public class

LogoutFilter

extends GenericFilterBean
java.lang.Object
   ↳ org.springframework.web.filter.GenericFilterBean
     ↳ org.springframework.security.web.authentication.logout.LogoutFilter

Class Overview

Logs a principal out.

Polls a series of LogoutHandlers. The handlers should be specified in the order they are required. Generally you will want to call logout handlers TokenBasedRememberMeServices and SecurityContextLogoutHandler (in that order).

After logout, a redirect will be performed to the URL determined by either the configured LogoutSuccessHandler or the logoutSuccessUrl, depending on which constructor was used.

Summary

[Expand]
Inherited Fields
From class org.springframework.web.filter.GenericFilterBean
Public Constructors
LogoutFilter(LogoutSuccessHandler logoutSuccessHandler, LogoutHandler... handlers)
Constructor which takes a LogoutSuccessHandler instance to determine the target destination after logging out.
LogoutFilter(String logoutSuccessUrl, LogoutHandler... handlers)
Public Methods
void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
void setFilterProcessesUrl(String filterProcessesUrl)
Protected Methods
String getFilterProcessesUrl()
boolean requiresLogout(HttpServletRequest request, HttpServletResponse response)
Allow subclasses to modify when a logout should take place.
[Expand]
Inherited Methods
From class org.springframework.web.filter.GenericFilterBean
From class java.lang.Object
From interface javax.servlet.Filter
From interface org.springframework.beans.factory.BeanNameAware
From interface org.springframework.beans.factory.DisposableBean
From interface org.springframework.beans.factory.InitializingBean
From interface org.springframework.web.context.ServletContextAware

Public Constructors

public LogoutFilter (LogoutSuccessHandler logoutSuccessHandler, LogoutHandler... handlers)

Constructor which takes a LogoutSuccessHandler instance to determine the target destination after logging out. The list of LogoutHandlers are intended to perform the actual logout functionality (such as clearing the security context, invalidating the session, etc.).

public LogoutFilter (String logoutSuccessUrl, LogoutHandler... handlers)

Public Methods

public void doFilter (ServletRequest req, ServletResponse res, FilterChain chain)

Throws
IOException
ServletException

public void setFilterProcessesUrl (String filterProcessesUrl)

Protected Methods

protected String getFilterProcessesUrl ()

protected boolean requiresLogout (HttpServletRequest request, HttpServletResponse response)

Allow subclasses to modify when a logout should take place.

Parameters
request the request
response the response
Returns
  • true if logout should occur, false otherwise