• Spring Custom LogoutSuccessHandler Example

    In our last tutorial, we have learned how to create custom authentication success handler in spring. In this post, we will be extending the default spring logoutsuccesshandler  and create our own Custom LogoutSuccessHandler. It is best to create a custom logoutsuccesshandler when your system needs to do some work after the user has successfully logs out eg., updating the database or logging the time the user was last online. This assumes that you have already a working spring mvc project or click here on How to Create Spring MVC Project using Maven.

    1.Add Spring Security in pom.xml

    In your pom.xml, add dependency for spring security if you don’t have,

        
        <groupId>org.springframework.security</groupId>    
        <artifactId>spring-security-web</artifactId>    
        ${spring.security.version}    
        
        
        
        <groupId>org.springframework.security</groupId>    
        <artifactId>spring-security-core</artifactId>    
        <version>${spring.security.version}</version>    
    
        
        
        <groupId>org.springframework.security</groupId>    
        <artifactId>spring-security-config</artifactId>
        ${spring.security.version}    
    
    

    and add spring security version in your properties section

        
         3.2.1.RELEASE    
     
    

    2. Create  your Custom LogoutSuccessHandler class

    Create a java class and that implements LogoutSuccessHandler.

    package com.javapointers.custom;
    
    import org.springframework.security.core.Authentication;
    import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
    
    import javax.servlet.ServletException;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import java.io.IOException;
    
    public class CustomLogoutSuccessHandler implements LogoutSuccessHandler{
        @Override
        public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
                                    Authentication authentication) throws IOException, ServletException {
            if (authentication != null && authentication.getDetails() != null) {
                try {
                    httpServletRequest.getSession().invalidate();
                    System.out.println("User Successfully Logout");
                    //you can add more codes here when the user successfully logs out,
                    //such as updating the database for last active.
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
    
            httpServletResponse.setStatus(HttpServletResponse.SC_OK);
            //redirect to login
            httpServletResponse.sendRedirect("/login");
        }
    }
    
    

    3. Modify your applicationContext.xml


    Create a bean for your Custom LogoutSuccessHandler class.

    <bean id="customLogoutSuccessHandler" class="com.javapointers.custom.CustomLogoutSuccessHandler" />
    

    Add your bean to your logout properties.

    <security:logout logout-url="/logout" success-handler-ref="customLogoutSuccessHandler" />
    

    Your final applicationContext.xml should be something similar to this:

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xmlns:security="http://www.springframework.org/schema/security"
           xmlns:mvc="http://www.springframework.org/schema/mvc"
           xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
    
        
        
            <security:intercept-url pattern="/home" access="hasRole('ROLE_USER')"  />
            <security:form-login login-page="/login" default-target-url="/home" authentication-failure-url="/login?error=" />
            <security:logout logout-url="/logout" success-handler-ref="customLogoutSuccessHandler" />
        
    
        
        
            
                
                    <security:user name="admin" password="password" authorities="ROLE_USER,ROLE_ADMIN" />
                    <security:user name="user" password="password" authorities="ROLE_USER" />
                
            
        
    
        
        <mvc:view-controller path="/" view-name="login" />
        <mvc:view-controller path="/login" view-name="login" />
        <mvc:view-controller path="/logout" view-name="logout" />
        <mvc:view-controller path="/home" view-name="home" />
    
        
        <bean id="customLogoutSuccessHandler" class="com.javapointers.custom.CustomLogoutSuccessHandler" />
    
    </beans>
    

    4. Testing our WebApp

    Launch the web app and log in with the credentials admin/password. Next. it should redirect to our home page. When the user logs out, in our console, it should print User Successfully Logout since we have this sysout in our class.

    custom logoutsuccesshandler 2

    custom logoutsuccesshandler

    Thats it. Your custom logoutsuccesshandler will always be called whenever the user successfully logs out. Now you can add additional logic to your logout.

    Download Source Code Here!

    Related Post