More logout fixes

- Ensure logout query parameters are allowed by spring security
- Allow GET request for logout

Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
master
Andrew DeMaria 8 years ago
parent 6427b0ce59
commit 37b35cdb87
No known key found for this signature in database
GPG Key ID: 0A3F5E91F8364EDF
  1. 4
      libresonic-main/src/main/java/org/libresonic/player/security/WebSecurityConfig.java

@ -55,7 +55,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.antMatchers("recover.view", "accessDenied.view",
"coverArt.view", "/hls/**", "/stream/**", "/ws/**",
"/share/**", "/style/**", "/icons/**",
"/flash/**", "/script/**", "/sonos/**", "/crossdomain.xml")
"/flash/**", "/script/**", "/sonos/**", "/crossdomain.xml", "/login")
.permitAll()
.antMatchers("/personalSettings.view", "/passwordSettings.view",
"/playerSettings.view", "/shareSettings.view","/passwordSettings.view")
@ -88,7 +88,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.usernameParameter("j_username")
.passwordParameter("j_password")
// see http://docs.spring.io/spring-security/site/docs/3.2.4.RELEASE/reference/htmlsingle/#csrf-logout
.and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/login?logout")
.and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET")).logoutSuccessUrl("/login?logout")
.and().rememberMe().userDetailsService(securityService).key("libresonic");
}

Loading…
Cancel
Save