Access Authentication variable in the onLogoutSuccess method of a LogoutSuccesHandler
Hi,
In one of my project I have configured Spring Security to handle user authentication.
My config file looks like this:
My CustomLogoutFilter class looks likeCode:<http use-expressions="true"> <intercept-url pattern="/" access="permitAll()" /> <intercept-url pattern="/**" access="isAuthenticated()" /> <form-login default-target-url="/main" login-page="/" always-use-default-target="true" username-parameter="userId" password-parameter="password" /> <custom-filter ref="customLogoutFilter" position="LOGOUT_FILTER"/--> <session-management invalid-session-url="/" session-authentication-strategy-ref="sas" /> </http> <beans:bean id="sas" class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy" /> <beans:bean id="customLogoutHandler" class="com.somepack.CustomLogoutHandler"/> <beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> <beans:constructor-arg index="0" ref="customLogoutHandler"/> <beans:constructor-arg index="1" ref="customLogoutFilter"/> <beans:property name="filterProcessesUrl" value="/"/> </beans:bean> <beans:bean id="customLogoutFilter" class="com.somepack.CustomLogoutFilter"> <beans:property name="reportDir" value="/tmp/reports"/> </beans:bean>
Code:public class CustomLogoutFilter implements LogoutHandler { private String reportDir; public String getReportDir() { return reportDir; } public void setReportDir(String reportDir) { this.reportDir = reportDir; } @Override public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) { String userName = authentication.getName(); File folder = new File(reportDir, userName); deleteDir(folder); //delete function to delete Logged User specific directory logService.info("Logout", userName, EventCode.LOGOUT, String.format("User %s logged out successfully", userName)); for (Cookie cookie : request.getCookies()) { printcookies(cookie); if (cookie.equals("JSESSIONID")) { cookie.setMaxAge(0); response.addCookie(cookie); } } request.getSession().invalidate(); } }
But this piece of code is not working as the filter is getting called at the very first request for the Login page (even it may would get called in every request) and I am getting an NullPointerException in the
String userName = authentication.getName() line.
In fact instead of Using LogoutFilter if I use Logouthandler, I get the same error:
My handler looks like this:
and config file changed to:Code:public class CustomLogoutHandler extends AbstractAuthenticationTargetUrlRequestHandler implements LogoutSuccessHandler{ private String reportDir; public String getReportDir() { return reportDir; } public void setReportDir(String reportDir) { this.reportDir = reportDir; } @Override public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { String userName = authentication.getName(); File folder = new File(reportDir, userName); deleteDir(folder); logService.info("Logout", userName, EventCode.LOGOUT, String.format("User %s logged out successfully", userName)); super.handle(request, response, authentication); }
Not sure how can I resolve this issue.Code:<http use-expressions="true"> <intercept-url pattern="/" access="permitAll()" /> <intercept-url pattern="/**" access="isAuthenticated()" /> <form-login default-target-url="/main" login-page="/" always-use-default-target="true" username-parameter="userId" password-parameter="password" /> <logout delete-cookies="JSESSIONID" invalidate-session="true" success-handler-ref="customLogoutHandler" logout-url="/logout" /> <session-management invalid-session-url="/" session-authentication-strategy-ref="sas" /> </http> <beans:bean id="customLogoutHandler" class="sequent.ui.security.CustomLogoutHandler"> <beans:property name="reportDir" value="/tmp/reports" /> </beans:bean>
Please help.
In short my basic requirement is that, I need to access the User Principal in the Logout mechanism which triggered when either User clicks on the Logout button or the session expires. I need the User information because the application creates temporary folder in the name of logged user which I need to delete at the time when he log off.
Appreciate your help please!!
-Raul
Reply With Quote
