Class SecurityContextLogoutHandler
- java.lang.Object
-
- org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
-
- All Implemented Interfaces:
LogoutHandler
public class SecurityContextLogoutHandler extends java.lang.Object implements LogoutHandler
Performs a logout by modifying theSecurityContextHolder
.Will also invalidate the
HttpSession
ifisInvalidateHttpSession()
istrue
and the session is notnull
.Will also remove the
Authentication
from the currentSecurityContext
ifclearAuthentication
is set to true (default).
-
-
Field Summary
Fields Modifier and Type Field Description protected org.apache.commons.logging.Log
logger
-
Constructor Summary
Constructors Constructor Description SecurityContextLogoutHandler()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
isInvalidateHttpSession()
void
logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication authentication)
Requires the request to be passed in.void
setClearAuthentication(boolean clearAuthentication)
If true, removes theAuthentication
from theSecurityContext
to prevent issues with concurrent requests.void
setInvalidateHttpSession(boolean invalidateHttpSession)
Causes theHttpSession
to be invalidated when thisLogoutHandler
is invoked.void
setSecurityContextRepository(SecurityContextRepository securityContextRepository)
Sets theSecurityContextRepository
to use.
-
-
-
Method Detail
-
logout
public void logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Authentication authentication)
Requires the request to be passed in.- Specified by:
logout
in interfaceLogoutHandler
- Parameters:
request
- from which to obtain a HTTP session (cannot be null)response
- not used (can benull
)authentication
- not used (can benull
)
-
isInvalidateHttpSession
public boolean isInvalidateHttpSession()
-
setInvalidateHttpSession
public void setInvalidateHttpSession(boolean invalidateHttpSession)
Causes theHttpSession
to be invalidated when thisLogoutHandler
is invoked. Defaults to true.- Parameters:
invalidateHttpSession
- true if you wish the session to be invalidated (default) or false if it should not be.
-
setClearAuthentication
public void setClearAuthentication(boolean clearAuthentication)
If true, removes theAuthentication
from theSecurityContext
to prevent issues with concurrent requests.- Parameters:
clearAuthentication
- true if you wish to clear theAuthentication
from theSecurityContext
(default) or false if theAuthentication
should not be removed.
-
setSecurityContextRepository
public void setSecurityContextRepository(SecurityContextRepository securityContextRepository)
Sets theSecurityContextRepository
to use. Default isHttpSessionSecurityContextRepository
.- Parameters:
securityContextRepository
- theSecurityContextRepository
to use.
-
-