CookieClearingLogoutHandler enhancement
Enabled the ability to pass in an array of Cookies to support clearing cookies on a different path other than the default context path Issue: gh-6078
This commit is contained in:
@@ -15,7 +15,7 @@
|
||||
*/
|
||||
package org.springframework.security.web.authentication.logout;
|
||||
|
||||
import static org.assertj.core.api.Assertions.*;
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.Mockito.mock;
|
||||
|
||||
import javax.servlet.http.Cookie;
|
||||
@@ -60,4 +60,36 @@ public class CookieClearingLogoutHandlerTests {
|
||||
assertThat(c.getMaxAge()).isZero();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void passedInCookiesAreCleared() {
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setContextPath("/foo/bar");
|
||||
Cookie cookie1 = new Cookie("my_cookie",null);
|
||||
cookie1.setPath("/foo");
|
||||
cookie1.setMaxAge(0);
|
||||
Cookie cookie2 = new Cookie("my_cookie_too",null);
|
||||
cookie2.setPath("/foo");
|
||||
cookie2.setMaxAge(0);
|
||||
CookieClearingLogoutHandler handler = new CookieClearingLogoutHandler(cookie1, cookie2);
|
||||
handler.logout(request, response, mock(Authentication.class));
|
||||
assertThat(response.getCookies()).hasSize(2);
|
||||
for (Cookie c : response.getCookies()) {
|
||||
assertThat(c.getPath()).isEqualTo("/foo");
|
||||
assertThat(c.getMaxAge()).isZero();
|
||||
}
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void invalidAge() {
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setContextPath("/foo/bar");
|
||||
Cookie cookie1 = new Cookie("my_cookie",null);
|
||||
cookie1.setPath("/foo");
|
||||
cookie1.setMaxAge(100);
|
||||
CookieClearingLogoutHandler handler = new CookieClearingLogoutHandler(cookie1);
|
||||
handler.logout(request, response, mock(Authentication.class));
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user