org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler

public class SecurityContextLogoutHandler extends Object implements LogoutHandler

Performs a logout by modifying the SecurityContextHolder.

Will also invalidate the HttpSession if isInvalidateHttpSession() is true and the session is not null.

Will also remove the Authentication from the current SecurityContext if clearAuthentication is set to true (default).

Field Details
- logger
  
  protected final org.apache.commons.logging.Log logger
Constructor Details
- SecurityContextLogoutHandler
  
  public SecurityContextLogoutHandler()
Method Details
- logout
  
  public void logout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Authentication authentication)
  
  Requires the request to be passed in.
  
  Specified by:
  
  logout in interface LogoutHandler
  
  Parameters:
  
  request - from which to obtain a HTTP session (cannot be null)
  
  response - not used (can be null)
  
  authentication - not used (can be null)
- isInvalidateHttpSession
  
  public boolean isInvalidateHttpSession()
- setInvalidateHttpSession
  
  public void setInvalidateHttpSession(boolean invalidateHttpSession)
  
  Causes the HttpSession to be invalidated when this LogoutHandler is invoked. Defaults to true.
  
  Parameters:
  
  invalidateHttpSession - true if you wish the session to be invalidated (default) or false if it should not be.
- setClearAuthentication
  
  public void setClearAuthentication(boolean clearAuthentication)
  
  If true, removes the Authentication from the SecurityContext to prevent issues with concurrent requests.
  
  Parameters:
  
  clearAuthentication - true if you wish to clear the Authentication from the SecurityContext (default) or false if the Authentication should not be removed.

Class SecurityContextLogoutHandler

Field Summary