public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>
SecurityConfigurer instances may invoke
addLogoutHandler(LogoutHandler) in the
#init(HttpSecurity) phase.
RememberMeConfigurer| Constructor and Description |
|---|
LogoutConfigurer()
Creates a new instance
|
| Modifier and Type | Method and Description |
|---|---|
LogoutConfigurer<H> |
addLogoutHandler(LogoutHandler logoutHandler)
Adds a
LogoutHandler. |
void |
configure(H http)
Configure the
SecurityBuilder by setting the necessary properties
on the SecurityBuilder. |
LogoutConfigurer<H> |
deleteCookies(String... cookieNamesToClear)
Allows specifying the names of cookies to be removed on logout success.
|
B |
disable()
Disables the
AbstractHttpConfigurer by removing it. |
void |
init(H http)
Initialize the
SecurityBuilder. |
LogoutConfigurer<H> |
invalidateHttpSession(boolean invalidateHttpSession)
Configures
SecurityContextLogoutHandler to invalidate the HttpSession at the time of logout. |
LogoutConfigurer<H> |
logoutRequestMatcher(RequestMatcher logoutRequestMatcher)
The RequestMatcher that triggers log out to occur.
|
LogoutConfigurer<H> |
logoutSuccessHandler(LogoutSuccessHandler logoutSuccessHandler)
Sets the
LogoutSuccessHandler to use. |
LogoutConfigurer<H> |
logoutSuccessUrl(String logoutSuccessUrl)
The URL to redirect to after logout has occurred.
|
LogoutConfigurer<H> |
logoutUrl(String logoutUrl)
The URL that triggers log out to occur (default is "/logout").
|
LogoutConfigurer<H> |
permitAll()
A shortcut for
permitAll(boolean) with true as an argument. |
LogoutConfigurer<H> |
permitAll(boolean permitAll)
Grants access to the
logoutSuccessUrl(String) and the logoutUrl(String) for every user. |
T |
withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) |
addObjectPostProcessor, and, getBuilder, postProcess, setBuilderpublic LogoutConfigurer()
HttpSecurity.logout()public LogoutConfigurer<H> addLogoutHandler(LogoutHandler logoutHandler)
LogoutHandler. The SecurityContextLogoutHandler is
added as the last LogoutHandler by default.logoutHandler - the LogoutHandler to addLogoutConfigurer for further customizationpublic LogoutConfigurer<H> invalidateHttpSession(boolean invalidateHttpSession)
SecurityContextLogoutHandler to invalidate the HttpSession at the time of logout.invalidateHttpSession - true if the HttpSession should be invalidated (default), or false otherwise.LogoutConfigurer for further customizationpublic LogoutConfigurer<H> logoutUrl(String logoutUrl)
It is considered best practice to use an HTTP POST on any action that
changes state (i.e. log out) to protect against CSRF
attacks. If you really want to use an HTTP GET, you can use
logoutRequestMatcher(new AntPathRequestMatcher(logoutUrl, "GET"));
logoutUrl - the URL that will invoke logout.LogoutConfigurer for further customizationlogoutRequestMatcher(RequestMatcher),
HttpSecurity.csrf()public LogoutConfigurer<H> logoutRequestMatcher(RequestMatcher logoutRequestMatcher)
logoutUrl(String) which helps enforce good
practices.logoutRequestMatcher - the RequestMatcher used to determine if logout should occur.LogoutConfigurer for further customizationlogoutUrl(String)public LogoutConfigurer<H> logoutSuccessUrl(String logoutSuccessUrl)
logoutSuccessHandler(LogoutSuccessHandler) with a
SimpleUrlLogoutSuccessHandler.logoutSuccessUrl - the URL to redirect to after logout occurredLogoutConfigurer for further customizationpublic LogoutConfigurer<H> permitAll()
permitAll(boolean) with true as an argument.LogoutConfigurer for further customizationspublic LogoutConfigurer<H> deleteCookies(String... cookieNamesToClear)
addLogoutHandler(LogoutHandler) with a
CookieClearingLogoutHandler.cookieNamesToClear - the names of cookies to be removed on logout success.LogoutConfigurer for further customizationpublic LogoutConfigurer<H> logoutSuccessHandler(LogoutSuccessHandler logoutSuccessHandler)
LogoutSuccessHandler to use. If this is specified,
logoutSuccessUrl(String) is ignored.logoutSuccessHandler - the LogoutSuccessHandler to use after a user has been
logged out.LogoutConfigurer for further customizationspublic LogoutConfigurer<H> permitAll(boolean permitAll)
logoutSuccessUrl(String) and the logoutUrl(String) for every user.permitAll - if true grants access, else nothing is doneLogoutConfigurer for further customization.public void init(H http) throws Exception
SecurityConfigurerSecurityBuilder. Here only shared state should be
created and modified, but not properties on the SecurityBuilder
used for building the object. This ensures that the
SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared
objects when building.init in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>init in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>Exceptionpublic void configure(H http) throws Exception
SecurityConfigurerSecurityBuilder by setting the necessary properties
on the SecurityBuilder.configure in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>configure in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>Exceptionpublic B disable()
AbstractHttpConfigurer by removing it. After doing
so a fresh version of the configuration can be applied.HttpSecurityBuilder for additional customizationspublic T withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)