• Post Reply Bookmark Topic Watch Topic
  • New Topic

Spring Security with CAS logout Issue  RSS feed

Mckenzie John
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I am facing a problem with logout of my CAS integrated with Spring security. My requirements are - when i click on the logout of my application - i need to logout of my application, and also invalidate the session in CAS and be redirected to the CAS login page on successful logout.

I am getting an Exception encountered - java.lang.IllegalStateException when i try to redirect my application using the customLogoutHandler to the CAS login page. My logout method in customLogoutHandler implementing Spring LgoutHandler is

public void logout(HttpServletRequest request, HttpServletResponse response,
Authentication auth) {
// TODO Auto-generated method stub

try {
response.sendRedirect("https://application URL /logout.jspa");

} catch (IOException e) {



From the logs in the application i see this exception - Exception encountered -

Websites say that i am trying to redirect a page and one of the following has occurred before it:

A response header has been set before.
A forward() or include() has been invoked on the same response before.
More than 2KB of data is been written to response.
Less than 2KB is been written and flush() is invoked

Need some help in this.

Bill Gorder
Posts: 1682
Android IntelliJ IDE Linux Mac OS X Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For whatever reason it seems like your container thinks the response has already been committed before doing the redirect. This is part of the servlet spec to throw this exception in this case. I think you are going to need to step through the code and figure out where that is happening.

Also please UseCodeTags <- click
Don't get me started about those stupid light bulbs.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!