public class LogoutFilter extends AdviceFilter
subject
and then redirect them to a configured redirectUrl
.Modifier and Type | Field and Description |
---|---|
static String |
DEFAULT_REDIRECT_URL
The default redirect URL to where the user will be redirected after logout.
|
ALREADY_FILTERED_SUFFIX
filterConfig
Constructor and Description |
---|
LogoutFilter() |
Modifier and Type | Method and Description |
---|---|
String |
getRedirectUrl()
Returns the URL to where the user will be redirected after logout.
|
protected String |
getRedirectUrl(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
Subject subject)
Returns the redirect URL to send the user after logout.
|
protected Subject |
getSubject(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response)
Returns the currently executing
Subject . |
protected void |
issueRedirect(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
String redirectUrl)
Issues an HTTP redirect to the specified URL after subject logout.
|
protected boolean |
preHandle(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response)
Acquires the currently executing
subject ,
a potentially Subject or request-specific
redirectUrl ,
and redirects the end-user to that redirect url. |
void |
setRedirectUrl(String redirectUrl)
Sets the URL to where the user will be redirected after logout.
|
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter
getName, setName, toStringBuilder
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
public static final String DEFAULT_REDIRECT_URL
"/"
, Shiro's
representation of the web application's context root.protected boolean preHandle(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) throws Exception
subject
,
a potentially Subject or request-specific
redirectUrl
,
and redirects the end-user to that redirect url.preHandle
in class AdviceFilter
request
- the incoming ServletRequestresponse
- the outgoing ServletResponsefalse
always as typically no further interaction should be done after user logout.Exception
- if there is any error.protected Subject getSubject(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
Subject
. This implementation merely defaults to calling
SecurityUtils.
getSubject()
, but can be overridden
by subclasses for different retrieval strategies.request
- the incoming Servlet requestresponse
- the outgoing Servlet responseSubject
.protected void issueRedirect(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, String redirectUrl) throws Exception
WebUtils.
issueRedirect(request,response,redirectUrl)
.request
- the incoming Servlet requestresponse
- the outgoing Servlet responseredirectUrl
- the URL to where the browser will be redirected immediately after Subject logout.Exception
- if there is any error.protected String getRedirectUrl(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, Subject subject)
redirectUrl
property, but this method may be overridden
by subclasses to dynamically construct the URL based on the request or subject if necessary.
Note: the Subject is not yet logged out at the time this method is invoked. You may access the Subject's
session if one is available and if necessary.
Tip: if you need to access the Subject's session, consider using the
Subject.
getSession(false)
method to ensure a new session isn't created unnecessarily.
If a session would be created, it will be immediately stopped after logout, not providing any value and
unnecessarily taxing session infrastructure/resources.request
- the incoming Servlet requestresponse
- the outgoing ServletResponsesubject
- the not-yet-logged-out currently executing Subjectpublic String getRedirectUrl()
"/"
public void setRedirectUrl(String redirectUrl)
"/"
redirectUrl
- the url to where the user will be redirected after logoutCopyright © 2004–2018 The Apache Software Foundation. All rights reserved.