• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Ron McLeod
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Paul Clapham
  • Rob Spoor
  • Junilu Lacar
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Carey Brown

Spring Security LogoutFilter

Posts: 21
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

We are looking for a way to implement a custom logout filter in our application which has a CAS setup. Our requirement is to have the session cleared both in CAS and the application from where our logout is called from. I am a newbie to Spring security. I understand from some of the sites that we may need to write our own custom logout handler which implements LogoutHandler. My Spring config file looks lie

<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<!-- URL redirected to after logout success -->
<constructor-arg value="URL to Which i want to redirect on successful logout"/>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>

I would like to have some help in the following areas:

1) any pointers which can help me the functionality of the logout action in Spring security context.

2) A simple example of how to write a custom logout handler with which i can invalidate the session created.

3) Help on the part of invalidating session in CAS along with this code will be much appreciated.

Thanks ,
Posts: 17347
Mac IntelliJ IDE Spring
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You wouldn't set it in the filter. I believe the <security:logout> tag has a property/attribute to point to your bean that is a class that implements LogoutHandler. The only time I have done LogoutHandler was in conjunction with customized RememberMeService implementation.

    Bookmark Topic Watch Topic
  • New Topic