org.apache.shiro.web.filter.authc
Class LogoutFilter

java.lang.Object
  extended by org.apache.shiro.web.servlet.ServletContextSupport
      extended by org.apache.shiro.web.servlet.AbstractFilter
          extended by org.apache.shiro.web.servlet.NameableFilter
              extended by org.apache.shiro.web.servlet.OncePerRequestFilter
                  extended by org.apache.shiro.web.servlet.AdviceFilter
                      extended by org.apache.shiro.web.filter.authc.LogoutFilter
All Implemented Interfaces:
Filter, Nameable

public class LogoutFilter
extends AdviceFilter

Simple Filter that, upon receiving a request, will immediately log-out the currently executing subject and then redirect them to a configured redirectUrl.

Since:
1.2

Field Summary
static String DEFAULT_REDIRECT_URL
          The default redirect URL to where the user will be redirected after logout.
 
Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
 
Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
filterConfig
 
Constructor Summary
LogoutFilter()
           
 
Method Summary
 String getRedirectUrl()
          Returns the URL to where the user will be redirected after logout.
protected  String getRedirectUrl(ServletRequest request, ServletResponse response, Subject subject)
          Returns the redirect URL to send the user after logout.
protected  Subject getSubject(ServletRequest request, ServletResponse response)
          Returns the currently executing Subject.
protected  void issueRedirect(ServletRequest request, ServletResponse response, String redirectUrl)
          Issues an HTTP redirect to the specified URL after subject logout.
protected  boolean preHandle(ServletRequest request, ServletResponse response)
          Acquires the currently executing subject, a potentially Subject or request-specific redirectUrl, and redirects the end-user to that redirect url.
 void setRedirectUrl(String redirectUrl)
          Sets the URL to where the user will be redirected after logout.
 
Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle
 
Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter
 
Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder
 
Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
 
Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

DEFAULT_REDIRECT_URL

public static final String DEFAULT_REDIRECT_URL
The default redirect URL to where the user will be redirected after logout. The value is "/", Shiro's representation of the web application's context root.

See Also:
Constant Field Values
Constructor Detail

LogoutFilter

public LogoutFilter()
Method Detail

preHandle

protected boolean preHandle(ServletRequest request,
                            ServletResponse response)
                     throws Exception
Acquires the currently executing subject, a potentially Subject or request-specific redirectUrl, and redirects the end-user to that redirect url.

Overrides:
preHandle in class AdviceFilter
Parameters:
request - the incoming ServletRequest
response - the outgoing ServletResponse
Returns:
false always as typically no further interaction should be done after user logout.
Throws:
Exception - if there is any error.

getSubject

protected Subject getSubject(ServletRequest request,
                             ServletResponse response)
Returns the currently executing Subject. This implementation merely defaults to calling SecurityUtils.getSubject(), but can be overridden by subclasses for different retrieval strategies.

Parameters:
request - the incoming Servlet request
response - the outgoing Servlet response
Returns:
the currently executing Subject.

issueRedirect

protected void issueRedirect(ServletRequest request,
                             ServletResponse response,
                             String redirectUrl)
                      throws Exception
Issues an HTTP redirect to the specified URL after subject logout. This implementation simply calls WebUtils.issueRedirect(request,response,redirectUrl).

Parameters:
request - the incoming Servlet request
response - the outgoing Servlet response
redirectUrl - the URL to where the browser will be redirected immediately after Subject logout.
Throws:
Exception - if there is any error.

getRedirectUrl

protected String getRedirectUrl(ServletRequest request,
                                ServletResponse response,
                                Subject subject)
Returns the redirect URL to send the user after logout. This default implementation ignores the arguments and returns the static configured redirectUrl property, but this method may be overridden by subclasses to dynamically construct the URL based on the request or subject if necessary.

Note: the Subject is not yet logged out at the time this method is invoked. You may access the Subject's session if one is available and if necessary.

Tip: if you need to access the Subject's session, consider using the Subject.getSession(false) method to ensure a new session isn't created unnecessarily. If a session would be created, it will be immediately stopped after logout, not providing any value and unnecessarily taxing session infrastructure/resources.

Parameters:
request - the incoming Servlet request
response - the outgoing ServletResponse
subject - the not-yet-logged-out currently executing Subject
Returns:
the redirect URL to send the user after logout.

getRedirectUrl

public String getRedirectUrl()
Returns the URL to where the user will be redirected after logout. Default is the web application's context root, i.e. "/"

Returns:
the URL to where the user will be redirected after logout.

setRedirectUrl

public void setRedirectUrl(String redirectUrl)
Sets the URL to where the user will be redirected after logout. Default is the web application's context root, i.e. "/"

Parameters:
redirectUrl - the url to where the user will be redirected after logout


Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.