8

I am new to Spring Web MVC..

Can I get some example or online link that shows me how to implement logout feature using spring web mvc ?

I don't want to use the in built feature of spring security (i.e. ACEGI)..

Thanks in advance...

Improve this question

3 Answers 3

Reset to default
15

The trick with the session invalidation doesn't work. It seems the Spring authentication buffers the session ID somewhere and accept the COOKIE even, if the session was invalidated.

Another solution is to clear the Spring security context manually:

public void manualLogout() {
    SecurityContextHolder.getContext().setAuthentication(null);
}

Here is the code, how to log in user manually (if somebody needs):

public void doManualLogin(HttpServletRequest request, String u, String p) {
    UsernamePasswordAuthenticationToken token = 
            new UsernamePasswordAuthenticationToken(u, p);
    token.setDetails(new WebAuthenticationDetails(request));
    Authentication auth = authenticationProvider.authenticate(token);
    SecurityContextHolder.getContext().setAuthentication(auth);
}

where the authenticationProvider is the bean from you spring configuration which implements

org.springframework.security.authentication.AuthenticationProvider
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

9

You only have to invalidate the session and the user is logged out. This is directly supported by the servlet api: HttpSession.invalidate(). You can write one controller that does only call invalidate.

class Logout implements Controller{
 public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response){
   ModelAndView view = //?;
   request.getSession().invalidate();
   return view;
 }      
}
Improve this answer

2 Comments

You can check with getSession (java.sun.com/javaee/5/docs/api/javax/servlet/http/…) if a session is still active. Or you look after your authentication information in the session. You have to do this in an interceptor or every controller.
You may also need to clear any cookies you may have set in order to support "remember me" functionality. Otherwise you'll log right back in the next time you visit the site.
1 
@Controller
    public class LogoutController {

        @RequestMapping(value="/logout",method = RequestMethod.GET)
        public String logout(HttpServletRequest request){
            HttpSession httpSession = request.getSession();
            httpSession.invalidate();
            return "redirect:/";
        }

    }

Please use above code to implement logout filter

Improve this answer

1 Comment

how it will redirect to login page when session is expire. Can you please provide the another scenario.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.