stackoom
  简体   繁体   中英

getting principal object in spring security even after using setAuthenticated(false)

 原文  2014-07-21 06:37:46       java/ spring/ spring-security

Question

I am authenticating the loggedin user using UserNamePasswordAuthentictionToken .

But after that on some condition i want to log out manually. Inside if condition I have put the below code. I am getting authenticated=false , but principal object still remains there.. 

SecurityContextHolder.getContext().getAuthentication()
    .setAuthenticated(false);
SecurityContextHolder.clearContext();

2 answers

solution1
 2  2014-07-21 07:08:29

SecurityContextHolder.getContext().setAuthentication(null) .

authenticated is just a boolean flag beside the principal object.

solution2
 0  2014-07-21 14:34:34

I don't know your version of Spring, but still you can also add: 

SecurityContextLogoutHandler logoutHandler = new SecurityContextLogoutHandler();

if( currentUser == null ) {
    logoutHandler.logout(request, response, auth);
}

next after to call of clearContext();

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Principal Object to JSON in Spring Security IllegalArgumentException on Spring RestController when using Spring security Principal object for authentication Spring security accessing principal Spring Security Principal transformation Spring Security principal isn't fully populated after Tomcat restart Spring MVC, getting principal from security context in service layer Why does principal returns as type Object in spring security? Adding additional details to principal object stored in spring security context spring using security:authentication principal.username in link What's the “principal” in Spring Security?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM