Package org.springframework.security.web.authentication.logout

Class LogoutFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.logout.LogoutFilter
All Implemented Interfaces:
jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
public class LogoutFilter extends org.springframework.web.filter.GenericFilterBean
Logs a principal out.

Polls a series of LogoutHandlers. The handlers should be specified in the order they are required. Generally you will want to call logout handlers TokenBasedRememberMeServices and SecurityContextLogoutHandler (in that order).

After logout, a redirect will be performed to the URL determined by either the configured LogoutSuccessHandler or the logoutSuccessUrl, depending on which constructor was used.

  • Field Summary

    Fields inherited from class org.springframework.web.filter.GenericFilterBean

    logger

  • Constructor Summary

    Constructors
    Constructor
    Description
    LogoutFilter(String logoutSuccessUrl, LogoutHandler... handlers)
     
    LogoutFilter(LogoutSuccessHandler logoutSuccessHandler, LogoutHandler... handlers)
    Constructor which takes a LogoutSuccessHandler instance to determine the target destination after logging out.

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    doFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain)
     
    protected boolean
    requiresLogout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
    Allow subclasses to modify when a logout should take place.
    void
    setFilterProcessesUrl(String filterProcessesUrl)
     
    void
    setLogoutRequestMatcher(RequestMatcher logoutRequestMatcher)
     

    Methods inherited from class org.springframework.web.filter.GenericFilterBean

    addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • LogoutFilter

      public LogoutFilter(LogoutSuccessHandler logoutSuccessHandler, LogoutHandler... handlers)
      Constructor which takes a LogoutSuccessHandler instance to determine the target destination after logging out. The list of LogoutHandlers are intended to perform the actual logout functionality (such as clearing the security context, invalidating the session, etc.).

    • LogoutFilter

      public LogoutFilter(String logoutSuccessUrl, LogoutHandler... handlers)

  • Method Details

    • doFilter

      public void doFilter(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException
      Throws:
      IOException
      jakarta.servlet.ServletException

    • requiresLogout

      protected boolean requiresLogout(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Allow subclasses to modify when a logout should take place.
      Parameters:
      request - the request
      response - the response
      Returns:
      true if logout should occur, false otherwise

    • setLogoutRequestMatcher

      public void setLogoutRequestMatcher(RequestMatcher logoutRequestMatcher)

    • setFilterProcessesUrl

      public void setFilterProcessesUrl(String filterProcessesUrl)