Use former logout.html as main page. (#16)

dev/application-dev.yml

@@ -1,12 +1,6 @@
-service-registry:
-  username: # set via EnvFile
-  password: # set via EnvFile
-
 eureka:
   client:
     enabled: false
-    serviceUrl:
-      defaultZone: http://${service-registry.username}:${service-registry.password}@localhost:8761/eureka/
 
 spring:
   cloud:
@@ -25,11 +19,13 @@ spring:
             authorization-uri: ${auth-server.url}/realms/${auth-server.realm}/protocol/openid-connect/auth
             userinfo-uri: ${auth-server.url}/realms/${auth-server.realm}/protocol/openid-connect/userinfo
             user-name-attribute: preferred_username
+            jwk-set-uri: ${auth-server.url}/realms/${auth-server.realm}/protocol/openid-connect/certs
         registration:
           keycloak:
-            provider: keycloak
+            scope: openid
             client-id: ${auth-server.client-id}
             client-secret: ${auth-server.client-secret}
+            provider: keycloak
             authorization-grant-type: authorization_code
             redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
             client-name: Authentication Server

src/main/kotlin/org/octopusden/cloud/apigateway/config/SecurityConfig.kt

@@ -6,20 +6,13 @@ import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.context.annotation.Import
 import org.springframework.http.HttpHeaders
-import org.springframework.http.HttpMethod
 import org.springframework.http.HttpStatus
 import org.springframework.security.config.Customizer
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity
-import org.springframework.security.config.web.server.SecurityWebFiltersOrder
 import org.springframework.security.config.web.server.ServerHttpSecurity
 import org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
 import org.springframework.security.web.server.SecurityWebFilterChain
-import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers
-import org.springframework.web.server.ServerWebExchange
-import org.springframework.web.server.WebFilter
-import org.springframework.web.server.WebFilterChain
 import reactor.core.publisher.Mono
-import java.net.URLEncoder
 
 
 @Configuration
@@ -30,7 +23,7 @@ open class SecurityConfig(@Value("\${auth-server.logout-url}") private val logou
     open fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
         http.authorizeExchange { exchanges: AuthorizeExchangeSpec ->
             exchanges.pathMatchers("/dms-ui/actuator/**").permitAll()
-            exchanges.pathMatchers("/logout**", "/dms-ui/**").authenticated()
+            exchanges.pathMatchers("/","/dms-ui/**").authenticated()
             exchanges.anyExchange().permitAll()
         }
             .oauth2Login(Customizer.withDefaults())
@@ -40,33 +33,7 @@ open class SecurityConfig(@Value("\${auth-server.logout-url}") private val logou
                 exchange.exchange.response.headers.add(HttpHeaders.LOCATION, logoutUrl)
                 Mono.empty()
             }
-            .and()
-            .addFilterBefore(LogoutFilter(), SecurityWebFiltersOrder.LOGOUT_PAGE_GENERATING)
-            .csrf().disable()
-
+            .and().csrf().disable()
         return http.build()
     }
-
-    private class LogoutFilter : WebFilter {
-        private val matcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/logout")
-
-        override fun filter(exchange: ServerWebExchange, chain: WebFilterChain): Mono<Void> = matcher.matches(exchange)
-            .filter { matchResult -> matchResult.isMatch }
-            .switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
-            .flatMap { _ ->
-                val response = exchange.response
-                response.statusCode = HttpStatus.FOUND
-                val redirectUrl = exchange.request
-                    .queryParams[REDIRECT_URL_PARAM_NAME]
-                    ?.joinToString(",")
-                    ?.let { "?$REDIRECT_URL_PARAM_NAME=${URLEncoder.encode(it, Charsets.UTF_8)}" } ?: ""
-                response.headers.add(HttpHeaders.LOCATION, "/$LOGOUT_CUSTOM_ENDPOINT$redirectUrl")
-                Mono.empty()
-            }
-    }
-
-    companion object {
-        const val REDIRECT_URL_PARAM_NAME = "redirect_url"
-        const val LOGOUT_CUSTOM_ENDPOINT = "logout-form"
-    }
 }

