JAVA-413: Logout Using Zuul proxy

Author: sampadawagde

oauth-rest/oauth-ui-authorization-code-angular-zuul/src/main/java/com/baeldung/config/CustomPostZuulFilter.java

@@ -36,32 +36,38 @@ public Object run() {
 				final Cookie cookie = new Cookie("code", params.get("code").get(0));
 				cookie.setHttpOnly(true);
 				cookie.setPath(ctx.getRequest().getContextPath() + "/auth/token");
-				//cookie.setMaxAge(2592000); // 30 days
+				cookie.setMaxAge(2592000); // 30 days
 
 				ctx.getResponse().addCookie(cookie);
-				
-			} else if (requestURI.contains("auth/token") || requestURI.contains("auth/refresh")) {
 
-				final InputStream is = ctx.getResponseDataStream();
-				String responseBody = IOUtils.toString(is, "UTF-8");
-				if (responseBody.contains("refresh_token")) {
-					final Map<String, Object> responseMap = mapper.readValue(responseBody,
-							new TypeReference<Map<String, Object>>() {
-							});
-					final String refreshToken = responseMap.get("refresh_token").toString();
-					responseMap.remove("refresh_token");
-					responseBody = mapper.writeValueAsString(responseMap);
-
-					final Cookie cookie = new Cookie("refreshToken", refreshToken);
-					cookie.setHttpOnly(true);
-					cookie.setPath(ctx.getRequest().getContextPath() + "/auth/refresh");
-					cookie.setMaxAge(2592000); // 30 days
+			} else if (requestURI.contains("auth/token") || requestURI.contains("auth/refresh")) {
+				if (requestURI.contains("auth/refresh/revoke")) {
 
+					final Cookie cookie = new Cookie("refreshToken", "");
+					cookie.setMaxAge(0);
 					ctx.getResponse().addCookie(cookie);
+				} else {
+					final InputStream is = ctx.getResponseDataStream();
+					String responseBody = IOUtils.toString(is, "UTF-8");
+					if (responseBody.contains("refresh_token")) {
+						final Map<String, Object> responseMap = mapper.readValue(responseBody,
+								new TypeReference<Map<String, Object>>() {
+								});
+						final String refreshToken = responseMap.get("refresh_token").toString();
+						responseMap.remove("refresh_token");
+						responseBody = mapper.writeValueAsString(responseMap);
+
+						final Cookie cookie = new Cookie("refreshToken", refreshToken);
+						cookie.setHttpOnly(true);
+						cookie.setPath(ctx.getRequest().getContextPath() + "/auth/refresh");
+						cookie.setMaxAge(2592000); // 30 days
+
+						ctx.getResponse().addCookie(cookie);
+					}
+					ctx.setResponseBody(responseBody);
 				}
-				ctx.setResponseBody(responseBody);
-			}
 
+			}
 		} catch (Exception e) {
 			logger.error("Error occured in zuul post filter", e);
 		}

oauth-rest/oauth-ui-authorization-code-angular-zuul/src/main/java/com/baeldung/config/CustomPreZuulFilter.java

@@ -1,6 +1,7 @@
 package com.baeldung.config;
 
 import java.io.IOException;
+import java.net.URL;
 import java.util.List;
 import java.util.Map;
 
@@ -9,6 +10,10 @@
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.cloud.netflix.zuul.filters.ZuulProperties;
+import org.springframework.cloud.netflix.zuul.filters.ZuulProperties.ZuulRoute;
+import org.springframework.cloud.netflix.zuul.filters.support.FilterConstants;
 import org.springframework.stereotype.Component;
 
 import com.google.common.collect.Lists;
@@ -19,6 +24,9 @@
 @Component
 public class CustomPreZuulFilter extends ZuulFilter {
 
