org.springframework.security.ui.logout
Class LogoutFilter

java.lang.Object
  org.springframework.security.ui.SpringSecurityFilter
      org.springframework.security.ui.logout.LogoutFilter

All Implemented Interfaces:

Filter, Ordered

public class LogoutFilter
extends SpringSecurityFilter

Logs a principal out.

Polls a series of LogoutHandlers. The handlers should be specified in the order they are required. Generally you will want to call logout handlers TokenBasedRememberMeServices and SecurityContextLogoutHandler (in that order).

After logout, the URL specified by logoutSuccessUrl will be shown.

Version:

$Id$

Author:

Ben Alex

Field Summary

Fields inherited from class org.springframework.security.ui.SpringSecurityFilter

logger

Fields inherited from interface org.springframework.core.Ordered

HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE

Constructor Summary

LogoutFilter(String logoutSuccessUrl, LogoutHandler[] handlers)

Method Summary

protected String	determineTargetUrl(HttpServletRequest request, HttpServletResponse response) Returns the target URL to redirect to after logout.
void	doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
protected String	getFilterProcessesUrl()
protected String	getLogoutSuccessUrl()
int	getOrder()
protected boolean	requiresLogout(HttpServletRequest request, HttpServletResponse response) Allow subclasses to modify when a logout should take place.
protected void	sendRedirect(HttpServletRequest request, HttpServletResponse response, String url) Allow subclasses to modify the redirection message.
void	setFilterProcessesUrl(String filterProcessesUrl)
void	setUseRelativeContext(boolean useRelativeContext)

Methods inherited from class org.springframework.security.ui.SpringSecurityFilter

destroy, doFilter, init, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

LogoutFilter

public LogoutFilter(String logoutSuccessUrl,
                    LogoutHandler[] handlers)

Method Detail

doFilterHttp

public void doFilterHttp(HttpServletRequest request,
                         HttpServletResponse response,
                         FilterChain chain)
                  throws IOException,
                         ServletException

Specified by:

doFilterHttp in class SpringSecurityFilter

Throws:

IOException

ServletException

requiresLogout

protected boolean requiresLogout(HttpServletRequest request,
                                 HttpServletResponse response)

Allow subclasses to modify when a logout should take place.

Parameters:

request - the request

response - the response

Returns:

true if logout should occur, false otherwise

determineTargetUrl

protected String determineTargetUrl(HttpServletRequest request,
                                    HttpServletResponse response)

Returns the target URL to redirect to after logout.

By default it will check for a logoutSuccessUrl parameter in the request and use this. If that isn't present it will use the configured logoutSuccessUrl. If this hasn't been set it will check the Referer header and use the URL from there.

sendRedirect

protected void sendRedirect(HttpServletRequest request,
                            HttpServletResponse response,
                            String url)
                     throws IOException

Allow subclasses to modify the redirection message.

Parameters:

request - the request

response - the response

url - the URL to redirect to

Throws:

IOException - in the event of any failure

setFilterProcessesUrl

public void setFilterProcessesUrl(String filterProcessesUrl)

getLogoutSuccessUrl

protected String getLogoutSuccessUrl()

getFilterProcessesUrl

protected String getFilterProcessesUrl()

setUseRelativeContext

public void setUseRelativeContext(boolean useRelativeContext)

getOrder

public int getOrder()