egovframework.rfc3.iam.security.authentication.logout
Class SecurityContextLogoutHandler

java.lang.Object
  extended by egovframework.rfc3.iam.security.authentication.logout.SecurityContextLogoutHandler
All Implemented Interfaces:
org.springframework.security.web.authentication.logout.LogoutHandler

public class SecurityContextLogoutHandler
extends java.lang.Object
implements org.springframework.security.web.authentication.logout.LogoutHandler

Performs a logout by modifying the SecurityContextHolder.

Will also invalidate the HttpSession if isInvalidateHttpSession() is true and the session is not null.

Author:
Ben Alex

Constructor Summary
SecurityContextLogoutHandler()
           
 
Method Summary
 boolean isInvalidateHttpSession()
           
 void logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authentication)
          Requires the request to be passed in.
 void setInvalidateHttpSession(boolean invalidateHttpSession)
          Causes the HttpSession to be invalidated when this LogoutHandler is invoked.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SecurityContextLogoutHandler

public SecurityContextLogoutHandler()
Method Detail

logout

public void logout(javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response,
                   org.springframework.security.core.Authentication authentication)
Requires the request to be passed in.

Specified by:
logout in interface org.springframework.security.web.authentication.logout.LogoutHandler
Parameters:
request - from which to obtain a HTTP session (cannot be null)
response - not used (can be null)
authentication - not used (can be null)

isInvalidateHttpSession

public boolean isInvalidateHttpSession()

setInvalidateHttpSession

public void setInvalidateHttpSession(boolean invalidateHttpSession)
Causes the HttpSession to be invalidated when this LogoutHandler is invoked. Defaults to true.

Parameters:
invalidateHttpSession - true if you wish the session to be invalidated (default) or false if it should not be.