Spring Custom LogoutSuccessHandler Example

In our last tutorial, we have learned how to create custom authentication success handler in spring. In this post, we will be extending the default spring logoutsuccesshandler  and create our own Custom LogoutSuccessHandler. It is best to create a custom logoutsuccesshandler when your system needs to do some work after the user has successfully logs out eg., updating the database or logging the time the user was last online. This assumes that you have already a working spring mvc project or click here on How to Create Spring MVC Project using Maven.

1.Add Spring Security in pom.xml

In your pom.xml, add dependency for spring security if you don’t have,

    
    <groupId>org.springframework.security</groupId>    
    <artifactId>spring-security-web</artifactId>    
    ${spring.security.version}    
    
    
    
    <groupId>org.springframework.security</groupId>    
    <artifactId>spring-security-core</artifactId>    
    <version>${spring.security.version}</version>    

    
    
    <groupId>org.springframework.security</groupId>    
    <artifactId>spring-security-config</artifactId>
    ${spring.security.version}

and add spring security version in your properties section

    
     3.2.1.RELEASE

2. Create  your Custom LogoutSuccessHandler class

Create a java class and that implements LogoutSuccessHandler.

package com.javapointers.custom;

import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class CustomLogoutSuccessHandler implements LogoutSuccessHandler{
    @Override
    public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
                                Authentication authentication) throws IOException, ServletException {
        if (authentication != null && authentication.getDetails() != null) {
            try {
                httpServletRequest.getSession().invalidate();
                System.out.println("User Successfully Logout");
                //you can add more codes here when the user successfully logs out,
                //such as updating the database for last active.
            } catch (Exception e) {
                e.printStackTrace();
            }
        }

        httpServletResponse.setStatus(HttpServletResponse.SC_OK);
        //redirect to login
        httpServletResponse.sendRedirect("/login");
    }
}

3. Modify your applicationContext.xml


Create a bean for your Custom LogoutSuccessHandler class.

<bean id="customLogoutSuccessHandler" class="com.javapointers.custom.CustomLogoutSuccessHandler" />

Add your bean to your logout properties.

<security:logout logout-url="/logout" success-handler-ref="customLogoutSuccessHandler" />

Your final applicationContext.xml should be something similar to this:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">

    
    
        <security:intercept-url pattern="/home" access="hasRole('ROLE_USER')"  />
        <security:form-login login-page="/login" default-target-url="/home" authentication-failure-url="/login?error=" />
        <security:logout logout-url="/logout" success-handler-ref="customLogoutSuccessHandler" />
    

    
    
        
            
                <security:user name="admin" password="password" authorities="ROLE_USER,ROLE_ADMIN" />
                <security:user name="user" password="password" authorities="ROLE_USER" />
            
        
    

    
    <mvc:view-controller path="/" view-name="login" />
    <mvc:view-controller path="/login" view-name="login" />
    <mvc:view-controller path="/logout" view-name="logout" />
    <mvc:view-controller path="/home" view-name="home" />

    
    <bean id="customLogoutSuccessHandler" class="com.javapointers.custom.CustomLogoutSuccessHandler" />

</beans>

4. Testing our WebApp

Launch the web app and log in with the credentials admin/password. Next. it should redirect to our home page. When the user logs out, in our console, it should print User Successfully Logout since we have this sysout in our class.

custom logoutsuccesshandler 2

custom logoutsuccesshandler

Thats it. Your custom logoutsuccesshandler will always be called whenever the user successfully logs out. Now you can add additional logic to your logout.

Download Source Code Here!

Share this tutorial!