+	@Autowired
+	private ZuulProperties zuulProperties;
+
 	private final Logger logger = LoggerFactory.getLogger(this.getClass());
 	private final static String REDIRECT_URL = "http://localhost:8089/auth/redirect/";
 	private final static String CLIENT_ID = "newClient";
@@ -44,21 +52,30 @@ public Object run() {
 
 			ctx.setRequestQueryParams(params);
 		} else if (requestURI.contains("auth/token") || requestURI.contains("auth/refresh")) {
-
 			try {
-				String cookieValue = requestURI.contains("token") ? extractCookie(req, "code")
-						: extractCookie(req, "refreshToken");
-
-				String formParams = createFormData(requestURI, cookieValue);
-
-				byte[] bytes = formParams.getBytes("UTF-8");
-
+				byte[] bytes;
+				if (requestURI.contains("auth/refresh/revoke")) {
+					final String proxy = (String) ctx.get(FilterConstants.PROXY_KEY);
+					final ZuulRoute zuulRoute = this.zuulProperties.getRoutes().get(proxy + "revoke");
+
+					ctx.put(FilterConstants.REQUEST_URI_KEY, "");
+					ctx.setRouteHost(new URL(zuulRoute.getUrl()));
+
+					String cookieValue = extractCookie(req, "refreshToken");
+					String formParams = createFormData(requestURI, cookieValue);
+					bytes = formParams.getBytes("UTF-8");
+				} else {
+					String cookieValue = requestURI.contains("token") ? extractCookie(req, "code")
+							: extractCookie(req, "refreshToken");
+					String formParams = createFormData(requestURI, cookieValue);
+					bytes = formParams.getBytes("UTF-8");
+				}
 				ctx.setRequest(new CustomHttpServletRequest(req, bytes));
-
 			} catch (IOException e) {
 				e.printStackTrace();
 			}
-		} 
+
+		}
 		return null;
 	}
 
@@ -75,13 +92,19 @@ private String extractCookie(HttpServletRequest req, String name) {
 	}
 
 	private String createFormData(String requestURI, String cookieValue) {
-		String formData;
+		String formData = "";
 		if (requestURI.contains("token")) {
 			formData = String.format("grant_type=%s&client_id=%s&client_secret=%s&redirect_uri=%s&code=%s",
 					"authorization_code", CLIENT_ID, CLIENT_SECRET, REDIRECT_URL, cookieValue);
-		} else {
-			formData = String.format("grant_type=%s&client_id=%s&client_secret=%s&refresh_token=%s", "refresh_token",
-					CLIENT_ID, CLIENT_SECRET, cookieValue);
+		} else if (requestURI.contains("refresh")) {
+			if (requestURI.contains("revoke")) {
+				formData = String.format("client_id=%s&client_secret=%s&refresh_token=%s", CLIENT_ID, CLIENT_SECRET,
+						cookieValue);
+			} else {
+				formData = String.format("grant_type=%s&client_id=%s&client_secret=%s&refresh_token=%s",
+						"refresh_token", CLIENT_ID, CLIENT_SECRET, cookieValue);
+			}
+
 		}
 		return formData;
 	}
@@ -101,7 +124,7 @@ public boolean shouldFilter() {
 
 	@Override
 	public int filterOrder() {
-		return 6;
+		return FilterConstants.PRE_DECORATION_FILTER_ORDER + 1;
 	}
 
 	@Override

oauth-rest/oauth-ui-authorization-code-angular-zuul/src/main/resources/application.yml

@@ -22,6 +22,10 @@ zuul:
       path: /auth/resources/**
       sensitiveHeaders:
       url: http://localhost:8083/auth/resources/
+    auth/refresh/revoke:
+      path: /auth/refresh/revoke/**
+      sensitiveHeaders:
+      url: http://localhost:8083/auth/realms/baeldung/protocol/openid-connect/logout
 
   Servlet30WrapperFilter:
     pre:

oauth-rest/oauth-ui-authorization-code-angular-zuul/src/main/resources/src/app/app.service.ts

@@ -50,8 +50,18 @@ export class AppService {
   }
 
   logout() {
-    Cookie.delete('access_token');
-    window.location.href = 'http://localhost:8089/';
+    let headers = new HttpHeaders({
+      'Content-type': 'application/x-www-form-urlencoded; charset=utf-8'
+    });
+    
+    this._http.post('auth/refresh/revoke', {}, { headers: headers })
+      .subscribe(
+        data => {
+        	Cookie.delete('access_token');
+        	window.location.href = 'http://localhost:8089/';
+        	},
+        err => alert('Could not logout')
+      );
   }
 
   refreshAccessToken() {