1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package de.kaiserpfalzedv.commons.spring.security;
19
20
21
22 import org.springframework.http.ResponseEntity;
23 import org.springframework.security.core.Authentication;
24 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
25 import org.springframework.security.web.authentication.logout.LogoutHandler;
26 import org.springframework.stereotype.Component;
27 import org.springframework.web.client.RestTemplate;
28 import org.springframework.web.util.UriComponentsBuilder;
29
30 import jakarta.servlet.http.HttpServletRequest;
31 import jakarta.servlet.http.HttpServletResponse;
32 import lombok.extern.slf4j.Slf4j;
33
34
35
36
37
38
39
40
41 @Component
42 @Slf4j
43 public class KeycloakLogoutHandler implements LogoutHandler {
44 private final RestTemplate restTemplate;
45
46 public KeycloakLogoutHandler(RestTemplate restTemplate) {
47 this.restTemplate = restTemplate;
48 }
49
50 @Override
51 public void logout(HttpServletRequest request, HttpServletResponse response, Authentication auth) {
52 logoutFromKeycloak((OidcUser) auth.getPrincipal());
53 }
54
55 private void logoutFromKeycloak(OidcUser user) {
56 String endSessionEndpoint = user.getIssuer() + "/protocol/openid-connect/logout";
57 UriComponentsBuilder builder = UriComponentsBuilder
58 .fromUriString(endSessionEndpoint)
59 .queryParam("id_token_hint", user.getIdToken().getTokenValue());
60
61 ResponseEntity<String> logoutResponse = restTemplate.getForEntity(
62 builder.toUriString(), String.class);
63 if (logoutResponse.getStatusCode().is2xxSuccessful()) {
64 log.info("Successfully logged out from Keycloak");
65 } else {
66 log.error("Could not propagate logout to Keycloak");
67 }
68 }
69 }