Logout

Spring Security provides features to enable a user to log out and be redirected to a specified page. The URI of the LogoutController is typically mapped to the Logout link in the UI. The complete listing of LogoutController is as follows:

    @Controller 
    public class LogoutController { 
      @RequestMapping(value = "/secure/logout",  
      method = RequestMethod.GET) 
      public String logout(HttpServletRequest request, 
      HttpServletResponse response) { 
        Authentication auth =  
        SecurityContextHolder.getContext() 
        .getAuthentication(); 
        if (auth != null) { 
            new SecurityContextLogoutHandler() 
           .logout(request, response, auth); 
            request.getSession().invalidate(); 
          } 
        return "redirect:/secure/welcome"; 
       } 
     }

Things to note are as follows:

  • if (auth != null): If there is a valid authentication, then end the session
  • new SecurityContextLogoutHandler().logout(request, response, auth): SecurityContextLogoutHandler performs a logout by removing the authentication information from SecurityContextHolder
  • return "redirect:/secure/welcome": Redirects to the secure welcome page
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset