Class OidcBackChannelLogoutHandler
java.lang.Object
org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcBackChannelLogoutHandler
- All Implemented Interfaces:
org.springframework.security.web.authentication.logout.LogoutHandler
public final class OidcBackChannelLogoutHandler
extends Object
implements org.springframework.security.web.authentication.logout.LogoutHandler
A
LogoutHandler that locates the sessions associated with a given OIDC
Back-Channel Logout Token and invalidates each one.- Since:
- 6.4
- See Also:
-
Constructor Summary
ConstructorsConstructorDescriptionOidcBackChannelLogoutHandler(org.springframework.security.oauth2.client.oidc.session.OidcSessionRegistry sessionRegistry) -
Method Summary
Modifier and TypeMethodDescriptionvoidlogout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authentication) voidsetLogoutUri(String logoutUri) Use this logout URI for performing per-session logout.voidsetSessionCookieName(String sessionCookieName) Use this cookie name for the session identifier.
-
Constructor Details
-
OidcBackChannelLogoutHandler
public OidcBackChannelLogoutHandler(org.springframework.security.oauth2.client.oidc.session.OidcSessionRegistry sessionRegistry)
-
-
Method Details
-
logout
public void logout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authentication) - Specified by:
logoutin interfaceorg.springframework.security.web.authentication.logout.LogoutHandler
-
setLogoutUri
Use this logout URI for performing per-session logout. Defaults to/logoutsince that is the default URI forLogoutFilter.- Parameters:
logoutUri- the URI to use
-
setSessionCookieName
Use this cookie name for the session identifier. Defaults toJSESSIONID.Note that if you are using Spring Session, this likely needs to change to SESSION.
- Parameters:
sessionCookieName- the cookie name to use
-