Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

how to perform operation just before logout in spring?

First of all this is not a duplicate question i checked answers here! and here! but couldnt get it to work.

Also i want to perform it just before logout so can not use logoutSuccessHandler.

So i need to create a custom LOGOUT_FILTER , with which i am really having hard time getting it to work.

here is my spring-security xml in which i tried two methods first was :-

 <custom-filter ref="logoutFilter" position="LOGOUT_FILTER" />

<beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<beans:constructor-arg index="0" value="/logoutSuccess" />
<beans:constructor-arg index="1">
    <beans:list>
        <beans:bean id="securityContextLogoutHandler"
        class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
    <beans:bean id="myLogoutHandler" class="com.fe.cms.listener.SimpleLogoutHandler" />
    </beans:list>
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/logout" />
</beans:bean>

but this gives me error

Configuration problem: Security namespace does not support decoration of element [custom-filter] 

then i tried..

<beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
    <beans:constructor-arg index="0" value="/logout" />
    <beans:constructor-arg index="1">
        <beans:ref bean="securityContextLogoutHandler" />
        <beans:ref bean="myLogoutHandler" />
    </beans:constructor-arg>
    <beans:property name="filterProcessesUrl" value="/logout" />
</beans:bean>

<beans:bean id="securityContextLogoutHandler"
    class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />

<beans:bean id="myLogoutHandler" class="com.fe.cms.listener.SimpleLogoutHandler" />

<http auto-config="false" entry-point-ref="authenticationManger">
    <custom-filter ref="logoutFilter" position="LOGOUT_FILTER" />
</http>

but this gives me error :-

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#48' while setting bean property 'sourceList' with key [48]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#48': Cannot create inner bean '(inner bean)' of type [org.springframework.security.web.access.ExceptionTranslationFilter] while setting constructor argument with key [6]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#181': Could not resolve matching constructor (hint: specify index/type/name arguments for simple parameters to avoid type ambiguities)

Please can anyone tell where am i doing wrong .. i will post full xml files if needed

like image 491
Anil Jaangra Avatar asked Nov 21 '14 08:11

Anil Jaangra


2 Answers

According to your clarification what you want is to get access the to session and perform some logic. Instead of hacking around with a custom LogoutFilter simply write an ApplicationListener that listens to HttpSessionDestroyedEvents.

@Component
public class SessionListener implements ApplicationListener<HttpSessionDestroyedEvent> {

    public void onApplicationEvent(HttpSessionDestroyedEvent evt) {
        HttpSession session = evt.getSession();
        // Your logic here
    }
}

To be able re receive events make sure that you register the HttpSessionEventPublisher in your web.xml.

<listener>
    <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>

Main advantage of this solution is that you will also be able to process sessions that timeout and not only regular logouts.

like image 161
M. Deinum Avatar answered Nov 04 '22 02:11

M. Deinum


If you need to execute some operation just before logout I suppose Spring interceptors can help you.

You could implement a class like this:

public class JustBeforeLogoutInterceptor extends HandlerInterceptorAdapter {

    @Override
    public boolean preHandle(HttpServletRequest request,
            HttpServletResponse response, Object handler) throws Exception {
        boolean res = super.preHandle(request, response, handler);
        //
        // your code...
        //
        return res;
    }
}

Then you need to configure the interceptor:

<mvc:interceptors>
    <mvc:interceptor>
        <mvc:mapping path="/logout" />
        <bean class="your.app.JustBeforeLogoutInterceptor" />
    </mvc:interceptor>
</mvc:interceptors>

This should work. Take a try.

like image 44
davioooh Avatar answered Nov 04 '22 01:11

davioooh