From 37b35cdb875123b64eb568ef6e539742111a2d1d Mon Sep 17 00:00:00 2001 From: Andrew DeMaria Date: Sat, 7 Jan 2017 14:32:53 -0700 Subject: [PATCH] More logout fixes - Ensure logout query parameters are allowed by spring security - Allow GET request for logout Signed-off-by: Andrew DeMaria --- .../org/libresonic/player/security/WebSecurityConfig.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libresonic-main/src/main/java/org/libresonic/player/security/WebSecurityConfig.java b/libresonic-main/src/main/java/org/libresonic/player/security/WebSecurityConfig.java index 8863e8da..8b101a97 100644 --- a/libresonic-main/src/main/java/org/libresonic/player/security/WebSecurityConfig.java +++ b/libresonic-main/src/main/java/org/libresonic/player/security/WebSecurityConfig.java @@ -55,7 +55,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { .antMatchers("recover.view", "accessDenied.view", "coverArt.view", "/hls/**", "/stream/**", "/ws/**", "/share/**", "/style/**", "/icons/**", - "/flash/**", "/script/**", "/sonos/**", "/crossdomain.xml") + "/flash/**", "/script/**", "/sonos/**", "/crossdomain.xml", "/login") .permitAll() .antMatchers("/personalSettings.view", "/passwordSettings.view", "/playerSettings.view", "/shareSettings.view","/passwordSettings.view") @@ -88,7 +88,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { .usernameParameter("j_username") .passwordParameter("j_password") // see http://docs.spring.io/spring-security/site/docs/3.2.4.RELEASE/reference/htmlsingle/#csrf-logout - .and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/login?logout") + .and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET")).logoutSuccessUrl("/login?logout") .and().rememberMe().userDetailsService(securityService).key("libresonic"); }