spring security customize logout handler
The following solution works for me and may be helpful:
Extend the SimpleUrlLogoutSuccessHandler or implement the LogoutHandler:
public class LogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler { // Just for setting the default target URL public LogoutSuccessHandler(String defaultTargetURL) { this.setDefaultTargetUrl(defaultTargetURL); } @Override public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { // do whatever you want super.onLogoutSuccess(request, response, authentication); }}
Add to your Spring Security Configuration:
<security:logout logout-url="/logout" success-handler-ref="logoutSuccessHandler" /><bean id="logoutSuccessHandler" class="your.package.name.LogoutSuccessHandler" > <constructor-arg value="/putInYourDefaultTargetURLhere" /></bean>
See the answer in this post in the Spring Security Forum:
XML Definition:
<beans:bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter"> <custom-filter position="LOGOUT_FILTER"/> <beans:constructor-arg index="0" value="/logout.jsp"/> <beans:constructor-arg index="1"> <beans:list> <beans:ref bean="securityContextLogoutHandler"/> <beans:ref bean="myLogoutHandler"/> </beans:list> </beans:constructor-arg></beans:bean><beans:bean id="securityContextLogoutHandler" class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/><beans:bean id="myLogoutHandler" class="com.whatever.CustomLogoutHandler"> <beans:property name="userCache" ref="userCache"/></beans:bean>
LogoutHandler class:
public class CustomLogoutHandler implements LogoutHandler { private UserCache userCache; public void logout(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) { // .... } @Required public void setUserCache(final UserCache userCache) { this.userCache = userCache; }}
You can use java-config solutions like this.
@Configuration@EnableWebSecuritypublic class SpringSecurity2Config extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { //you can set other security config by call http.XXX() http .logout() .addLogoutHandler(new CustomLogoutHandler()) .logoutUrl("/logout") .logoutSuccessHandler(...) .permitAll(); } static class CustomLogoutHandler implements LogoutHandler { @Override public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) { //... } }}