java.lang.Object
org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcBackChannelLogoutHandler
All Implemented Interfaces:
LogoutHandler

public final class OidcBackChannelLogoutHandler extends Object implements LogoutHandler
A LogoutHandler that locates the sessions associated with a given OIDC Back-Channel Logout Token and invalidates each one.
Since:
6.4
See Also:
  • Constructor Details

    • OidcBackChannelLogoutHandler

      public OidcBackChannelLogoutHandler(OidcSessionRegistry sessionRegistry)
  • Method Details

    • logout

      public void logout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Authentication authentication)
      Description copied from interface: LogoutHandler
      Causes a logout to be completed. The method must complete successfully.
      Specified by:
      logout in interface LogoutHandler
      Parameters:
      request - the HTTP request
      response - the HTTP response
      authentication - the current principal details
    • setLogoutUri

      public void setLogoutUri(String logoutUri)
      Use this logout URI for performing per-session logout. Defaults to /logout since that is the default URI for LogoutFilter.
      Parameters:
      logoutUri - the URI to use
    • setSessionCookieName

      public void setSessionCookieName(String sessionCookieName)
      Use this cookie name for the session identifier. Defaults to JSESSIONID.

      Note that if you are using Spring Session, this likely needs to change to SESSION.

      Parameters:
      sessionCookieName - the cookie name to use