org.springframework.security.web.csrf

Class CsrfLogoutHandler

java.lang.Object

org.springframework.security.web.csrf.CsrfLogoutHandler

All Implemented Interfaces:

LogoutHandler

public final class CsrfLogoutHandler
extends java.lang.Object
implements LogoutHandler

CsrfLogoutHandler is in charge of removing the CsrfToken upon logout. A new CsrfToken will then be generated by the framework upon the next request.

Since:

3.2

Constructor Summary

Constructors

Constructor and Description
CsrfLogoutHandler(CsrfTokenRepository csrfTokenRepository) Creates a new instance

Method Summary

Modifier and Type	Method and Description
void	logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication authentication) Clears the CsrfToken

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CsrfLogoutHandler

public CsrfLogoutHandler(CsrfTokenRepository csrfTokenRepository)

Creates a new instance

Parameters:

csrfTokenRepository - the CsrfTokenRepository to use

Method Detail

logout

public void logout(javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response,
                   Authentication authentication)

Clears the CsrfToken

Specified by:

logout in interface LogoutHandler

Parameters:

request - the HTTP request

response - the HTTP response

authentication - the current principal details

See Also:

LogoutHandler.logout(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.springframework.security.core.Authentication)