Class OidcBackChannelLogoutHandler
java.lang.Object
org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcBackChannelLogoutHandler
- All Implemented Interfaces:
LogoutHandler
A
LogoutHandler
that locates the sessions associated with a given OIDC
Back-Channel Logout Token and invalidates each one.- Since:
- 6.4
- See Also:
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoid
logout
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Authentication authentication) Causes a logout to be completed.void
setLogoutUri
(String logoutUri) Use this logout URI for performing per-session logout.void
setSessionCookieName
(String sessionCookieName) Use this cookie name for the session identifier.
-
Constructor Details
-
OidcBackChannelLogoutHandler
-
-
Method Details
-
logout
public void logout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Authentication authentication) Description copied from interface:LogoutHandler
Causes a logout to be completed. The method must complete successfully.- Specified by:
logout
in interfaceLogoutHandler
- Parameters:
request
- the HTTP requestresponse
- the HTTP responseauthentication
- the current principal details
-
setLogoutUri
Use this logout URI for performing per-session logout. Defaults to/logout
since that is the default URI forLogoutFilter
.- Parameters:
logoutUri
- the URI to use
-
setSessionCookieName
Use this cookie name for the session identifier. Defaults toJSESSIONID
.Note that if you are using Spring Session, this likely needs to change to SESSION.
- Parameters:
sessionCookieName
- the cookie name to use
-