<< 18Session Fixation Prevention
(Quick Reference)
20Voters >>

19 Logout Handlers - Reference Documentation

Authors: Burt Beckwith, Beverley Talbott

Version: 2.0.0

19 Logout Handlers

You register a list of logout handlers by implementing the LogoutHandler interface. The list is called when a user explicitly logs out.

By default, a securityContextLogoutHandler bean is registered to clear the SecurityContextHolder. Also, unless you are using Facebook or OpenID, rememberMeServices bean is registered to reset your cookie. (Facebook and OpenID authenticate externally so we don't have access to the password to create a remember-me cookie.) If you are using Facebook, a facebookLogoutHandler is registered to reset its session cookies.

To customize this list, you define a logout.handlerNames attribute with a list of bean names.

PropertyDefault ValueMeaning
logout.handlerNames['rememberMeServices', 'securityContextLogoutHandler']Logout handler bean names.

The beans must be declared either by the plugin or by you in resources.groovy or resources.xml. For example, suppose you have a custom MyLogoutHandler in resources.groovy:

beans = {
   myLogoutHandler(com.foo.MyLogoutHandler) {
      // attributes
   }
}

You register it in grails-app/conf/Config.groovy as:

grails.plugin.springsecurity.logout.handlerNames = [
   'rememberMeServices', 'securityContextLogoutHandler', 'myLogoutHandler'
]
<< 18Session Fixation Prevention
20Voters >>
Quick Reference (hide)

Scripts

s2-create-persistent-token
s2-create-role-hierarchy-entry
s2-quickstart