Class LogoutFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.logout.LogoutFilter
- All Implemented Interfaces:
jakarta.servlet.Filter,org.springframework.beans.factory.Aware,org.springframework.beans.factory.BeanNameAware,org.springframework.beans.factory.DisposableBean,org.springframework.beans.factory.InitializingBean,org.springframework.context.EnvironmentAware,org.springframework.core.env.EnvironmentCapable,org.springframework.web.context.ServletContextAware
public class LogoutFilter
extends org.springframework.web.filter.GenericFilterBean
Logs a principal out.
Polls a series of LogoutHandlers. The handlers should be specified in the order
they are required. Generally you will want to call logout handlers
TokenBasedRememberMeServices and SecurityContextLogoutHandler
(in that order).
After logout, a redirect will be performed to the URL determined by either the configured LogoutSuccessHandler or the logoutSuccessUrl, depending on which constructor was used.
-
Field Summary
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger -
Constructor Summary
ConstructorsConstructorDescriptionLogoutFilter(String logoutSuccessUrl, LogoutHandler... handlers) LogoutFilter(LogoutSuccessHandler logoutSuccessHandler, LogoutHandler... handlers) Constructor which takes a LogoutSuccessHandler instance to determine the target destination after logging out. -
Method Summary
Modifier and TypeMethodDescriptionvoiddoFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) protected booleanrequiresLogout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Allow subclasses to modify when a logout should take place.voidsetFilterProcessesUrl(String filterProcessesUrl) voidsetLogoutRequestMatcher(RequestMatcher logoutRequestMatcher) voidsetSecurityContextHolderStrategy(org.springframework.security.core.context.SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategyto use.Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
LogoutFilter
Constructor which takes a LogoutSuccessHandler instance to determine the target destination after logging out. The list of LogoutHandlers are intended to perform the actual logout functionality (such as clearing the security context, invalidating the session, etc.). -
LogoutFilter
-
-
Method Details
-
doFilter
public void doFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException - Throws:
IOExceptionjakarta.servlet.ServletException
-
requiresLogout
protected boolean requiresLogout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Allow subclasses to modify when a logout should take place.- Parameters:
request- the requestresponse- the response- Returns:
trueif logout should occur,falseotherwise
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(org.springframework.security.core.context.SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategyto use. The default action is to use theSecurityContextHolderStrategystored inSecurityContextHolder.- Since:
- 5.8
-
setLogoutRequestMatcher
-
setFilterProcessesUrl
-