public class SecurityContextLogoutHandler extends java.lang.Object implements LogoutHandler
SecurityContextHolder
.
Will also invalidate the HttpSession
if isInvalidateHttpSession()
is
true
and the session is not null
.
Will also remove the Authentication
from the current SecurityContext
if
clearAuthentication
is set to true (default).
Modifier and Type | Field and Description |
---|---|
protected org.apache.commons.logging.Log |
logger |
Constructor and Description |
---|
SecurityContextLogoutHandler() |
Modifier and Type | Method and Description |
---|---|
boolean |
isInvalidateHttpSession() |
void |
logout(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authentication)
Requires the request to be passed in.
|
void |
setClearAuthentication(boolean clearAuthentication)
If true, removes the
Authentication from the SecurityContext to
prevent issues with concurrent requests. |
void |
setInvalidateHttpSession(boolean invalidateHttpSession)
Causes the
HttpSession to be invalidated when this LogoutHandler is
invoked. |
public void logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication authentication)
logout
in interface LogoutHandler
request
- from which to obtain a HTTP session (cannot be null)response
- not used (can be null
)authentication
- not used (can be null
)public boolean isInvalidateHttpSession()
public void setInvalidateHttpSession(boolean invalidateHttpSession)
HttpSession
to be invalidated when this LogoutHandler
is
invoked. Defaults to true.invalidateHttpSession
- true if you wish the session to be invalidated
(default) or false if it should not be.public void setClearAuthentication(boolean clearAuthentication)
Authentication
from the SecurityContext
to
prevent issues with concurrent requests.clearAuthentication
- true if you wish to clear the Authentication
from the SecurityContext
(default) or false if the Authentication
should not be removed.