File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Spring and the fly likes Spring Security with CAS logout Issue Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Spring Security with CAS logout Issue" Watch "Spring Security with CAS logout Issue" New topic

Spring Security with CAS logout Issue

Mckenzie John

Joined: Sep 21, 2012
Posts: 21

I am facing a problem with logout of my CAS integrated with Spring security. My requirements are - when i click on the logout of my application - i need to logout of my application, and also invalidate the session in CAS and be redirected to the CAS login page on successful logout.

I am getting an Exception encountered - java.lang.IllegalStateException when i try to redirect my application using the customLogoutHandler to the CAS login page. My logout method in customLogoutHandler implementing Spring LgoutHandler is

public void logout(HttpServletRequest request, HttpServletResponse response,
Authentication auth) {
// TODO Auto-generated method stub

try {
response.sendRedirect("https://application URL /logout.jspa");

} catch (IOException e) {



From the logs in the application i see this exception - Exception encountered -

Websites say that i am trying to redirect a page and one of the following has occurred before it:

A response header has been set before.
A forward() or include() has been invoked on the same response before.
More than 2KB of data is been written to response.
Less than 2KB is been written and flush() is invoked

Need some help in this.

Bill Gorder

Joined: Mar 07, 2010
Posts: 1682

For whatever reason it seems like your container thinks the response has already been committed before doing the redirect. This is part of the servlet spec to throw this exception in this case. I think you are going to need to step through the code and figure out where that is happening.

Also please UseCodeTags <- click

[How To Ask Questions][Read before you PM me]
I agree. Here's the link:
subject: Spring Security with CAS logout Issue
jQuery in Action, 3rd edition