Support new event for indicates logout success

Fixes gh-3307

Author: kazuki43zoo

core/src/main/java/org/springframework/security/authentication/event/LogoutSuccessEvent.java

@@ -0,0 +1,59 @@
+/*
+ * Copyright 2002-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.authentication.event;
+
+import org.springframework.security.core.Authentication;
+
+/**
+ * The application event which indicates successful logout.
+ *
+ * @author Kazuki Shimizu
+ * @since 4.1.1
+ */
+public class LogoutSuccessEvent extends AbstractAuthenticationEvent {
+
+	private final boolean expired;
+
+	/**
+	 * Constructs a new logout success event for no expired.
+	 *
+	 * @param authentication the authentication object
+	 */
+	public LogoutSuccessEvent(Authentication authentication) {
+		this(authentication, false);
+	}
+
+
+	/**
+	 * Constructs a new logout success event.
+	 *
+	 * @param authentication the authentication object
+	 * @param expired flag whether was logout by expired
+	 */
+	public LogoutSuccessEvent(Authentication authentication, boolean expired) {
+		super(authentication);
+		this.expired = expired;
+	}
+
+	/**
+	 * Indicates whether was logout by expired.
+	 * @return If return {@code true}, logout by expired.
+	 */
+	public boolean isExpired(){
+		return expired;
+	}
+
+}

web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,6 +27,9 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.context.ApplicationEventPublisherAware;
+import org.springframework.security.authentication.event.LogoutSuccessEvent;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@@ -49,13 +52,15 @@
  * which constructor was used.
  *
  * @author Ben Alex
+ * @author Kazuki Shimizu
  */
-public class LogoutFilter extends GenericFilterBean {
+public class LogoutFilter extends GenericFilterBean implements ApplicationEventPublisherAware {
 
 	// ~ Instance fields
 	// ================================================================================================
 
 	private RequestMatcher logoutRequestMatcher;
+	private ApplicationEventPublisher applicationEventPublisher;
 
 	private final List<LogoutHandler> handlers;
 	private final LogoutSuccessHandler logoutSuccessHandler;
@@ -113,6 +118,10 @@ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
 				handler.logout(request, response, auth);
 			}
 
+			if (applicationEventPublisher != null && auth != null) {
+				applicationEventPublisher.publishEvent(new LogoutSuccessEvent(auth));
+			}
+
 			logoutSuccessHandler.onLogoutSuccess(request, response, auth);
 
 			return;
@@ -142,4 +151,14 @@ public void setLogoutRequestMatcher(RequestMatcher logoutRequestMatcher) {
 	public void setFilterProcessesUrl(String filterProcessesUrl) {
 		this.logoutRequestMatcher = new AntPathRequestMatcher(filterProcessesUrl);
 	}
+
+	/**
+	 * {@inheritDoc }
+	 * @since 4.1.1
+	 */
+	@Override
+	public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
+		this.applicationEventPublisher = applicationEventPublisher;
+	}
+
 }

web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java

@@ -30,12 +30,13 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-
+import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationTrustResolver;
 import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.authentication.event.LogoutSuccessEvent;
 import org.springframework.security.concurrent.DelegatingSecurityContextRunnable;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
@@ -67,6 +68,7 @@
  * </ul>
  *
  * @author Rob Winch
+ * @author Kazuki Shimizu
  *
  * @see SecurityContextHolderAwareRequestFilter
  * @see HttpServlet25RequestFactory
@@ -81,6 +83,7 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
 	private AuthenticationEntryPoint authenticationEntryPoint;
 	private AuthenticationManager authenticationManager;
 	private List<LogoutHandler> logoutHandlers;
+	private ApplicationEventPublisher applicationEventPublisher;
 
 	HttpServlet3RequestFactory(String rolePrefix) {
 		this.rolePrefix = rolePrefix;
@@ -159,7 +162,15 @@ public void setTrustResolver(AuthenticationTrustResolver trustResolver) {
 		this.trustResolver = trustResolver;
 	}
 
