public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractHttpConfigurer<LogoutConfigurer<H>,H>
SecurityConfigurer
instances may invoke
addLogoutHandler(LogoutHandler)
in the init(HttpSecurityBuilder)
phase.
RememberMeConfigurer
Constructor and Description |
---|
LogoutConfigurer()
Creates a new instance
|
Modifier and Type | Method and Description |
---|---|
LogoutConfigurer<H> |
addLogoutHandler(LogoutHandler logoutHandler)
Adds a
LogoutHandler . |
LogoutConfigurer<H> |
clearAuthentication(boolean clearAuthentication)
Specifies if
SecurityContextLogoutHandler should clear the Authentication at the time of logout. |
void |
configure(H http)
Configure the
SecurityBuilder by setting the necessary properties on the
SecurityBuilder . |
LogoutConfigurer<H> |
defaultLogoutSuccessHandlerFor(LogoutSuccessHandler handler,
RequestMatcher preferredMatcher)
Sets a default
LogoutSuccessHandler to be used which prefers being invoked
for the provided RequestMatcher . |
LogoutConfigurer<H> |
deleteCookies(java.lang.String... cookieNamesToClear)
Allows specifying the names of cookies to be removed on logout success.
|
void |
init(H http)
Initialize the
SecurityBuilder . |
LogoutConfigurer<H> |
invalidateHttpSession(boolean invalidateHttpSession)
Configures
SecurityContextLogoutHandler to invalidate the
HttpSession at the time of logout. |
LogoutConfigurer<H> |
logoutRequestMatcher(RequestMatcher logoutRequestMatcher)
The RequestMatcher that triggers log out to occur.
|
LogoutConfigurer<H> |
logoutSuccessHandler(LogoutSuccessHandler logoutSuccessHandler)
Sets the
LogoutSuccessHandler to use. |
LogoutConfigurer<H> |
logoutSuccessUrl(java.lang.String logoutSuccessUrl)
The URL to redirect to after logout has occurred.
|
LogoutConfigurer<H> |
logoutUrl(java.lang.String logoutUrl)
The URL that triggers log out to occur (default is "/logout").
|
LogoutConfigurer<H> |
permitAll()
A shortcut for
permitAll(boolean) with true as an argument. |
LogoutConfigurer<H> |
permitAll(boolean permitAll)
Grants access to the
logoutSuccessUrl(String) and the
logoutUrl(String) for every user. |
disable, withObjectPostProcessor
addObjectPostProcessor, and, getBuilder, postProcess, setBuilder
public LogoutConfigurer()
HttpSecurity.logout()
public LogoutConfigurer<H> addLogoutHandler(LogoutHandler logoutHandler)
LogoutHandler
.
SecurityContextLogoutHandler
and LogoutSuccessEventPublishingLogoutHandler
are added as
last LogoutHandler
instances by default.logoutHandler
- the LogoutHandler
to addLogoutConfigurer
for further customizationpublic LogoutConfigurer<H> clearAuthentication(boolean clearAuthentication)
SecurityContextLogoutHandler
should clear the Authentication
at the time of logout.clearAuthentication
- true SecurityContextLogoutHandler
should clear the Authentication
(default), or false otherwise.LogoutConfigurer
for further customizationpublic LogoutConfigurer<H> invalidateHttpSession(boolean invalidateHttpSession)
SecurityContextLogoutHandler
to invalidate the
HttpSession
at the time of logout.invalidateHttpSession
- true if the HttpSession
should be invalidated
(default), or false otherwise.LogoutConfigurer
for further customizationpublic LogoutConfigurer<H> logoutUrl(java.lang.String logoutUrl)
It is considered best practice to use an HTTP POST on any action that changes state
(i.e. log out) to protect against CSRF attacks. If
you really want to use an HTTP GET, you can use
logoutRequestMatcher(new AntPathRequestMatcher(logoutUrl, "GET"));
logoutUrl
- the URL that will invoke logout.LogoutConfigurer
for further customizationlogoutRequestMatcher(RequestMatcher)
,
HttpSecurity.csrf()
public LogoutConfigurer<H> logoutRequestMatcher(RequestMatcher logoutRequestMatcher)
logoutUrl(String)
which helps enforce good practices.logoutRequestMatcher
- the RequestMatcher used to determine if logout should
occur.LogoutConfigurer
for further customizationlogoutUrl(String)
public LogoutConfigurer<H> logoutSuccessUrl(java.lang.String logoutSuccessUrl)
logoutSuccessHandler(LogoutSuccessHandler)
with a SimpleUrlLogoutSuccessHandler
.logoutSuccessUrl
- the URL to redirect to after logout occurredLogoutConfigurer
for further customizationpublic LogoutConfigurer<H> permitAll()
permitAll(boolean)
with true
as an argument.LogoutConfigurer
for further customizationspublic LogoutConfigurer<H> deleteCookies(java.lang.String... cookieNamesToClear)
addLogoutHandler(LogoutHandler)
with a
CookieClearingLogoutHandler
.cookieNamesToClear
- the names of cookies to be removed on logout success.LogoutConfigurer
for further customizationpublic LogoutConfigurer<H> logoutSuccessHandler(LogoutSuccessHandler logoutSuccessHandler)
LogoutSuccessHandler
to use. If this is specified,
logoutSuccessUrl(String)
is ignored.logoutSuccessHandler
- the LogoutSuccessHandler
to use after a user
has been logged out.LogoutConfigurer
for further customizationspublic LogoutConfigurer<H> defaultLogoutSuccessHandlerFor(LogoutSuccessHandler handler, RequestMatcher preferredMatcher)
LogoutSuccessHandler
to be used which prefers being invoked
for the provided RequestMatcher
. If no LogoutSuccessHandler
is
specified a SimpleUrlLogoutSuccessHandler
will be used.
If any default LogoutSuccessHandler
instances are configured, then a
DelegatingLogoutSuccessHandler
will be used that defaults to a
SimpleUrlLogoutSuccessHandler
.handler
- the LogoutSuccessHandler
to usepreferredMatcher
- the RequestMatcher
for this default
LogoutSuccessHandler
LogoutConfigurer
for further customizationspublic LogoutConfigurer<H> permitAll(boolean permitAll)
logoutSuccessUrl(String)
and the
logoutUrl(String)
for every user.permitAll
- if true grants access, else nothing is doneLogoutConfigurer
for further customization.public void init(H http)
SecurityConfigurer
SecurityBuilder
. Here only shared state should be created
and modified, but not properties on the SecurityBuilder
used for building
the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder)
method uses
the correct shared objects when building. Configurers should be applied here.init
in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
init
in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
public void configure(H http) throws java.lang.Exception
SecurityConfigurer
SecurityBuilder
by setting the necessary properties on the
SecurityBuilder
.configure
in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
configure
in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>
java.lang.Exception