aspose file tools*
The moose likes Spring and the fly likes Spring Security LogoutFilter Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Spring Security LogoutFilter" Watch "Spring Security LogoutFilter" New topic
Author

Spring Security LogoutFilter

Mckenzie John
Greenhorn

Joined: Sep 21, 2012
Posts: 16
Hi all,

We are looking for a way to implement a custom logout filter in our application which has a CAS setup. Our requirement is to have the session cleared both in CAS and the application from where our logout is called from. I am a newbie to Spring security. I understand from some of the sites that we may need to write our own custom logout handler which implements LogoutHandler. My Spring config file looks lie

<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<!-- URL redirected to after logout success -->
<constructor-arg value="URL to Which i want to redirect on successful logout"/>
<constructor-arg>
<list>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
</list>
</constructor-arg>
</bean>

I would like to have some help in the following areas:

1) any pointers which can help me the functionality of the logout action in Spring security context.

2) A simple example of how to write a custom logout handler with which i can invalidate the session created.

3) Help on the part of invalidating session in CAS along with this code will be much appreciated.


Thanks ,
McK
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17249
    
    6

You wouldn't set it in the filter. I believe the <security:logout> tag has a property/attribute to point to your bean that is a class that implements LogoutHandler. The only time I have done LogoutHandler was in conjunction with customized RememberMeService implementation.

Mark


Perfect World Programming, LLC - Two Laptop Bag - Tube Organizer
How to Ask Questions the Smart Way FAQ
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Spring Security LogoutFilter
 
Similar Threads
Session getting created twice and session not getting decremented.
Spring Security - After logout able to access application through url
How to bypass spring secuirty setup for Javascript files and Struts2 ajax (DOJO) files?
"Spring Security Application" Initiated by Apache
Spring security multiple login pages