spring security customize logout handler spring security customize logout handler spring spring

spring security customize logout handler


java spring spring-security

The following solution works for me and may be helpful:

  1. Extend the SimpleUrlLogoutSuccessHandler or implement the LogoutHandler:

    public class LogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {   // Just for setting the default target URL   public LogoutSuccessHandler(String defaultTargetURL) {        this.setDefaultTargetUrl(defaultTargetURL);   }   @Override   public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {        // do whatever you want        super.onLogoutSuccess(request, response, authentication);   }}

  2. Add to your Spring Security Configuration:

    <security:logout logout-url="/logout" success-handler-ref="logoutSuccessHandler" /><bean id="logoutSuccessHandler" class="your.package.name.LogoutSuccessHandler" >    <constructor-arg value="/putInYourDefaultTargetURLhere" /></bean>

java spring spring-security

See the answer in this post in the Spring Security Forum:

XML Definition:

<beans:bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">    <custom-filter position="LOGOUT_FILTER"/>    <beans:constructor-arg index="0" value="/logout.jsp"/>    <beans:constructor-arg index="1">        <beans:list>            <beans:ref bean="securityContextLogoutHandler"/>            <beans:ref bean="myLogoutHandler"/>        </beans:list>    </beans:constructor-arg></beans:bean><beans:bean id="securityContextLogoutHandler" class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/><beans:bean id="myLogoutHandler" class="com.whatever.CustomLogoutHandler">    <beans:property name="userCache" ref="userCache"/></beans:bean>

LogoutHandler class:

public class CustomLogoutHandler implements LogoutHandler {    private UserCache userCache;    public void logout(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) {        // ....    }    @Required    public void setUserCache(final UserCache userCache) {        this.userCache = userCache;    }}

java spring spring-security

You can use java-config solutions like this.

@Configuration@EnableWebSecuritypublic class SpringSecurity2Config extends WebSecurityConfigurerAdapter {    @Override    protected void configure(HttpSecurity http) throws Exception {       //you can set other security config by call http.XXX()        http                .logout()                .addLogoutHandler(new CustomLogoutHandler())                .logoutUrl("/logout")                .logoutSuccessHandler(...)                .permitAll();    }    static class CustomLogoutHandler implements LogoutHandler {        @Override        public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {            //...        }    }}

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last