Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.config.annotation.web.configurers
Class LogoutConfigurer<H extends HttpSecurityBuilder<H>>

java.lang.Object
  extended by org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
      extended by org.springframework.security.config.annotation.web.configurers.LogoutConfigurer<H>
All Implemented Interfaces:
SecurityConfigurer<DefaultSecurityFilterChain,H>
public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>>
extends SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>

Adds logout support. Other SecurityConfigurer instances may invoke addLogoutHandler(LogoutHandler) in the #init(HttpSecurity) phase.

Security Filters

The following Filters are populated

Shared Objects Created

No shared Objects are created

Shared Objects Used

No shared objects are used.

Since:
3.2
See Also:
RememberMeConfigurer

Constructor Summary
LogoutConfigurer()
          Creates a new instance
 
Method Summary
 LogoutConfigurer<H> addLogoutHandler(LogoutHandler logoutHandler)
          Adds a LogoutHandler.
 void configure(H http)
          Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
 LogoutConfigurer<H> deleteCookies(String... cookieNamesToClear)
          Allows specifying the names of cookies to be removed on logout success.
 B disable()
          Disables the AbstractHttpConfigurer by removing it.
 void init(H http)
          Initialize the SecurityBuilder.
 LogoutConfigurer<H> invalidateHttpSession(boolean invalidateHttpSession)
          Configures SecurityContextLogoutHandler to invalidate the HttpSession at the time of logout.
 LogoutConfigurer<H> logoutRequestMatcher(RequestMatcher logoutRequestMatcher)
          The RequestMatcher that triggers logout to occur on HTTP POST.
 LogoutConfigurer<H> logoutSuccessHandler(LogoutSuccessHandler logoutSuccessHandler)
          Sets the LogoutSuccessHandler to use.
 LogoutConfigurer<H> logoutSuccessUrl(String logoutSuccessUrl)
          The URL to redirect to after logout has occurred.
 LogoutConfigurer<H> logoutUrl(String logoutUrl)
          The URL that triggers logout to occur on HTTP POST.
 LogoutConfigurer<H> permitAll()
          A shortcut for permitAll(boolean) with true as an argument.
 LogoutConfigurer<H> permitAll(boolean permitAll)
          Grants access to the logoutSuccessUrl(String) and the logoutUrl(String) for every user.
 T withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)
           
 
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

LogoutConfigurer

public LogoutConfigurer()
Creates a new instance

See Also:
HttpSecurity.logout()
Method Detail

addLogoutHandler

public LogoutConfigurer<H> addLogoutHandler(LogoutHandler logoutHandler)
Adds a LogoutHandler. The SecurityContextLogoutHandler is added as the last LogoutHandler by default.

Parameters:
logoutHandler - the LogoutHandler to add
Returns:
the LogoutConfigurer for further customization

invalidateHttpSession

public LogoutConfigurer<H> invalidateHttpSession(boolean invalidateHttpSession)
Configures SecurityContextLogoutHandler to invalidate the HttpSession at the time of logout.

Parameters:
invalidateHttpSession - true if the HttpSession should be invalidated (default), or false otherwise.
Returns:
the LogoutConfigurer for further customization

logoutUrl

public LogoutConfigurer<H> logoutUrl(String logoutUrl)
The URL that triggers logout to occur on HTTP POST. The default is "/logout"

Parameters:
logoutUrl - the URL that will invoke logout.
Returns:
the LogoutConfigurer for further customization

logoutRequestMatcher

public LogoutConfigurer<H> logoutRequestMatcher(RequestMatcher logoutRequestMatcher)
The RequestMatcher that triggers logout to occur on HTTP POST. The default is "/logout"

Parameters:
logoutRequestMatcher - the RequestMatcher used to determine if logout should occur.
Returns:
the LogoutConfigurer for further customization

logoutSuccessUrl

public LogoutConfigurer<H> logoutSuccessUrl(String logoutSuccessUrl)
The URL to redirect to after logout has occurred. The default is "/login?logout". This is a shortcut for invoking logoutSuccessHandler(LogoutSuccessHandler) with a SimpleUrlLogoutSuccessHandler.

Parameters:
logoutSuccessUrl - the URL to redirect to after logout occurred
Returns:
the LogoutConfigurer for further customization

permitAll

public LogoutConfigurer<H> permitAll()
A shortcut for permitAll(boolean) with true as an argument.

Returns:
the LogoutConfigurer for further customizations

deleteCookies

public LogoutConfigurer<H> deleteCookies(String... cookieNamesToClear)
Allows specifying the names of cookies to be removed on logout success. This is a shortcut to easily invoke addLogoutHandler(LogoutHandler) with a CookieClearingLogoutHandler.

Parameters:
cookieNamesToClear - the names of cookies to be removed on logout success.
Returns:
the LogoutConfigurer for further customization

logoutSuccessHandler

public LogoutConfigurer<H> logoutSuccessHandler(LogoutSuccessHandler logoutSuccessHandler)
Sets the LogoutSuccessHandler to use. If this is specified, logoutSuccessUrl(String) is ignored.

Parameters:
logoutSuccessHandler - the LogoutSuccessHandler to use after a user has been logged out.
Returns:
the LogoutConfigurer for further customizations

permitAll

public LogoutConfigurer<H> permitAll(boolean permitAll)
Grants access to the logoutSuccessUrl(String) and the logoutUrl(String) for every user.

Parameters:
permitAll - if true grants access, else nothing is done
Returns:
the LogoutConfigurer for further customization.

init

public void init(H http)
          throws Exception
Description copied from interface: SecurityConfigurer
Initialize the SecurityBuilder. Here only shared state should be created and modified, but not properties on the SecurityBuilder used for building the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared objects when building.

Specified by:
init in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
Overrides:
init in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
Throws:
Exception

configure

public void configure(H http)
               throws Exception
Description copied from interface: SecurityConfigurer
Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

Specified by:
configure in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
Overrides:
configure in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
Throws:
Exception

disable

public B disable()
Disables the AbstractHttpConfigurer by removing it. After doing so a fresh version of the configuration can be applied.

Returns:
the HttpSecurityBuilder for additional customizations

withObjectPostProcessor

public T withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD