posted 11 years ago
Hi all,
We are looking for a way to implement a custom logout filter in our application which has a CAS setup. Our requirement is to have the session cleared both in CAS and the application from where our logout is called from. I am a newbie to Spring security. I understand from some of the sites that we may need to write our own custom logout handler which implements LogoutHandler. My Spring config file looks lie
<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<!-- URL redirected to after logout success -->
<constructor-arg value="URL to Which i want to redirect on successful logout"/>
<constructor-arg>
<list>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
</list>
</constructor-arg>
</bean>
I would like to have some help in the following areas:
1) any pointers which can help me the functionality of the logout action in Spring security context.
2) A simple example of how to write a custom logout handler with which i can invalidate the session created.
3) Help on the part of invalidating session in CAS along with this code will be much appreciated.
Thanks ,
McK