almost 7 years ago
To invalidate spring security session you need to follow below steps:
Set logout-success-url attribute to /login.jsp. After logout user will be redirected to this page.
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <http entry-point-ref="authenticationProcessingFilterEntryPoint"> <intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" /> <logout logout-success-url="/login.jsp" /> </http> <beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint"> <beans:property name="loginFormUrl" value="/login.jsp" /> <beans:property name="forceHttps" value="false"/> </beans:bean> <beans:bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter"> <custom-filter position="AUTHENTICATION_PROCESSING_FILTER "/> <beans:property name="authenticationManager" ref="authenticationManager" /> <beans:property name="filterProcessesUrl"> <beans:value>/j_spring_security_check</beans:value> </beans:property> </beans:bean> <authentication-manager> <authentication-provider> <user-service> <user name="srccodes" password="password" authorities="ROLE_USER" /> </user-service> </authentication-provider> </authentication-manager> </beans:beans>
public class SessionUtils { public static void logout(HttpServletRequest request) { SecurityContextHolder.getContext().setAuthentication(null); SecurityContextHolder.clearContext(); HttpSession hs = request.getSession(); Enumeration e = hs.getAttributeNames(); while (e.hasMoreElements()) { String attr = e.nextElement(); hs.setAttribute(attr, null); } removeCookies(request); hs.invalidate(); } public static void removeCookies(HttpServletRequest request) { Cookie[] cookies = request.getCookies(); if (cookies != null && cookies.length > 0) { for (int i = 0; i < cookies.length; i++) { cookies[i].setMaxAge(0); } } } }
SessionUtils.logout(request);
Hope this will help you :)
Starting with Chrome version 45, NPAPI is no longer supported for Google Chrome. For more information, see Chrome and NPAPI (blog.chromium.org).
Firefox and Microsoft Internet Explorer are recommended browsers for websites using java applets.
Chrome Version Support
Are you sure, you want to delete this comment?
Sign up using
0 Comment(s)