public class SecurityContextLogoutHandler extends java.lang.Object implements LogoutHandler
SecurityContextHolder.
Will also invalidate the HttpSession if isInvalidateHttpSession() is
true and the session is not null.
Will also remove the Authentication from the current SecurityContext if
clearAuthentication is set to true (default).
| Modifier and Type | Field and Description |
|---|---|
protected org.apache.commons.logging.Log |
logger |
| Constructor and Description |
|---|
SecurityContextLogoutHandler() |
| Modifier and Type | Method and Description |
|---|---|
boolean |
isInvalidateHttpSession() |
void |
logout(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authentication)
Requires the request to be passed in.
|
void |
setClearAuthentication(boolean clearAuthentication)
If true, removes the
Authentication from the SecurityContext to
prevent issues with concurrent requests. |
void |
setInvalidateHttpSession(boolean invalidateHttpSession)
Causes the
HttpSession to be invalidated when this LogoutHandler is
invoked. |
public void logout(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
Authentication authentication)
logout in interface LogoutHandlerrequest - from which to obtain a HTTP session (cannot be null)response - not used (can be null)authentication - not used (can be null)public boolean isInvalidateHttpSession()
public void setInvalidateHttpSession(boolean invalidateHttpSession)
HttpSession to be invalidated when this LogoutHandler is
invoked. Defaults to true.invalidateHttpSession - true if you wish the session to be invalidated
(default) or false if it should not be.public void setClearAuthentication(boolean clearAuthentication)
Authentication from the SecurityContext to
prevent issues with concurrent requests.clearAuthentication - true if you wish to clear the Authentication
from the SecurityContext (default) or false if the Authentication
should not be removed.