-	@Override
+	/**
+	 * Set the {@link ApplicationEventPublisher}.
+	 * @param applicationEventPublisher event publisher to be used by this object
+	 * @since 4.1.1
+	 */
+	public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher){
+		this.applicationEventPublisher = applicationEventPublisher;
+	}
+
 	public HttpServletRequest create(HttpServletRequest request,
 			HttpServletResponse response) {
 		return new Servlet3SecurityContextHolderAwareRequestWrapper(request,
@@ -245,16 +256,18 @@ public void login(String username, String password) throws ServletException {
 		@Override
 		public void logout() throws ServletException {
 			List<LogoutHandler> handlers = HttpServlet3RequestFactory.this.logoutHandlers;
+			Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 			if (handlers == null) {
 				HttpServlet3RequestFactory.this.logger.debug(
 						"logoutHandlers is null, so allowing original HttpServletRequest to handle logout");
 				super.logout();
-				return;
+			} else {
+				for (LogoutHandler logoutHandler : handlers) {
+					logoutHandler.logout(this, response, authentication);
+				}
 			}
-			Authentication authentication = SecurityContextHolder.getContext()
-					.getAuthentication();
-			for (LogoutHandler logoutHandler : handlers) {
-				logoutHandler.logout(this, this.response, authentication);
+			if (applicationEventPublisher != null && authentication != null) {
+				applicationEventPublisher.publishEvent(new LogoutSuccessEvent(authentication));
 			}
 		}
 

web/src/main/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,6 +27,8 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.context.ApplicationEventPublisherAware;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationTrustResolver;
 import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
@@ -71,8 +73,9 @@
  * @author Ben Alex
  * @author Luke Taylor
  * @author Rob Winch
+ * @author Kazuki Shimizu
  */
-public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
+public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean implements ApplicationEventPublisherAware {
 	// ~ Instance fields
 	// ================================================================================================
 
@@ -88,6 +91,8 @@ public class SecurityContextHolderAwareRequestFilter extends GenericFilterBean {
 
 	private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
 
+	private ApplicationEventPublisher applicationEventPublisher;
+
 	// ~ Methods
 	// ========================================================================================================
 
@@ -200,6 +205,7 @@ private HttpServletRequestFactory createServlet3Factory(String rolePrefix) {
 		factory.setAuthenticationEntryPoint(this.authenticationEntryPoint);
 		factory.setAuthenticationManager(this.authenticationManager);
 		factory.setLogoutHandlers(this.logoutHandlers);
+		factory.setApplicationEventPublisher(this.applicationEventPublisher);
 		return factory;
 	}
 
@@ -210,4 +216,14 @@ private HttpServletRequestFactory createServlet3Factory(String rolePrefix) {
 	private boolean isServlet3() {
 		return ClassUtils.hasMethod(ServletRequest.class, "startAsync");
 	}
+
+	/**
+	 * {@inheritDoc}
+	 * @since 4.1.1
+	 */
+	@Override
+	public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
+		this.applicationEventPublisher = applicationEventPublisher;
+	}
+
 }

web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,6 +26,9 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
+import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.context.ApplicationEventPublisherAware;
+import org.springframework.security.authentication.event.LogoutSuccessEvent;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.session.SessionInformation;
@@ -59,15 +62,17 @@
  * </p>
  *
  * @author Ben Alex
+ * @author Kazuki Shimizu
  */
-public class ConcurrentSessionFilter extends GenericFilterBean {
+public class ConcurrentSessionFilter extends GenericFilterBean implements ApplicationEventPublisherAware {
 	// ~ Instance fields
 	// ================================================================================================
 
 	private SessionRegistry sessionRegistry;
 	private String expiredUrl;
 	private LogoutHandler[] handlers = new LogoutHandler[] { new SecurityContextLogoutHandler() };
 	private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
+	private ApplicationEventPublisher applicationEventPublisher;
 
 	// ~ Methods
 	// ========================================================================================================
@@ -145,6 +150,10 @@ private void doLogout(HttpServletRequest request, HttpServletResponse response)
 		for (LogoutHandler handler : handlers) {
 			handler.logout(request, response, auth);
 		}
+
+		if (applicationEventPublisher != null && auth != null) {
+			applicationEventPublisher.publishEvent(new LogoutSuccessEvent(auth, true));
+		}
 	}
 
 	public void setLogoutHandlers(LogoutHandler[] handlers) {
@@ -155,4 +164,14 @@ public void setLogoutHandlers(LogoutHandler[] handlers) {
 	public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
 		this.redirectStrategy = redirectStrategy;
 	}
+
+	/**
+	 * {@inheritDoc}
+	 * @since 4.1.1
+	 */
+	@Override
+	public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
+		this.applicationEventPublisher = applicationEventPublisher;
+	}
+
 }