessHandler for an example.
| /** | ||
| * Adds a logout handler in the last position. | ||
| * @param logoutHandler | ||
| * @return the {@link LogoutSpec} to configure |
There was a problem hiding this comment.
Will you please add @since 7.0
|
@blake-bauman, please also make sure to sign your commit and keep the commit title to about 50 characters, for example: |
|
I'm a little confused because I did sign it using the 
|
|
@jzheaux I didn't see any existing tests for the Logout handler. Could you point to where they might be so that I can add on? |
@jzheaux The reason I did it this way is because |
Spring Security for Spring MVC allows for specifying multiple LogoutHandler implementations which get wrapped in a DelegatingLogoutHandler. Spring Security for WebFlux currently only allows a single ServerLogoutHandler implementation.
This PR puts both Spring MVC and Spring WebFlux on equal functionality when it comes to logout handlers.