public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>> extends SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,B>
SecurityConfigurer instances may invoke
addLogoutHandler(LogoutHandler) in the init(HttpSecurityBuilder) phase.
LogoutFilterRememberMeConfigurer| Constructor and Description |
|---|
LogoutConfigurer()
Creates a new instance
|
| Modifier and Type | Method and Description |
|---|---|
LogoutConfigurer<H> |
addLogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler logoutHandler)
Adds a
LogoutHandler. |
LogoutConfigurer<H> |
clearAuthentication(boolean clearAuthentication)
Specifies if
SecurityContextLogoutHandler should clear the Authentication at the time of logout. |
void |
configure(H http)
Configure the
SecurityBuilder by setting the necessary properties on the
SecurityBuilder. |
LogoutConfigurer<H> |
deleteCookies(String... cookieNamesToClear)
Allows specifying the names of cookies to be removed on logout success.
|
B |
disable()
Disables the
AbstractHttpConfigurer by removing it. |
void |
init(H http)
Initialize the
SecurityBuilder. |
LogoutConfigurer<H> |
invalidateHttpSession(boolean invalidateHttpSession)
Configures
SecurityContextLogoutHandler to invalidate the
HttpSession at the time of logout. |
LogoutConfigurer<H> |
logoutRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher logoutRequestMatcher)
The RequestMatcher that triggers log out to occur.
|
LogoutConfigurer<H> |
logoutSuccessHandler(org.springframework.security.web.authentication.logout.LogoutSuccessHandler logoutSuccessHandler)
Sets the
LogoutSuccessHandler to use. |
LogoutConfigurer<H> |
logoutSuccessUrl(String logoutSuccessUrl)
The URL to redirect to after logout has occurred.
|
LogoutConfigurer<H> |
logoutUrl(String logoutUrl)
The URL that triggers log out to occur (default is "/logout").
|
LogoutConfigurer<H> |
permitAll()
A shortcut for
permitAll(boolean) with true as an argument. |
LogoutConfigurer<H> |
permitAll(boolean permitAll)
Grants access to the
logoutSuccessUrl(String) and the
logoutUrl(String) for every user. |
T |
withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) |
addObjectPostProcessor, and, getBuilder, postProcess, setBuilderpublic LogoutConfigurer()
HttpSecurity.logout()public LogoutConfigurer<H> addLogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler logoutHandler)
LogoutHandler. The SecurityContextLogoutHandler is added as
the last LogoutHandler by default.logoutHandler - the LogoutHandler to addLogoutConfigurer for further customizationpublic LogoutConfigurer<H> clearAuthentication(boolean clearAuthentication)
SecurityContextLogoutHandler should clear the Authentication at the time of logout.clearAuthentication - true SecurityContextLogoutHandler should clear the Authentication (default), or false otherwise.LogoutConfigurer for further customizationpublic LogoutConfigurer<H> invalidateHttpSession(boolean invalidateHttpSession)
SecurityContextLogoutHandler to invalidate the
HttpSession at the time of logout.invalidateHttpSession - true if the HttpSession should be invalidated
(default), or false otherwise.LogoutConfigurer for further customizationpublic LogoutConfigurer<H> logoutUrl(String logoutUrl)
It is considered best practice to use an HTTP POST on any action that changes state
(i.e. log out) to protect against CSRF attacks. If
you really want to use an HTTP GET, you can use
logoutRequestMatcher(new AntPathRequestMatcher(logoutUrl, "GET"));
logoutUrl - the URL that will invoke logout.LogoutConfigurer for further customizationlogoutRequestMatcher(RequestMatcher),
HttpSecurity.csrf()public LogoutConfigurer<H> logoutRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher logoutRequestMatcher)
logoutUrl(String) which helps enforce good practices.logoutRequestMatcher - the RequestMatcher used to determine if logout should
occur.LogoutConfigurer for further customizationlogoutUrl(String)public LogoutConfigurer<H> logoutSuccessUrl(String logoutSuccessUrl)
logoutSuccessHandler(LogoutSuccessHandler)
with a SimpleUrlLogoutSuccessHandler.logoutSuccessUrl - the URL to redirect to after logout occurredLogoutConfigurer for further customizationpublic LogoutConfigurer<H> permitAll()
permitAll(boolean) with true as an argument.LogoutConfigurer for further customizationspublic LogoutConfigurer<H> deleteCookies(String... cookieNamesToClear)
addLogoutHandler(LogoutHandler) with a
CookieClearingLogoutHandler.cookieNamesToClear - the names of cookies to be removed on logout success.LogoutConfigurer for further customizationpublic LogoutConfigurer<H> logoutSuccessHandler(org.springframework.security.web.authentication.logout.LogoutSuccessHandler logoutSuccessHandler)
LogoutSuccessHandler to use. If this is specified,
logoutSuccessUrl(String) is ignored.logoutSuccessHandler - the LogoutSuccessHandler to use after a user
has been logged out.LogoutConfigurer for further customizationspublic LogoutConfigurer<H> permitAll(boolean permitAll)
logoutSuccessUrl(String) and the
logoutUrl(String) for every user.permitAll - if true grants access, else nothing is doneLogoutConfigurer for further customization.public void init(H http) throws Exception
SecurityConfigurerSecurityBuilder. Here only shared state should be created
and modified, but not properties on the SecurityBuilder used for building
the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses
the correct shared objects when building.init in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>init in class SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>Exceptionpublic void configure(H http) throws Exception
SecurityConfigurerSecurityBuilder by setting the necessary properties on the
SecurityBuilder.configure in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>configure in class SecurityConfigurerAdapter<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>Exceptionpublic B disable()
AbstractHttpConfigurer by removing it. After doing so a fresh
version of the configuration can be applied.HttpSecurityBuilder for additional customizationspublic T withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)