src/main/kotlin/org/octopusden/cloud/apigateway/controller/GatewayController.kt

@@ -1,9 +1,6 @@
 package org.octopusden.cloud.apigateway.controller
 
-import org.octopusden.cloud.apigateway.config.SecurityConfig
 import org.springframework.security.core.annotation.AuthenticationPrincipal
-import org.springframework.security.oauth2.client.OAuth2AuthorizedClient
-import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient
 import org.springframework.security.oauth2.core.user.OAuth2User
 import org.springframework.stereotype.Controller
 import org.springframework.ui.Model
@@ -13,17 +10,14 @@ import org.springframework.web.bind.annotation.RequestParam
 
 @Controller
 class GatewayController {
-    @GetMapping(SecurityConfig.LOGOUT_CUSTOM_ENDPOINT)
-    fun logout(
+    @GetMapping
+    fun index(
         model: Model,
-        @RegisteredOAuth2AuthorizedClient authorizedClient: OAuth2AuthorizedClient,
         @AuthenticationPrincipal oauth2User: OAuth2User,
-        @RequestParam(SecurityConfig.REDIRECT_URL_PARAM_NAME, defaultValue = "/") redirectUrl: String,
+        @RequestParam("redirect_url", defaultValue = "/dms-ui/") redirectUrl: String,
     ): String {
         model.addAttribute("userName", oauth2User.name)
-        model.addAttribute("clientName", authorizedClient.clientRegistration.clientName)
-        model.addAttribute("userAttributes", oauth2User.attributes)
         model.addAttribute("redirectUrl", redirectUrl)
-        return "logout"
+        return "index"
     }
 }

src/main/resources/templates/index.html

@@ -1,33 +1,25 @@
 <!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="https://www.thymeleaf.org">
+<html lang="en">
 <head>
-    <title>Spring Security - OAuth 2.0 Login</title>
-    <meta charset="utf-8"/>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+    <meta name="description" content="">
+    <meta name="author" content="">
+    <title>API Gateway</title>
+    <link rel='stylesheet' type='text/css' th:href='@{css/styles.css}'>
+    <link rel='stylesheet' type='text/css' th:href='@{css/button.css}'>
 </head>
 <body>
-<div style="float: right" th:fragment="logout">
-    <div style="float:left">
-        <span style="font-weight:bold">User: </span><span th:text="${userName}"></span>
-    </div>
-    <div style="float:none">&nbsp;</div>
-    <div style="float:right">
-        <a th:href="@{/logout}">Log Out</a>
-    </div>
-</div>
-<h1>OAuth 2.0 Login with Spring Security</h1>
-<div>
-    You are successfully logged in <span style="font-weight:bold" th:text="${userName}"></span>
-    via the OAuth 2.0 Client <span style="font-weight:bold" th:text="${clientName}"></span>
-</div>
-<div>&nbsp;</div>
-<div>
-    <span style="font-weight:bold">User Attributes:</span>
-    <ul>
-        <li th:each="userAttribute : ${userAttributes}">
-            <span style="font-weight:bold" th:text="${userAttribute.key}"></span>: <span
-                th:text="${userAttribute.value}"></span>
-        </li>
-    </ul>
+<div class='wrapper'>
+    <form name='signinform' class='card form' method="post" action="/logout">
+        <div id='error-placeholder'></div>
+        <div id='root' class='form-wrapper container'>
+            <div class='continue'>Do you want to logout or continue as <span style="font-weight:bold" th:text="${userName}"></span>?</div>
+            <button class="material-button-raised" type="submit">Log Out</button>
+            <input class="material-button-raised" type="button" name="cancel" value="Continue" th:onclick="'window.location.href = \'' + @{${redirectUrl}} + '\''"/>
+            <input type="hidden" name="_csrf" th:value="${csrfToken}">
+        </div>
+    </form>
 </div>
 </body>
 </html>