In your applicationContext-security.xml file add the success-handler like below
<logout logout-url="/resources/j_spring_security_logout" success-handler-ref="com.mycompany.security.SpringSecurityLogoutHandler" />
Create the Class which will be implemneting "org.springframework.security.web.authentication.logout.LogoutHandler" interface and in it's logout method do all the stuff you want at the time of logout.
package com.mycompany.security;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.LogoutHandler;
public class SpringSecurityLogoutHandler implements LogoutHandler {
@Override
public void logout(HttpServletRequest request, HttpServletResponse arg1,
Authentication arg2) {
// Write your logout logic here
}
}
<logout logout-url="/resources/j_spring_security_logout" success-handler-ref="com.mycompany.security.SpringSecurityLogoutHandler" />
Create the Class which will be implemneting "org.springframework.security.web.authentication.logout.LogoutHandler" interface and in it's logout method do all the stuff you want at the time of logout.
package com.mycompany.security;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.LogoutHandler;
public class SpringSecurityLogoutHandler implements LogoutHandler {
@Override
public void logout(HttpServletRequest request, HttpServletResponse arg1,
Authentication arg2) {
// Write your logout logic here
}
}
I am happy to see that this short but precise blog post was mentioned on Srping source web site as a source of information to implement Logout handler using Apring Security.It was mentioned as a 2nd item in below link
ReplyDeletehttp://www.springsource.org/node/3779
Aor u kidding? This has NEVER WORKED
DeleteThis is working for me I am using it , let me know what went wrong when you tried to implement it?
DeleteChaikou is correct. The code as listed above does not work. However, if you implement LogoutSuccessHandler instead of LogoutHandler it will work just fine. You can find the correct interface at org.springframework.security.web.authentication.logout.LogoutSuccessHandler. The method to implement is onLogoutSuccess().
DeleteCheers!
we have a need that based on cust role we have to send them to different external urls
ReplyDeletewhen we call ActionRedirect("/j_spring_security_logout");
this customhandler will be called but how do we set logout-success-url programmaticaly ?
Hi RDX , I just saw your message which was filtered as SPAM (I don't know why). Can you please further eloborate your problem ? I couldn't understand it.
Delete