{"id":711,"date":"2012-02-05T14:30:25","date_gmt":"2012-02-05T13:30:25","guid":{"rendered":"http:\/\/doanduyhai.wordpress.com\/?p=711"},"modified":"2012-02-05T14:30:25","modified_gmt":"2012-02-05T13:30:25","slug":"spring-security-part-ii-securitycontextpersistentfilter-logoutfilter","status":"publish","type":"post","link":"https:\/\/www.doanduyhai.com\/blog\/?p=711","title":{"rendered":"Spring Security part II : SecurityContextPersistentFilter &#038; LogoutFilter"},"content":{"rendered":"<p>In this post we&#8217;ll dig into the details of SecurityContextPersistentFilter &amp; LogoutFilter configuration.<\/p>\n<p><!--more--><\/p>\n<h1>III SecurityContextPersistentFilter<\/h1>\n<p>The name is quite explicit. The <strong>SecurityContextPersistentFilter<\/strong> interface purpose is to store the security context in some repository. <\/p>\n<p>To achieve this task, the filter delegates the job to a <strong>SecurityContextRepository<\/strong> interface.<\/p>\n<p>Spring provides a default implementation for this interface: <strong>org.springframework.security.web.context.HttpSessionSecurityContextRepository<\/strong>. This is quite self-explanatory. The repository for the security context is simply the current user HTTP session.<\/p>\n<p>Below is the XML configuration for the <strong>SecurityContextPersistentFilter<\/strong> <\/p>\n<pre class=\"brush: xml; title: ; toolbar: false; wrap-lines: false; notranslate\" title=\"\">\n\n&amp;lt;!-- Filter to store the Authentication object in the HTTP Session --&amp;gt;\t\n&amp;lt;bean id=&amp;quot;securityContextPersistentFilter&amp;quot; \n\tclass=&amp;quot;org.springframework.security.web.context.SecurityContextPersistenceFilter&amp;quot;&amp;gt;\n\t&amp;lt;property name=&amp;quot;securityContextRepository&amp;quot; ref=&amp;quot;securityContextRepository&amp;quot; \/&amp;gt;\n&amp;lt;\/bean&amp;gt;\n\t\n\t\n&amp;lt;bean id=&amp;quot;securityContextRepository&amp;quot; \n\tclass=&amp;quot;org.springframework.security.web.context.HttpSessionSecurityContextRepository&amp;quot; \/&amp;gt;\n<\/pre>\n<h1>IV LogoutFilter<\/h1>\n<p>The <strong>LogoutFilter<\/strong> is in charge of logging out the current user and invalidating the security context. The task of invalidating the HTTP session is again delegated to another actor, the <strong>SecurityContextLogoutHandler<\/strong>.<\/p>\n<p>This handler is injected in the <strong>LogoutFilter<\/strong> constructor:<\/p>\n<pre class=\"brush: xml; highlight: [3,6,9]; title: ; toolbar: false; wrap-lines: false; notranslate\" title=\"\">\n&amp;lt;bean id=&amp;quot;logoutFilter&amp;quot; \n\tclass=&amp;quot;org.springframework.security.web.authentication.logout.LogoutFilter&amp;quot;&amp;gt;\n\t&amp;lt;constructor-arg value=&amp;quot;\/pages\/Security\/logout.html&amp;quot; \/&amp;gt;\n\t&amp;lt;constructor-arg&amp;gt;\n\t\t&amp;lt;list&amp;gt;\n\t\t\t&amp;lt;bean class=&amp;quot;org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler&amp;quot;\/&amp;gt;\n\t\t&amp;lt;\/list&amp;gt;\n\t&amp;lt;\/constructor-arg&amp;gt;\n\t&amp;lt;property name=&amp;quot;filterProcessesUrl&amp;quot; value=&amp;quot;\/j_myApplication_logout&amp;quot;\/&amp;gt;\n&amp;lt;\/bean&amp;gt;\n<\/pre>\n<p>At <strong>line 3<\/strong>, we define the URL of the logout page.<br \/>\nThe <strong>SecurityContextLogoutHandler<\/strong> is injected as constructor argument at <strong>line <\/strong>6.<br \/>\nThe HTML URL for the logout action is define by the <em>filterProcessesUrl<\/em> parameter at <strong>line 9<\/strong>.<\/p>\n<pre class=\"brush: xml; highlight: [2]; title: ; toolbar: false; wrap-lines: false; notranslate\" title=\"\">\n&amp;lt;a id=&amp;quot;logout_link_id&amp;quot; class=&amp;quot;logout-text&amp;quot; \n\thref=&amp;quot;\/myApplication\/j_myApplication_logout&amp;quot;&amp;gt;Logout&amp;lt;\/a&amp;gt;\t\n<\/pre>\n<p>to be continued&#8230;<\/p>\n<p><a href=\"http:\/\/doanduyhai.wordpress.com\/2012\/01\/22\/spring-security-part-i-configuration-and-security-chain\/\" title=\"Spring Security part I : Configuration &amp; Security\u00a0Chain\" target=\"_blank\">Part I : Configuration &amp; Security Chain<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this post we&#8217;ll dig into the details of SecurityContextPersistentFilter &amp; LogoutFilter configuration.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[30,14],"tags":[],"_links":{"self":[{"href":"https:\/\/www.doanduyhai.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/711"}],"collection":[{"href":"https:\/\/www.doanduyhai.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.doanduyhai.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.doanduyhai.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.doanduyhai.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=711"}],"version-history":[{"count":0,"href":"https:\/\/www.doanduyhai.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/711\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.doanduyhai.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=711"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.doanduyhai.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=711"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.doanduyhai.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=711"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}