Menu
Probably the answer is simple: How can I manually logout the currently logged in user in spring security? Is it sufficient to call:
SecurityContextHolder.getContext().getAuthentication().setAuthenticated(false); ?
440
Basic Configuration The basic configuration of Spring Logout functionality using the logout() method is simple enough: @Configuration @EnableWebSecurity public class SecSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(final HttpSecurity http) throws Exception { http //... .
According to Spring Security 4.0.0 document: 4.2.4 Logout Handling. The logout element adds support for logging out by navigating to a particular URL. The default logout URL is /logout, but you can set it to something else using the logout-url attribute.
Spring Security provides login and logout features that we can use in our application. It is helpful to create secure Spring application.
It's hard for me to say for sure if your code is enough. However standard Spring-security's implementation of logging out is different. If you took a look at SecurityContextLogoutHandler you would see they do:
SecurityContextHolder.clearContext(); Moreover they optionally invalidate the HttpSession:
if (invalidateHttpSession) { HttpSession session = request.getSession(false); if (session != null) { session.invalidate(); } } You may find more information in some other question about logging out in Spring Security and by looking at the source code of org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler.
124
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
