diff --git a/src/main/java/org/edgegallery/website/config/ClientWebSecurityConfigurer.java b/src/main/java/org/edgegallery/website/config/ClientWebSecurityConfigurer.java index 6818c4a71475f39657ac337c0946971c69de98ef..30deefcdcc1f1208d38ef91edaecf1ab90b5a3db 100644 --- a/src/main/java/org/edgegallery/website/config/ClientWebSecurityConfigurer.java +++ b/src/main/java/org/edgegallery/website/config/ClientWebSecurityConfigurer.java @@ -75,10 +75,12 @@ public class ClientWebSecurityConfigurer extends WebSecurityConfigurerAdapter { @Override public void configure(final HttpSecurity http) throws Exception { - http.authorizeRequests().antMatchers("/login", "/auth/logout").permitAll().anyRequest() + http.authorizeRequests().antMatchers("/login", "/auth/logout").permitAll() + .anyRequest() .authenticated().and() .addFilterBefore(oauth2ClientAuthenticationProcessingFilter(), BasicAuthenticationFilter.class).logout() - .logoutUrl("/logout").logoutSuccessUrl(authServerAddress + "/auth/logout").and().csrf() + .logoutUrl("/logout").logoutSuccessUrl(authServerAddress + "/auth/logout") + .and().csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); } diff --git a/src/main/java/org/edgegallery/website/controller/OAuthClientController.java b/src/main/java/org/edgegallery/website/controller/OAuthClientController.java index 1c944affd7b3b654ae085b48422df2a30bcde3bf..e819a02c5b1b6437b967e3641f28a780867000b5 100644 --- a/src/main/java/org/edgegallery/website/controller/OAuthClientController.java +++ b/src/main/java/org/edgegallery/website/controller/OAuthClientController.java @@ -72,8 +72,7 @@ public class OAuthClientController { /** * logout. */ - @RequestMapping(value = "/logout", method = RequestMethod.POST, consumes = "application/json", - produces = "application/json") + @RequestMapping(value = "/logout", method = RequestMethod.GET, produces = "application/json") @ApiOperation(value = "logout", response = String.class, notes = "Logout by global sessionId") public ResponseEntity logout(HttpServletRequest request) { String ssoSessionId = request.getParameter("ssoSessionId"); diff --git a/src/test/java/org/edgegallery/website/TestOAuthClientController.java b/src/test/java/org/edgegallery/website/TestOAuthClientController.java index 9b9f44bc2bfc166d01375986c13d5f081b21f6f0..49bf8a8b12513229b6c32efbed77cb411baa8bf9 100644 --- a/src/test/java/org/edgegallery/website/TestOAuthClientController.java +++ b/src/test/java/org/edgegallery/website/TestOAuthClientController.java @@ -99,7 +99,7 @@ public class TestOAuthClientController { @Test public void should_successfully_when_logout() throws Exception { - mvc.perform(MockMvcRequestBuilders.post("/auth/logout").contentType(MediaType.APPLICATION_JSON_VALUE) + mvc.perform(MockMvcRequestBuilders.get("/auth/logout").contentType(MediaType.APPLICATION_JSON_VALUE) .header("ssoSessionId", "test_sso_session_id") .accept(MediaType.APPLICATION_JSON_VALUE)).andExpect(MockMvcResultMatchers.status().isOk()); }