Package org.springframework.security.web.authentication.logout

Class LogoutFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.logout.LogoutFilter
All Implemented Interfaces:
jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
public class LogoutFilter extends org.springframework.web.filter.GenericFilterBean
Logs a principal out.

Polls a series of LogoutHandlers. The handlers should be specified in the order they are required. Generally you will want to call logout handlers TokenBasedRememberMeServices and SecurityContextLogoutHandler (in that order).

After logout, a redirect will be performed to the URL determined by either the configured LogoutSuccessHandler or the logoutSuccessUrl, depending on which constructor was used.

  • Constructor Details

    • LogoutFilter

      public LogoutFilter(LogoutSuccessHandler logoutSuccessHandler, LogoutHandler... handlers)
      Constructor which takes a LogoutSuccessHandler instance to determine the target destination after logging out. The list of LogoutHandlers are intended to perform the actual logout functionality (such as clearing the security context, invalidating the session, etc.).

    • LogoutFilter

      public LogoutFilter(String logoutSuccessUrl, LogoutHandler... handlers)

  • Method Details

    • doFilter

      public void doFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException
      Throws:
      IOException
      jakarta.servlet.ServletException

    • requiresLogout

      protected boolean requiresLogout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Allow subclasses to modify when a logout should take place.
      Parameters:
      request - the request
      response - the response
      Returns:
      true if logout should occur, false otherwise

    • setSecurityContextHolderStrategy

      public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)
      Sets the SecurityContextHolderStrategy to use. The default action is to use the SecurityContextHolderStrategy stored in SecurityContextHolder.
      Since:
      5.8

    • setLogoutRequestMatcher

      public void setLogoutRequestMatcher(RequestMatcher logoutRequestMatcher)

    • setFilterProcessesUrl

      public void setFilterProcessesUrl(String filterProcessesUrl)