/** * Configures {@link SecurityContextLogoutHandler} to invalidate the * {@link HttpSession} at the time of logout. * @param invalidateHttpSession true if the {@link HttpSession} should be invalidated * (default), or false otherwise. * @return the {@link LogoutConfigurer} for further customization */ public LogoutConfigurer<H> invalidateHttpSession(boolean invalidateHttpSession) { contextLogoutHandler.setInvalidateHttpSession(invalidateHttpSession); return this; }
/** * Configures {@link SecurityContextLogoutHandler} to invalidate the * {@link HttpSession} at the time of logout. * @param invalidateHttpSession true if the {@link HttpSession} should be invalidated * (default), or false otherwise. * @return the {@link LogoutConfigurer} for further customization */ public LogoutConfigurer<H> invalidateHttpSession(boolean invalidateHttpSession) { contextLogoutHandler.setInvalidateHttpSession(invalidateHttpSession); return this; }
/** * Configures {@link SecurityContextLogoutHandler} to invalidate the {@link HttpSession} at the time of logout. * @param invalidateHttpSession true if the {@link HttpSession} should be invalidated (default), or false otherwise. * @return the {@link LogoutConfigurer} for further customization */ public LogoutConfigurer<H> invalidateHttpSession(boolean invalidateHttpSession) { contextLogoutHandler.setInvalidateHttpSession(invalidateHttpSession); return this; }
/** * Configures {@link SecurityContextLogoutHandler} to invalidate the * {@link HttpSession} at the time of logout. * @param invalidateHttpSession true if the {@link HttpSession} should be invalidated * (default), or false otherwise. * @return the {@link LogoutConfigurer} for further customization */ public LogoutConfigurer<H> invalidateHttpSession(boolean invalidateHttpSession) { contextLogoutHandler.setInvalidateHttpSession(invalidateHttpSession); return this; }
public KSLogoutFilter(){ handlers = new SecurityContextLogoutHandler[1]; SecurityContextLogoutHandler sclh = new SecurityContextLogoutHandler(); if ("true".equals(invalidateSession)) { sclh.setInvalidateHttpSession(true); } else { sclh.setInvalidateHttpSession(false); } handlers[0] = sclh; }
@Bean public SecurityContextLogoutHandler logoutHandler() { SecurityContextLogoutHandler logoutHandler = new SecurityContextLogoutHandler(); logoutHandler.setInvalidateHttpSession(true); logoutHandler.setClearAuthentication(true); return logoutHandler; }
/** * Logout handler terminating local session. * * @return The security context logout handler * @see SecurityContextLogoutHandler */ @Bean public SecurityContextLogoutHandler logoutHandler() { final SecurityContextLogoutHandler logoutHandler = new SecurityContextLogoutHandler(); logoutHandler.setInvalidateHttpSession(true); logoutHandler.setClearAuthentication(true); return logoutHandler; }
@Bean public LogoutFilter logoutFilter() { // NOTE: See org.springframework.security.config.annotation.web.configurers.LogoutConfigurer // for details on setting up a LogoutFilter SecurityContextLogoutHandler securityContextLogoutHandler = new SecurityContextLogoutHandler(); securityContextLogoutHandler.setInvalidateHttpSession(true); LogoutFilter logoutFilter = new LogoutFilter("/", securityContextLogoutHandler); logoutFilter.setLogoutRequestMatcher(new AntPathRequestMatcher("/logout")); return logoutFilter; }
private SecurityContextLogoutHandler logoutHandler() { SecurityContextLogoutHandler logoutHandler = new SecurityContextLogoutHandler(); logoutHandler.setInvalidateHttpSession(true); logoutHandler.setClearAuthentication(true); return logoutHandler; }
public class MyAccessDeniedExceptionHandler implements AccessDeniedHandler { @Autowired private List<LogoutHandler> logoutHandlers; @Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException { for(LogoutHandler lh : logoutHandlers) { lh.logout(request, response, SecurityContextHolder.getContext().getAuthentication()); } SecurityContextLogoutHandler logoutHandler = new SecurityContextLogoutHandler(); logoutHandler.setInvalidateHttpSession(true); logoutHandler.logout(request, response, SecurityContextHolder.getContext().getAuthentication()); response.sendRedirect(request.getRequestURL().toString()); } }
public class MyApplicationErrorResolver extends SimpleMappingExceptionResolver { @Autowired private List<LogoutHandler> logoutHandlers; @Override protected ModelAndView doResolveException(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) { if(ex instanceof AccessDeniedException) { for(LogoutHandler lh : logoutHandlers) { lh.logout(request, response, SecurityContextHolder.getContext().getAuthentication()); } // Not present as a bean. So create it manually. SecurityContextLogoutHandler logoutHandler = new SecurityContextLogoutHandler(); logoutHandler.setInvalidateHttpSession(true); logoutHandler.logout(request, response, SecurityContextHolder.getContext().getAuthentication()); return new ModelAndView(new RedirectView(request.getRequestURL().toString())); } return super.doResolveException(request, response, handler, ex); } }
logoutHandler.setInvalidateHttpSession(Optional.ofNullable(invalidateSession).orElseGet(config::isInvalidateSession)); logoutHandler.setClearAuthentication(Optional.ofNullable(clearAuthentication).orElseGet(config::isClearAuthentication)); localHandler = postProcess(logoutHandler); logoutHandler.setInvalidateHttpSession(Optional.ofNullable(invalidateSession).orElseGet(config::isInvalidateSession)); logoutHandler.setClearAuthentication(Optional.ofNullable(clearAuthentication).orElseGet(config::isClearAuthentication)); globalHandler = postProcess(logoutHandler);
@SuppressWarnings({ "rawtypes", "unchecked" }) public void postProcessMergedBeanDefinition(RootBeanDefinition beanDefinition, Class beanType, String beanName) { if (SpringSecurityLoginCommand.class.isAssignableFrom(beanType)) { MutablePropertyValues pv = beanDefinition.getPropertyValues(); boolean rememberMeServicesConfigured = (pv.getPropertyValue("rememberMeServices") != null); if (this.sessionAuthenticationStrategy != null && pv.getPropertyValue("sessionAuthenticationStrategy") == null) { pv.add("sessionAuthenticationStrategy", this.sessionAuthenticationStrategy); } if (this.rememberMeServices != null && !rememberMeServicesConfigured) { pv.add("rememberMeServices", this.rememberMeServices); } if (pv.getPropertyValue("logoutHandlers") == null) { ManagedList handlers = new ManagedList(); SecurityContextLogoutHandler contextHandler = new SecurityContextLogoutHandler(); boolean invalidateHttpSession = (Boolean) beanDefinition.getAttribute("invalidateHttpSession"); contextHandler.setInvalidateHttpSession(invalidateHttpSession); handlers.add(contextHandler); if (this.rememberMeServices != null && !rememberMeServicesConfigured && ClassUtils.isAssignableValue(LogoutHandler.class, this.rememberMeServices)) { handlers.add(this.rememberMeServices); } pv.add("logoutHandlers", handlers); } } }