diff --git a/sso-kit-core/src/main/java/com/vaadin/sso/core/AbstractSingleSignOnProperties.java b/sso-kit-core/src/main/java/com/vaadin/sso/core/AbstractSingleSignOnProperties.java index 956577c..f3f0792 100644 --- a/sso-kit-core/src/main/java/com/vaadin/sso/core/AbstractSingleSignOnProperties.java +++ b/sso-kit-core/src/main/java/com/vaadin/sso/core/AbstractSingleSignOnProperties.java @@ -37,7 +37,10 @@ public abstract class AbstractSingleSignOnProperties { * client registration-id: {@code registrationId}. * * @see https://openid.net/specs/openid-connect-backchannel-1_0.html + * @deprecated Use built-in Spring Security support for OpenID Connect + * Back-Channel Logout */ + @Deprecated(since = "3.1", forRemoval = true) public static final String DEFAULT_BACKCHANNEL_LOGOUT_ROUTE = "/logout/back-channel/{" + BackChannelLogoutFilter.REGISTRATION_ID_URI_VARIABLE_NAME + "}"; diff --git a/sso-kit-core/src/main/java/com/vaadin/sso/core/BackChannelLogoutFilter.java b/sso-kit-core/src/main/java/com/vaadin/sso/core/BackChannelLogoutFilter.java index 337eb6d..f98552c 100644 --- a/sso-kit-core/src/main/java/com/vaadin/sso/core/BackChannelLogoutFilter.java +++ b/sso-kit-core/src/main/java/com/vaadin/sso/core/BackChannelLogoutFilter.java @@ -39,7 +39,10 @@ * @author Vaadin Ltd * @since 1.0 * @see https://openid.net/specs/openid-connect-backchannel-1_0.html + * @deprecated Use built-in Spring Security support for OpenID Connect + * Back-Channel Logout */ +@Deprecated(since = "3.1", forRemoval = true) public class BackChannelLogoutFilter extends GenericFilterBean { /* Value defined by the specification */ diff --git a/sso-kit-core/src/main/java/com/vaadin/sso/core/LogoutTokenClaimNames.java b/sso-kit-core/src/main/java/com/vaadin/sso/core/LogoutTokenClaimNames.java index 519b909..475f663 100644 --- a/sso-kit-core/src/main/java/com/vaadin/sso/core/LogoutTokenClaimNames.java +++ b/sso-kit-core/src/main/java/com/vaadin/sso/core/LogoutTokenClaimNames.java @@ -17,7 +17,10 @@ * @author Vaadin Ltd * @since 1.0 * @see https://openid.net/specs/openid-connect-backchannel-1_0.html#LogoutToken + * @deprecated Use built-in Spring Security support for OpenID Connect + * Back-Channel Logout */ +@Deprecated(since = "3.1", forRemoval = true) public interface LogoutTokenClaimNames { /** diff --git a/sso-kit-core/src/main/java/com/vaadin/sso/core/OidcLogoutTokenValidator.java b/sso-kit-core/src/main/java/com/vaadin/sso/core/OidcLogoutTokenValidator.java index c0b450d..5fb0de0 100644 --- a/sso-kit-core/src/main/java/com/vaadin/sso/core/OidcLogoutTokenValidator.java +++ b/sso-kit-core/src/main/java/com/vaadin/sso/core/OidcLogoutTokenValidator.java @@ -35,7 +35,10 @@ * @author Vaadin Ltd * @since 1.0 * @see https://openid.net/specs/openid-connect-backchannel-1_0.html#Validation + * @deprecated Use built-in Spring Security support for OpenID Connect + * Back-Channel Logout */ +@Deprecated(since = "3.1", forRemoval = true) public final class OidcLogoutTokenValidator implements OAuth2TokenValidator { diff --git a/sso-kit-starter-hilla/src/main/java/com/vaadin/hilla/sso/starter/SingleSignOnConfiguration.java b/sso-kit-starter-hilla/src/main/java/com/vaadin/hilla/sso/starter/SingleSignOnConfiguration.java index c824308..e7f03b9 100644 --- a/sso-kit-starter-hilla/src/main/java/com/vaadin/hilla/sso/starter/SingleSignOnConfiguration.java +++ b/sso-kit-starter-hilla/src/main/java/com/vaadin/hilla/sso/starter/SingleSignOnConfiguration.java @@ -18,6 +18,7 @@ import org.springframework.context.ApplicationEventPublisher; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Conditional; +import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.core.session.SessionRegistry; @@ -162,6 +163,8 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { // Disable CSRF for Back-Channel logout requests final var matcher = backChannelLogoutFilter.getRequestMatcher(); http.csrf().ignoringRequestMatchers(matcher); + } else { + http.oidcLogout().backChannel(Customizer.withDefaults()); } return http.build(); diff --git a/sso-kit-starter/src/main/java/com/vaadin/sso/starter/SingleSignOnConfiguration.java b/sso-kit-starter/src/main/java/com/vaadin/sso/starter/SingleSignOnConfiguration.java index 76d3596..80f7944 100644 --- a/sso-kit-starter/src/main/java/com/vaadin/sso/starter/SingleSignOnConfiguration.java +++ b/sso-kit-starter/src/main/java/com/vaadin/sso/starter/SingleSignOnConfiguration.java @@ -16,6 +16,7 @@ import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.ApplicationEventPublisher; import org.springframework.context.annotation.Conditional; +import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.core.session.SessionRegistry; @@ -158,6 +159,8 @@ protected void configure(HttpSecurity http) throws Exception { // Disable CSRF for Back-Channel logout requests final var matcher = backChannelLogoutFilter.getRequestMatcher(); http.csrf().ignoringRequestMatchers(matcher); + } else { + http.oidcLogout().backChannel(Customizer.withDefaults()); } } }