Win a copy of Svelte and Sapper in Action this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Spring Security LogoutFilter

 
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

We are looking for a way to implement a custom logout filter in our application which has a CAS setup. Our requirement is to have the session cleared both in CAS and the application from where our logout is called from. I am a newbie to Spring security. I understand from some of the sites that we may need to write our own custom logout handler which implements LogoutHandler. My Spring config file looks lie

<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<!-- URL redirected to after logout success -->
<constructor-arg value="URL to Which i want to redirect on successful logout"/>
<constructor-arg>
<list>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
</list>
</constructor-arg>
</bean>

I would like to have some help in the following areas:

1) any pointers which can help me the functionality of the logout action in Spring security context.

2) A simple example of how to write a custom logout handler with which i can invalidate the session created.

3) Help on the part of invalidating session in CAS along with this code will be much appreciated.


Thanks ,
McK
 
ranger
Posts: 17346
11
Mac IntelliJ IDE Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You wouldn't set it in the filter. I believe the <security:logout> tag has a property/attribute to point to your bean that is a class that implements LogoutHandler. The only time I have done LogoutHandler was in conjunction with customized RememberMeService implementation.

Mark
 
My name is Inigo Montoya, you killed my father, prepare to read a tiny ad:
the value of filler advertising in 2020
https://coderanch.com/t/730886/filler-advertising
    Bookmark Topic Watch Topic
  • New Topic