This week's book giveaway is in the General Computing forum.
We're giving away four copies of Arduino in Action and have Martin Evans, Joshua Noble, and Jordan Hochenbaum on-line!
See this thread for details.
The moose likes Spring and the fly likes Spring Security LogoutFilter Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of Arduino in Action this week in the General Computing forum!

A special promo: Enter your blog post or vote on a blogger to be featured in an upcoming Journal
JavaRanch » Java Forums » Frameworks » Spring
Reply Bookmark "Spring Security LogoutFilter" Watch "Spring Security LogoutFilter" New topic
Author

Spring Security LogoutFilter

Mckenzie John
Greenhorn

Joined: Sep 21, 2012
Posts: 14
posted private message
0
Quote
Hi all,

We are looking for a way to implement a custom logout filter in our application which has a CAS setup. Our requirement is to have the session cleared both in CAS and the application from where our logout is called from. I am a newbie to Spring security. I understand from some of the sites that we may need to write our own custom logout handler which implements LogoutHandler. My Spring config file looks lie

<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<!-- URL redirected to after logout success -->
<constructor-arg value="URL to Which i want to redirect on successful logout"/>
<constructor-arg>
<list>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
</list>
</constructor-arg>
</bean>

I would like to have some help in the following areas:

1) any pointers which can help me the functionality of the logout action in Spring security context.

2) A simple example of how to write a custom logout handler with which i can invalidate the session created.

3) Help on the part of invalidating session in CAS along with this code will be much appreciated.


Thanks ,
McK
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17243
    
    1

I like...
IntelliJ IDE Mac Spring
posted
0
Quote
You wouldn't set it in the filter. I believe the <security:logout> tag has a property/attribute to point to your bean that is a class that implements LogoutHandler. The only time I have done LogoutHandler was in conjunction with customized RememberMeService implementation.

Mark

Perfect World Programming, LLC - Two Laptop Bag - Tube Organizer
How to Ask Questions the Smart Way FAQ
 
I agree. Here's the link: http://ej-technologies/jprofiler - if it wasn't for jprofiler, we would need to run our stuff on 16 servers instead of 3.
 
subject: Spring Security LogoutFilter
 
Similar Threads
Spring Security - After logout able to access application through url
How to bypass spring secuirty setup for Javascript files and Struts2 ajax (DOJO) files?
Spring security multiple login pages
Session getting created twice and session not getting decremented.
"Spring Security Application" Initiated by Apache