Announcement Announcement Module
No announcement yet.
Problem using LogoutSuccessHandler Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem using LogoutSuccessHandler

    I am developing a multi-tenant application with Spring Security. So far, the experience has been awesome because of the level of customization it offers. However I am stuck at dealing with LogoutSuccessHandler. Whenever somebody logs out, I want the system to redirect back to the login page of their respective tenant. Here's my implementation of LogoutSuccessHandler:

    public class MultiTenantLogoutSuccessHandler implements LogoutSuccessHandler{
    	private static final Logger logger = Logger.getLogger(MultiTenantLogoutSuccessHandler.class);
    	public void onLogoutSuccess(HttpServletRequest req,
    			HttpServletResponse resp, Authentication auth) throws IOException,
    			ServletException {
    		String tenantId = TenantSecurityContextHolder.getTenant().getTenantId();
    		logger.trace("Current TenantId: "+tenantId);
    		String redirectUrl = req.getContextPath()+"/"+tenantId+"/login";
    Problem is that, when I logout, it never redirects to my redirectUrl but to application root instead. With the help of log4j TRACE level on for Spring Security, here's what I see after my redirectUrl passes through FilterChainProxy:

    2011-06-27 02:08:32,657 [http-8080-1] DEBUG - Requested session ID1C41C9920EB97DE4FF7C4185F2440D8C is invalid.
    2011-06-27 02:08:32,657 [http-8080-1] DEBUG - Starting new session (if required) and redirecting to '/'
    2011-06-27 02:08:32,657 [http-8080-1] DEBUG - Redirecting to '/northstar/'
    Please let me know how can I make redirect generated within my LogoutSuccessHanlder work. Thanks a lot for your time.


  • #2
    It looks like you must have an "invalid-session-url" defined. The logic in the SessionManagementFilter will, if an invalid session is detected, send the user to the page you have defined. You can try explicitly invalidating the user's session when you log them out OR play with some of the other session management settings defined in the "create-session" attribute (again, depending on the needs of your application). Hope this helps!


    • #3
      Thanks a lot pmularien. I have removed "invalid-session-url" and now its working like a charm