Package org.springframework.security.web.authentication.logout

Class LogoutFilter

  • All Implemented Interfaces:
    javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
    public class LogoutFilter
extends org.springframework.web.filter.GenericFilterBean
    Logs a principal out.

    Polls a series of LogoutHandlers. The handlers should be specified in the order they are required. Generally you will want to call logout handlers TokenBasedRememberMeServices and SecurityContextLogoutHandler (in that order).

    After logout, a redirect will be performed to the URL determined by either the configured LogoutSuccessHandler or the logoutSuccessUrl, depending on which constructor was used.

    • Field Summary

      • Fields inherited from class org.springframework.web.filter.GenericFilterBean

        logger

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void doFilter​(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)  
      protected boolean requiresLogout​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Allow subclasses to modify when a logout should take place.
      void setFilterProcessesUrl​(java.lang.String filterProcessesUrl)  
      void setLogoutRequestMatcher​(RequestMatcher logoutRequestMatcher)  

      • Methods inherited from class org.springframework.web.filter.GenericFilterBean

        addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • LogoutFilter

        public LogoutFilter​(LogoutSuccessHandler logoutSuccessHandler,
                    LogoutHandler... handlers)
        Constructor which takes a LogoutSuccessHandler instance to determine the target destination after logging out. The list of LogoutHandlers are intended to perform the actual logout functionality (such as clearing the security context, invalidating the session, etc.).

      • LogoutFilter

        public LogoutFilter​(java.lang.String logoutSuccessUrl,
                    LogoutHandler... handlers)

    • Method Detail

      • doFilter

        public void doFilter​(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws java.io.IOException,
                     javax.servlet.ServletException
        Throws:
        java.io.IOException
        javax.servlet.ServletException

      • requiresLogout

        protected boolean requiresLogout​(javax.servlet.http.HttpServletRequest request,
                                 javax.servlet.http.HttpServletResponse response)
        Allow subclasses to modify when a logout should take place.
        Parameters:
        request - the request
        response - the response
        Returns:
        true if logout should occur, false otherwise

      • setLogoutRequestMatcher

        public void setLogoutRequestMatcher​(RequestMatcher logoutRequestMatcher)

      • setFilterProcessesUrl

        public void setFilterProcessesUrl​(java.lang.String filterProcessesUrl)