Forum Discussion

gimtwi's avatar
gimtwi
Occasional Visitor
9 months ago

Customize Swagger UI Logout functionality

I'm using spring boot with swagger UI and keycloak and authorizations of a user goes as intended, but when i log out in Swagger UI it does not log out of keyclaok and what I want the logout button to do is to redirect to http://localhost:8080/realms/test-realm-name/protocol/openid-connect/logout 

How can I achieve that?

Here is my SecurityConfig:

@Configuration
@EnableWebSecurity
@EnableMethodSecurity
@RequiredArgsConstructor
public class SecurityConfig {

    private static final String[] AUTH_WHITELIST = {"/swagger-resources", "/swagger-resources/**", "/configuration/ui",
            "/configuration/security", "/swagger-ui.html", "/webjars/**", "/v3/api-docs/**", "v3/api-docs",
            "/api/public/**", "/api/public/authenticate", "/actuator/*", "/swagger-ui/**", "/api-docs/**"};

    private final JwtAuthConverter jwtAuthConverter;


    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.csrf(csrf -> csrf.disable())
                .authorizeHttpRequests(auth -> auth.requestMatchers(AUTH_WHITELIST).permitAll().anyRequest().authenticated());
        http.oauth2ResourceServer(o2 -> o2.jwt(jwt -> jwt.jwtAuthenticationConverter(jwtAuthConverter)));
        http.sessionManagement(s -> s.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
        return http.build();
    }
}

And here is my SwaggerConfig:

@Configuration
public class SwaggerConfig {
    private static final String OAUTH_SCHEME = "auth";

    @Value("${spring.security.oauth2.resourceserver.jwt.issuer-uri}")
    String authURL;

    @Bean
    public OpenAPI customizeOpenAPI() {
        return new OpenAPI()
                .addSecurityItem(new SecurityRequirement()
                        .addList(OAUTH_SCHEME))
                .components(new Components()
                        .addSecuritySchemes(OAUTH_SCHEME, createOAuthScheme()))
                .addSecurityItem(new SecurityRequirement().addList(OAUTH_SCHEME));
    }

    private SecurityScheme createOAuthScheme() {
        return new SecurityScheme().type(SecurityScheme.Type.OAUTH2).flows(createOAuthFlows());
    }

    private OAuthFlows createOAuthFlows() {
        final var oauthFlow = new OAuthFlow()
                .authorizationUrl(authURL + "/protocol/openid-connect" + "/auth")
                .refreshUrl(authURL + "/protocol/openid-connect" + "/token")
                .tokenUrl(authURL + "/protocol/openid-connect" + "/token")
                .scopes(new Scopes());
        return new OAuthFlows().authorizationCode(oauthFlow);
    }

}

 

No RepliesBe the first to reply