Announcement Announcement Module
Collapse
No announcement yet.
Problem using LogoutSuccessHandler Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem using LogoutSuccessHandler

    I am developing a multi-tenant application with Spring Security. So far, the experience has been awesome because of the level of customization it offers. However I am stuck at dealing with LogoutSuccessHandler. Whenever somebody logs out, I want the system to redirect back to the login page of their respective tenant. Here's my implementation of LogoutSuccessHandler:

    Code:
    public class MultiTenantLogoutSuccessHandler implements LogoutSuccessHandler{
    	private static final Logger logger = Logger.getLogger(MultiTenantLogoutSuccessHandler.class);
    	@Override
    	public void onLogoutSuccess(HttpServletRequest req,
    			HttpServletResponse resp, Authentication auth) throws IOException,
    			ServletException {
    		String tenantId = TenantSecurityContextHolder.getTenant().getTenantId();
    		logger.trace("Current TenantId: "+tenantId);
    		
    		String redirectUrl = req.getContextPath()+"/"+tenantId+"/login";
    		resp.sendRedirect(redirectUrl);
    	}
    }
    Problem is that, when I logout, it never redirects to my redirectUrl but to application root instead. With the help of log4j TRACE level on for Spring Security, here's what I see after my redirectUrl passes through FilterChainProxy:

    Code:
    2011-06-27 02:08:32,657 [http-8080-1] DEBUG org.springframework.security.web.session.SessionManagementFilter - Requested session ID1C41C9920EB97DE4FF7C4185F2440D8C is invalid.
    2011-06-27 02:08:32,657 [http-8080-1] DEBUG org.springframework.security.web.session.SessionManagementFilter - Starting new session (if required) and redirecting to '/'
    2011-06-27 02:08:32,657 [http-8080-1] DEBUG org.springframework.security.web.DefaultRedirectStrategy - Redirecting to '/northstar/'
    Please let me know how can I make redirect generated within my LogoutSuccessHanlder work. Thanks a lot for your time.

    Regards,
    Umar

  • #2
    It looks like you must have an "invalid-session-url" defined. The logic in the SessionManagementFilter will, if an invalid session is detected, send the user to the page you have defined. You can try explicitly invalidating the user's session when you log them out OR play with some of the other session management settings defined in the "create-session" attribute (again, depending on the needs of your application). Hope this helps!

    Comment


    • #3
      Thanks a lot pmularien. I have removed "invalid-session-url" and now its working like a charm

      Comment

      Working...
      X