- Notifications
You must be signed in to change notification settings - Fork19
Logout configuration
CAS in the cloud LELEU Jérôme edited this pageDec 12, 2022 ·9 revisions
You need to define a logout endpoint using theLogoutFilter to handle logout.
>> Read thedocumentation to understand its behavior and the available options.
The available options can be set via setters and servlet parameters.
Yet, there is noconfig servlet parameter, theconfigFactory servlet parameter may be used instead to define aconfiguration.
TheconfigFactory servlet parameter must be defined at least for one filter: it will be shared with other filters.
TheLogoutFilter can be defined in theweb.xml file:
<filter> <filter-name>logoutFilter</filter-name> <filter-class>org.pac4j.j2e.filter.LogoutFilter</filter-class> <init-param> <param-name>defaultUrl</param-name> <param-value>/urlAfterLogout</param-value> </init-param></filter><filter-mapping> <filter-name>logoutFilter</filter-name> <url-pattern>/logout</url-pattern></filter-mapping>
or using CDI and theorg.pac4j.jee.util.FilterHelper:
@Named@ApplicationScopedpublicclassWebConfig {@InjectprivateConfigconfig;publicvoidbuild(@Observes@Initialized(ApplicationScoped.class)ServletContextservletContext) {finalFilterHelperfilterHelper =newFilterHelper(servletContext); ...finalLogoutFilterlogoutFilter =newLogoutFilter(config,"/?defaulturlafterlogout");logoutFilter.setDestroySession(true);filterHelper.addFilterMapping("logoutFilter",logoutFilter,"/logout"); ... }}
It can be defined as a simple JEE filter via Spring:
@BeanpublicFilterRegistrationBeanlogoutFilter() {finalLogoutFilterfilter =newLogoutFilter(config(),"/?defaulturlafterlogout");filter.setDestroySession(true);finalFilterRegistrationBeanregistrationBean =newFilterRegistrationBean();registrationBean.setFilter(filter);registrationBean.addUrlPatterns("/pac4jLogout");returnregistrationBean; }
It can be defined in a Java configuration like any Spring Security filter:
@Configuration@Order(6)publicstaticclassLogoutWebSecurityConfigurationAdapterextendsWebSecurityConfigurerAdapter {@AutowiredprivateConfigconfig;protectedvoidconfigure(finalHttpSecurityhttp)throwsException {finalLogoutFilterlogoutFilter =newLogoutFilter(config,"/?defaulturlafterlogout");logoutFilter.setDestroySession(true);http .antMatcher("/pac4jLogout") .addFilterBefore(logoutFilter,BasicAuthenticationFilter.class) .csrf().disable(); } }
Or it can be defined in ashiro.ini file:
[main]pac4jLogout = org.pac4j.jee.filter.LogoutFilterpac4jLogout.config = $config[urls]# Shiro logout:#/logout = logout# pac4j logout:/pac4jLogout = pac4jLogout