Package org.springframework.security.web.authentication.logout

Class SecurityContextLogoutHandler

  • All Implemented Interfaces:
    LogoutHandler
    public class SecurityContextLogoutHandler
extends java.lang.Object
implements LogoutHandler
    Performs a logout by modifying the SecurityContextHolder.

    Will also invalidate the HttpSession if isInvalidateHttpSession() is true and the session is not null.

    Will also remove the Authentication from the current SecurityContext if clearAuthentication is set to true (default).

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected org.apache.commons.logging.Log logger  

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean isInvalidateHttpSession()  
      void logout​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authentication)
      Requires the request to be passed in.
      void setClearAuthentication​(boolean clearAuthentication)
      If true, removes the Authentication from the SecurityContext to prevent issues with concurrent requests.
      void setInvalidateHttpSession​(boolean invalidateHttpSession)
      Causes the HttpSession to be invalidated when this LogoutHandler is invoked.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • logger

        protected final org.apache.commons.logging.Log logger

    • Constructor Detail

      • SecurityContextLogoutHandler

        public SecurityContextLogoutHandler()

    • Method Detail

      • logout

        public void logout​(javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response,
                   org.springframework.security.core.Authentication authentication)
        Requires the request to be passed in.
        Specified by:
        logout in interface LogoutHandler
        Parameters:
        request - from which to obtain a HTTP session (cannot be null)
        response - not used (can be null)
        authentication - not used (can be null)

      • isInvalidateHttpSession

        public boolean isInvalidateHttpSession()

      • setInvalidateHttpSession

        public void setInvalidateHttpSession​(boolean invalidateHttpSession)
        Causes the HttpSession to be invalidated when this LogoutHandler is invoked. Defaults to true.
        Parameters:
        invalidateHttpSession - true if you wish the session to be invalidated (default) or false if it should not be.

      • setClearAuthentication

        public void setClearAuthentication​(boolean clearAuthentication)
        If true, removes the Authentication from the SecurityContext to prevent issues with concurrent requests.
        Parameters:
        clearAuthentication - true if you wish to clear the Authentication from the SecurityContext (default) or false if the Authentication should not be removed.