How to manually log out a user with spring security?

by

It’s hard for me to say for sure if your code is enough. However standard Spring-security’s implementation of logging out is different. If you took a look at SecurityContextLogoutHandler you would see they do:

SecurityContextHolder.clearContext();

Moreover they optionally invalidate the HttpSession:

if (invalidateHttpSession) {
    HttpSession session = request.getSession(false);
    if (session != null) {
        session.invalidate();
    }
}

You may find more information in some other question about logging out in Spring Security and by looking at the source code of org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler.

More Related Contents:

  1. Spring Boot Security CORS
  2. Handle spring security authentication exceptions with @ExceptionHandler
  3. How Spring Security Filter Chain works
  4. How to use OAuth2RestTemplate?
  5. How do I get the Session Object in Spring?
  6. How to pass an additional parameter with spring security login page
  7. Spring Boot CORS filter – CORS preflight channel did not succeed
  8. Spring Security redirect to previous page after successful login
  9. How can I have list of all users logged in (via spring security) my web application
  10. Spring Security exclude url patterns in security annotation configurartion
  11. Spring Security 3.2 CSRF support for multipart requests
  12. How to write a custom filter in spring security?
  13. Spring CSRF token does not work, when the request to be sent is a multipart request
  14. JSON Web Token (JWT) with Spring based SockJS / STOMP Web Socket
  15. can I include user information while issuing an access token?
  16. How can I use Spring Security without sessions?
  17. Auto login after successful registration
  18. How to set up Spring Security SecurityContextHolder strategy?
  19. How do I remove the ROLE_ prefix from Spring Security with JavaConfig?
  20. How to get custom user info from OAuth2 authorization server /user endpoint
  21. getting exception: No bean named ‘springSecurityFilterChain’ is defined
  22. Spring Security and @Async (Authenticated Users mixed up)
  23. Spring Security: mapping OAuth2 claims with roles to secure Resource Server endpoints
  24. Combining basic authentication and form login for the same REST Api
  25. How to use multiple login pages one for admin and the other one for user
  26. Spring Security 3.2 CSRF disable for specific URLs
  27. How to use Spring AbstractRoutingDataSource with dynamic datasources?
  28. Spring Social Authentication Filter for Stateless REST Endpoints which use Facebook Token for authentication
  29. How to allow a User only access their own data in Spring Boot / Spring Security?
  30. Spring security 4 custom login j_spring_security_check return http 302

Leave a Comment