Class SecurityContextLogoutHandler
- java.lang.Object
- 
- org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
 
- 
- All Implemented Interfaces:
- LogoutHandler
 
 public class SecurityContextLogoutHandler extends java.lang.Object implements LogoutHandler Performs a logout by modifying theSecurityContextHolder.Will also invalidate the HttpSessionifisInvalidateHttpSession()istrueand the session is notnull.Will also remove the Authenticationfrom the currentSecurityContextifclearAuthenticationis set to true (default).
- 
- 
Field SummaryFields Modifier and Type Field Description protected org.apache.commons.logging.Loglogger
 - 
Constructor SummaryConstructors Constructor Description SecurityContextLogoutHandler()
 - 
Method SummaryAll Methods Instance Methods Concrete Methods Modifier and Type Method Description booleanisInvalidateHttpSession()voidlogout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication authentication)Requires the request to be passed in.voidsetClearAuthentication(boolean clearAuthentication)If true, removes theAuthenticationfrom theSecurityContextto prevent issues with concurrent requests.voidsetInvalidateHttpSession(boolean invalidateHttpSession)Causes theHttpSessionto be invalidated when thisLogoutHandleris invoked.voidsetSecurityContextRepository(SecurityContextRepository securityContextRepository)Sets theSecurityContextRepositoryto use.
 
- 
- 
- 
Method Detail- 
logoutpublic void logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication authentication)Requires the request to be passed in.- Specified by:
- logoutin interface- LogoutHandler
- Parameters:
- request- from which to obtain a HTTP session (cannot be null)
- response- not used (can be- null)
- authentication- not used (can be- null)
 
 - 
isInvalidateHttpSessionpublic boolean isInvalidateHttpSession() 
 - 
setInvalidateHttpSessionpublic void setInvalidateHttpSession(boolean invalidateHttpSession) Causes theHttpSessionto be invalidated when thisLogoutHandleris invoked. Defaults to true.- Parameters:
- invalidateHttpSession- true if you wish the session to be invalidated (default) or false if it should not be.
 
 - 
setClearAuthenticationpublic void setClearAuthentication(boolean clearAuthentication) If true, removes theAuthenticationfrom theSecurityContextto prevent issues with concurrent requests.- Parameters:
- clearAuthentication- true if you wish to clear the- Authenticationfrom the- SecurityContext(default) or false if the- Authenticationshould not be removed.
 
 - 
setSecurityContextRepositorypublic void setSecurityContextRepository(SecurityContextRepository securityContextRepository) Sets theSecurityContextRepositoryto use. Default isHttpSessionSecurityContextRepository.- Parameters:
- securityContextRepository- the- SecurityContextRepositoryto use.
 
 
- 
 
-