First of all this is not a duplicate question i checked answers here! and here! but couldnt get it to work.
Also i want to perform it just before logout so can not use logoutSuccessHandler.
So i need to create a custom LOGOUT_FILTER , with which i am really having hard time getting it to work.
here is my spring-security xml in which i tried two methods first was :-
<custom-filter ref="logoutFilter" position="LOGOUT_FILTER" />
<beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<beans:constructor-arg index="0" value="/logoutSuccess" />
<beans:constructor-arg index="1">
<beans:list>
<beans:bean id="securityContextLogoutHandler"
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
<beans:bean id="myLogoutHandler" class="com.fe.cms.listener.SimpleLogoutHandler" />
</beans:list>
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/logout" />
</beans:bean>
but this gives me error
Configuration problem: Security namespace does not support decoration of element [custom-filter]
then i tried..
<beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<beans:constructor-arg index="0" value="/logout" />
<beans:constructor-arg index="1">
<beans:ref bean="securityContextLogoutHandler" />
<beans:ref bean="myLogoutHandler" />
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/logout" />
</beans:bean>
<beans:bean id="securityContextLogoutHandler"
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
<beans:bean id="myLogoutHandler" class="com.fe.cms.listener.SimpleLogoutHandler" />
<http auto-config="false" entry-point-ref="authenticationManger">
<custom-filter ref="logoutFilter" position="LOGOUT_FILTER" />
</http>
but this gives me error :-
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#48' while setting bean property 'sourceList' with key [48]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#48': Cannot create inner bean '(inner bean)' of type [org.springframework.security.web.access.ExceptionTranslationFilter] while setting constructor argument with key [6]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#181': Could not resolve matching constructor (hint: specify index/type/name arguments for simple parameters to avoid type ambiguities)
Please can anyone tell where am i doing wrong .. i will post full xml files if needed
According to your clarification what you want is to get access the to session and perform some logic. Instead of hacking around with a custom LogoutFilter
simply write an ApplicationListener
that listens to HttpSessionDestroyedEvent
s.
@Component
public class SessionListener implements ApplicationListener<HttpSessionDestroyedEvent> {
public void onApplicationEvent(HttpSessionDestroyedEvent evt) {
HttpSession session = evt.getSession();
// Your logic here
}
}
To be able re receive events make sure that you register the HttpSessionEventPublisher
in your web.xml.
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
Main advantage of this solution is that you will also be able to process sessions that timeout and not only regular logouts.
If you need to execute some operation just before logout I suppose Spring interceptors can help you.
You could implement a class like this:
public class JustBeforeLogoutInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
boolean res = super.preHandle(request, response, handler);
//
// your code...
//
return res;
}
}
Then you need to configure the interceptor:
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/logout" />
<bean class="your.app.JustBeforeLogoutInterceptor" />
</mvc:interceptor>
</mvc:interceptors>
This should work. Take a try.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With