I am trying to implement a Custom Spring Security Logout Handler. My configurations are as below but the logout handler is never called.
I have a JSP where I call logout as :
<a href="j_spring_security_logout">Logout</a>
In the application-security.xml, I have the following:
<security:logout invalidate-session="true"></security:logout>
<security:logout logout-url="/logout" success-handler-ref="myCustomLogoutSuccessHandler"></security:logout>
<beans:bean id="myCustomLogoutSuccessHandler" class="com.inventory.security.MyCustomLogoutSuccessHandler"></beans:bean>
I have a Custom Logout handler too with the defination:
public class MyCustomLogoutSuccessHandler extends
SimpleUrlLogoutSuccessHandler implements LogoutSuccessHandler {
@Override
public void onLogoutSuccess
(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
System.out.println("Principal: "+authentication.getPrincipal());
System.out.println("Logout Called: MyCustomLogoutSuccessHandler");
super.onLogoutSuccess(request, response, authentication);
}
}
But this is never been called. Am I missing something?
If I change the j_spring_security_logout to logout and create my custom Controller for that URL , then in that case the code works for logout URL but how do I handle the Spring Magic Logout
Actually it isn't clear how you want to invoke your myCustomLogoutSuccessHandler
, if you continue to use standard logout url ( j_spring_security_logout
), not your custom one - logout
.
From other side what is the reason to have two <security:logout>
?
Won't it be enough to have this config:
<a href="j_spring_security_logout">Logout</a>
....
<security:logout invalidate-session="true" success-handler-ref="myCustomLogoutSuccessHandler"></security:logout>
?
Explain your purpose, please
you are not doing special work in custom logout handler... since its a simple logout, so the following logout will work....>>>
configuration
<security:logout logout-url="/logout" logout-success-url="/login.html" invalidate-session="true" delete-cookies="JSESSIONID" />
</security:http>
html:
<a style="margin-top: 4px;" href="/logout">log_out</a>
for your information:
Attribute : logout-url
Specifies the URL that will cause a logout. Spring Security will initialize a filter that responds to this particular URL.
Defaults to /j_spring_security_logout if unspecified.
if you are not specifing the attribute logout-url then it will default to /j_spring_security_logout it means you have to put /j_spring_security_logout in your html logout tags as
<a style="margin-top: 4px;" href="../j_spring_security_logout">log_out</a>
and if you are specifing the same attribute you have to put the same url in both config and html tags.like
configuration:
<security:logout logout-url="/logout" logout-success-url="/login.html" invalidate-session="true" delete-cookies="JSESSIONID" />
</security:http>
html:
<a style="margin-top: 4px;" href="/logout">log_out</a>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.