public class LogoutFilter extends SpringSecurityFilter
Polls a series of LogoutHandler
s. The handlers should be specified in the order they are required.
Generally you will want to call logout handlers TokenBasedRememberMeServices
and
SecurityContextLogoutHandler
(in that order).
After logout, the URL specified by logoutSuccessUrl
will be shown.
logger
Constructor and Description |
---|
LogoutFilter(java.lang.String logoutSuccessUrl,
LogoutHandler[] handlers) |
Modifier and Type | Method and Description |
---|---|
protected java.lang.String |
determineTargetUrl(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Returns the target URL to redirect to after logout.
|
void |
doFilterHttp(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain chain) |
protected java.lang.String |
getFilterProcessesUrl() |
protected java.lang.String |
getLogoutSuccessUrl() |
int |
getOrder() |
protected boolean |
requiresLogout(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Allow subclasses to modify when a logout should take place.
|
protected void |
sendRedirect(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
java.lang.String url)
Allow subclasses to modify the redirection message.
|
void |
setFilterProcessesUrl(java.lang.String filterProcessesUrl) |
void |
setUseRelativeContext(boolean useRelativeContext) |
destroy, doFilter, init, toString
public LogoutFilter(java.lang.String logoutSuccessUrl, LogoutHandler[] handlers)
public void doFilterHttp(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
doFilterHttp
in class SpringSecurityFilter
java.io.IOException
javax.servlet.ServletException
protected boolean requiresLogout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
request
- the requestresponse
- the responsetrue
if logout should occur, false
otherwiseprotected java.lang.String determineTargetUrl(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
By default it will check for a logoutSuccessUrl parameter in the request and use this. If that isn't present it will use the configured logoutSuccessUrl. If this hasn't been set it will check the Referer header and use the URL from there.
protected void sendRedirect(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String url) throws java.io.IOException
request
- the requestresponse
- the responseurl
- the URL to redirect tojava.io.IOException
- in the event of any failurepublic void setFilterProcessesUrl(java.lang.String filterProcessesUrl)
protected java.lang.String getLogoutSuccessUrl()
protected java.lang.String getFilterProcessesUrl()
public void setUseRelativeContext(boolean useRelativeContext)
public int getOrder()