Add OAUTH2 OIDC login support (#1140)

* Somewhat working * Change Autocreate logic * Add OAuth Error Message if Auto create Disabled * Display OAUTH2 username(email) in Account Settings * Disable Change user/pass for Oauth2 user * Hide SSO Button if SSO login Disabled * Remove some spaces and comments * Add OAUTH2 Login example docker-compose file * Add Some Comments * Hide Printing of Client secret * Remove OAUTH2 Beans and replace with applicationProperties * Add conditional annotation to Bean Creation * Update settings.yml.template Add OAUTH2 enabling template. * Update messages_en_GB.properties
2024-04-29 15:01:22 -06:00
parent 777e512e61
commit d9fa8f7b48
12 changed files with 282 additions and 5 deletions
--- a/src/main/java/stirling/software/SPDF/config/security/CustomLogoutSuccessHandler.java
+++ b/src/main/java/stirling/software/SPDF/config/security/CustomLogoutSuccessHandler.java
@@ -0,0 +1,43 @@
+package stirling.software.SPDF.config.security;
+
+import java.io.IOException;
+
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
+import jakarta.servlet.ServletException;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.session.SessionRegistry;
+import org.springframework.security.core.session.SessionRegistryImpl;
+import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
+
+public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler
+{
+    @Bean
+    public SessionRegistry sessionRegistry() {
+        return new SessionRegistryImpl();
+    }
+
+    @Override
+    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException
+    {
+        HttpSession session = request.getSession(false);
+        if (session != null) {
+            String sessionId = session.getId();
+            sessionRegistry()
+                    .removeSessionInformation(
+                            sessionId);
+        }
+
+        if(request.getParameter("oauth2AutoCreateDisabled") != null)
+        {
+            response.sendRedirect(request.getContextPath()+"/login?error=oauth2AutoCreateDisabled");
+        }
+        else
+        {
+            response.sendRedirect(request.getContextPath() + "/login?logout=true");
+        }
+    }
+}