first

src/main/java/de/szut/lf8_starter/security/KeycloakLogoutHandler.java

@@ -0,0 +1,49 @@
+package de.szut.lf8_starter.security;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.core.oidc.user.OidcUser;
+import org.springframework.security.web.authentication.logout.LogoutHandler;
+import org.springframework.stereotype.Component;
+import org.springframework.web.client.RestTemplate;
+import org.springframework.web.util.UriComponentsBuilder;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+@Slf4j
+@Component
+public class KeycloakLogoutHandler implements LogoutHandler {
+
+
+    private final RestTemplate restTemplate;
+
+    public KeycloakLogoutHandler(RestTemplate restTemplate) {
+        this.restTemplate = restTemplate;
+    }
+
+    @Override
+    public void logout(HttpServletRequest request, HttpServletResponse response, Authentication auth) {
+        logout(request, auth);
+    }
+
+    public void logout(HttpServletRequest request, Authentication auth) {
+        logoutFromKeycloak((OidcUser) auth.getPrincipal());
+    }
+
+    private void logoutFromKeycloak(OidcUser user) {
+        String endSessionEndpoint = user.getIssuer() + "/protocol/openid-connect/logout";
+        UriComponentsBuilder builder = UriComponentsBuilder
+                .fromUriString(endSessionEndpoint)
+                .queryParam("id_token_hint", user.getIdToken().getTokenValue());
+
+        ResponseEntity<String> logoutResponse = restTemplate.getForEntity(builder.toUriString(), String.class);
+        if (logoutResponse.getStatusCode().is2xxSuccessful()) {
+            log.info("Successfulley logged out from Keycloak");
+        } else {
+            log.error("Could not propagate logout to Keycloak");
+        }
+    }
+
+}