Class SecurityContextLogoutHandler
java.lang.Object
org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
- All Implemented Interfaces:
LogoutHandler
Performs a logout by modifying the
SecurityContextHolder
.
Will also invalidate the HttpSession
if isInvalidateHttpSession()
is
true
and the session is not null
.
Will also remove the Authentication
from the current SecurityContext
if
clearAuthentication
is set to true (default).
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionboolean
void
logout
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Authentication authentication) Requires the request to be passed in.void
setClearAuthentication
(boolean clearAuthentication) If true, removes theAuthentication
from theSecurityContext
to prevent issues with concurrent requests.void
setInvalidateHttpSession
(boolean invalidateHttpSession) Causes theHttpSession
to be invalidated when thisLogoutHandler
is invoked.void
setSecurityContextHolderStrategy
(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use.
-
Field Details
-
logger
protected final org.apache.commons.logging.Log logger
-
-
Constructor Details
-
SecurityContextLogoutHandler
public SecurityContextLogoutHandler()
-
-
Method Details
-
logout
public void logout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Authentication authentication) Requires the request to be passed in.- Specified by:
logout
in interfaceLogoutHandler
- Parameters:
request
- from which to obtain a HTTP session (cannot be null)response
- not used (can benull
)authentication
- not used (can benull
)
-
isInvalidateHttpSession
public boolean isInvalidateHttpSession() -
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-
setInvalidateHttpSession
public void setInvalidateHttpSession(boolean invalidateHttpSession) Causes theHttpSession
to be invalidated when thisLogoutHandler
is invoked. Defaults to true.- Parameters:
invalidateHttpSession
- true if you wish the session to be invalidated (default) or false if it should not be.
-
setClearAuthentication
public void setClearAuthentication(boolean clearAuthentication) If true, removes theAuthentication
from theSecurityContext
to prevent issues with concurrent requests.- Parameters:
clearAuthentication
- true if you wish to clear theAuthentication
from theSecurityContext
(default) or false if theAuthentication
should not be removed.
-