Announcement Announcement Module
Collapse
No announcement yet.
Access Authentication variable in the onLogoutSuccess method of a LogoutSuccesHandler Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Access Authentication variable in the onLogoutSuccess method of a LogoutSuccesHandler

    Hi,
    In one of my project I have configured Spring Security to handle user authentication.

    My config file looks like this:

    Code:
    <http use-expressions="true">
    	<intercept-url pattern="/" access="permitAll()" />
    	<intercept-url pattern="/**" access="isAuthenticated()" />
    	<form-login default-target-url="/main" login-page="/" always-use-default-target="true" username-parameter="userId" password-parameter="password" />
    	<custom-filter ref="customLogoutFilter" position="LOGOUT_FILTER"/-->
    	<session-management invalid-session-url="/" session-authentication-strategy-ref="sas" />
    </http>
    
    <beans:bean id="sas" class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy" />
    
    <beans:bean id="customLogoutHandler" class="com.somepack.CustomLogoutHandler"/>
    
    <beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
    	<beans:constructor-arg index="0" ref="customLogoutHandler"/>
    	<beans:constructor-arg index="1" ref="customLogoutFilter"/>
    	<beans:property name="filterProcessesUrl" value="/"/>
    </beans:bean>
    
    <beans:bean id="customLogoutFilter" class="com.somepack.CustomLogoutFilter">
    	<beans:property	name="reportDir" value="/tmp/reports"/> 
    </beans:bean>
    My CustomLogoutFilter class looks like


    Code:
    public class CustomLogoutFilter implements LogoutHandler {
    	private String reportDir;
    	public String getReportDir() {
    		return reportDir;
    	}
    	public void setReportDir(String reportDir) {
    		this.reportDir = reportDir;
    	}
    	@Override
    	public void logout(HttpServletRequest request,
    			HttpServletResponse response, Authentication authentication) {
    		String userName = authentication.getName();
    		File folder = new File(reportDir, userName);
    		deleteDir(folder); //delete function to delete Logged User specific directory
    		logService.info("Logout", userName, EventCode.LOGOUT,
    				String.format("User %s logged out successfully", userName));
    		for (Cookie cookie : request.getCookies()) {
    			printcookies(cookie);
    			if (cookie.equals("JSESSIONID")) {
    				cookie.setMaxAge(0);
    				response.addCookie(cookie);
    			}
    		}
    		request.getSession().invalidate();
    	}	
    }

    But this piece of code is not working as the filter is getting called at the very first request for the Login page (even it may would get called in every request) and I am getting an NullPointerException in the
    String userName = authentication.getName() line.

    In fact instead of Using LogoutFilter if I use Logouthandler, I get the same error:

    My handler looks like this:

    Code:
    public class CustomLogoutHandler extends AbstractAuthenticationTargetUrlRequestHandler implements LogoutSuccessHandler{
    	private String reportDir;
    	public String getReportDir() {
    		return reportDir;
    	}
    	public void setReportDir(String reportDir) {
    		this.reportDir = reportDir;
    	}
    	@Override
    	public void onLogoutSuccess(HttpServletRequest request,
    			HttpServletResponse response, Authentication authentication) throws IOException,
    			ServletException {
    		String userName = authentication.getName();
    		File folder = new File(reportDir, userName);
    		deleteDir(folder);
    		logService.info("Logout", userName, EventCode.LOGOUT, String.format("User %s logged out successfully", userName));
    		super.handle(request, response, authentication);
    	}
    and config file changed to:

    Code:
    <http use-expressions="true">
    	<intercept-url pattern="/" access="permitAll()" />
    	<intercept-url pattern="/**" access="isAuthenticated()" />
    	<form-login default-target-url="/main" login-page="/" always-use-default-target="true" username-parameter="userId" password-parameter="password" />
    	<logout delete-cookies="JSESSIONID" invalidate-session="true" success-handler-ref="customLogoutHandler" logout-url="/logout" />
    	<session-management invalid-session-url="/" session-authentication-strategy-ref="sas" />
    </http>
    	
    <beans:bean id="customLogoutHandler" class="sequent.ui.security.CustomLogoutHandler">
    	<beans:property name="reportDir" value="/tmp/reports" />
    </beans:bean>
    Not sure how can I resolve this issue.

    Please help.

    In short my basic requirement is that, I need to access the User Principal in the Logout mechanism which triggered when either User clicks on the Logout button or the session expires. I need the User information because the application creates temporary folder in the name of logged user which I need to delete at the time when he log off.

    Appreciate your help please!!

    -Raul
Working...
X