How do you log out all logged in users in spring-security? How do you log out all logged in users in spring-security? spring spring

How do you log out all logged in users in spring-security?


java spring authentication spring-security logout

First define HttpSessionEventPublisher in web.xml

<listener>    <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class></listener>

Then define <session-management> in your spring security.xml file.

Now, use SessionRegistry in your controller method to invalidate all sessions. Below code retrieves all active sessions.

List<SessionInformation> activeSessions = new ArrayList<SessionInformation>();    for (Object principal : sessionRegistry.getAllPrincipals()) {        for (SessionInformation session : sessionRegistry.getAllSessions(principal, false)) {            activeSessions.add(session);        }    }

On Each active session, you can call expireNow() method to expire or invalidate them.

java spring authentication spring-security logout

Ketan gives you the answer that you are looking for, if you change the second for block and use session.expireNow(); instead activeSessions.add(session); you will end up with all active sessions expired.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last