The moose likes Spring and the fly likes Spring Security LogoutFilter Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Spring Security LogoutFilter" Watch "Spring Security LogoutFilter" New topic

Spring Security LogoutFilter

Mckenzie John

Joined: Sep 21, 2012
Posts: 21
Hi all,

We are looking for a way to implement a custom logout filter in our application which has a CAS setup. Our requirement is to have the session cleared both in CAS and the application from where our logout is called from. I am a newbie to Spring security. I understand from some of the sites that we may need to write our own custom logout handler which implements LogoutHandler. My Spring config file looks lie

<bean id="logoutFilter" class="">
<!-- URL redirected to after logout success -->
<constructor-arg value="URL to Which i want to redirect on successful logout"/>
<bean class=""/>

I would like to have some help in the following areas:

1) any pointers which can help me the functionality of the logout action in Spring security context.

2) A simple example of how to write a custom logout handler with which i can invalidate the session created.

3) Help on the part of invalidating session in CAS along with this code will be much appreciated.

Thanks ,
Mark Spritzler

Joined: Feb 05, 2001
Posts: 17276

You wouldn't set it in the filter. I believe the <security:logout> tag has a property/attribute to point to your bean that is a class that implements LogoutHandler. The only time I have done LogoutHandler was in conjunction with customized RememberMeService implementation.


Perfect World Programming, LLC - iOS Apps
How to Ask Questions the Smart Way FAQ
I agree. Here's the link:
subject: Spring Security LogoutFilter
It's not a secret anymore!