Class LogoutFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.logout.LogoutFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.EnvironmentAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public class LogoutFilter
extends org.springframework.web.filter.GenericFilterBean
Logs a principal out.
Polls a series of LogoutHandler
s. The handlers should be specified in the order
they are required. Generally you will want to call logout handlers
TokenBasedRememberMeServices
and SecurityContextLogoutHandler
(in that order).
After logout, a redirect will be performed to the URL determined by either the configured LogoutSuccessHandler or the logoutSuccessUrl, depending on which constructor was used.
-
Field Summary
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
-
Constructor Summary
ConstructorDescriptionLogoutFilter
(String logoutSuccessUrl, LogoutHandler... handlers) LogoutFilter
(LogoutSuccessHandler logoutSuccessHandler, LogoutHandler... handlers) Constructor which takes a LogoutSuccessHandler instance to determine the target destination after logging out. -
Method Summary
Modifier and TypeMethodDescriptionvoid
doFilter
(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) protected boolean
requiresLogout
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Allow subclasses to modify when a logout should take place.void
setFilterProcessesUrl
(String filterProcessesUrl) void
setLogoutRequestMatcher
(RequestMatcher logoutRequestMatcher) void
setSecurityContextHolderStrategy
(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use.Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
LogoutFilter
Constructor which takes a LogoutSuccessHandler instance to determine the target destination after logging out. The list of LogoutHandlers are intended to perform the actual logout functionality (such as clearing the security context, invalidating the session, etc.). -
LogoutFilter
-
-
Method Details
-
doFilter
public void doFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException - Throws:
IOException
jakarta.servlet.ServletException
-
requiresLogout
protected boolean requiresLogout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Allow subclasses to modify when a logout should take place.- Parameters:
request
- the requestresponse
- the response- Returns:
true
if logout should occur,false
otherwise
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-
setLogoutRequestMatcher
-
setFilterProcessesUrl
-