public class LogoutFilter extends SpringSecurityFilter
Polls a series of LogoutHandlers. The handlers should be specified in the order they are required.
Generally you will want to call logout handlers TokenBasedRememberMeServices and
SecurityContextLogoutHandler (in that order).
After logout, the URL specified by logoutSuccessUrl will be shown.
logger| Constructor and Description |
|---|
LogoutFilter(java.lang.String logoutSuccessUrl,
LogoutHandler[] handlers) |
| Modifier and Type | Method and Description |
|---|---|
protected java.lang.String |
determineTargetUrl(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Returns the target URL to redirect to after logout.
|
void |
doFilterHttp(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain chain) |
protected java.lang.String |
getFilterProcessesUrl() |
protected java.lang.String |
getLogoutSuccessUrl() |
int |
getOrder() |
protected boolean |
requiresLogout(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Allow subclasses to modify when a logout should take place.
|
protected void |
sendRedirect(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
java.lang.String url)
Allow subclasses to modify the redirection message.
|
void |
setFilterProcessesUrl(java.lang.String filterProcessesUrl) |
void |
setUseRelativeContext(boolean useRelativeContext) |
destroy, doFilter, init, toStringpublic LogoutFilter(java.lang.String logoutSuccessUrl,
LogoutHandler[] handlers)
public void doFilterHttp(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain chain)
throws java.io.IOException,
javax.servlet.ServletException
doFilterHttp in class SpringSecurityFilterjava.io.IOExceptionjavax.servlet.ServletExceptionprotected boolean requiresLogout(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
request - the requestresponse - the responsetrue if logout should occur, false otherwiseprotected java.lang.String determineTargetUrl(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
By default it will check for a logoutSuccessUrl parameter in the request and use this. If that isn't present it will use the configured logoutSuccessUrl. If this hasn't been set it will check the Referer header and use the URL from there.
protected void sendRedirect(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
java.lang.String url)
throws java.io.IOException
request - the requestresponse - the responseurl - the URL to redirect tojava.io.IOException - in the event of any failurepublic void setFilterProcessesUrl(java.lang.String filterProcessesUrl)
protected java.lang.String getLogoutSuccessUrl()
protected java.lang.String getFilterProcessesUrl()
public void setUseRelativeContext(boolean useRelativeContext)
public int getOrder()