Spring Security part II : SecurityContextPersistentFilter & LogoutFilter

In this post we’ll dig into the details of SecurityContextPersistentFilter & LogoutFilter configuration.

III SecurityContextPersistentFilter

The name is quite explicit. The SecurityContextPersistentFilter interface purpose is to store the security context in some repository.

To achieve this task, the filter delegates the job to a SecurityContextRepository interface.

Spring provides a default implementation for this interface: org.springframework.security.web.context.HttpSessionSecurityContextRepository. This is quite self-explanatory. The repository for the security context is simply the current user HTTP session.

Below is the XML configuration for the SecurityContextPersistentFilter


<!-- Filter to store the Authentication object in the HTTP Session -->	
<bean id="securityContextPersistentFilter" 
	class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
	<property name="securityContextRepository" ref="securityContextRepository" />
</bean>
	
	
<bean id="securityContextRepository" 
	class="org.springframework.security.web.context.HttpSessionSecurityContextRepository" />

IV LogoutFilter

The LogoutFilter is in charge of logging out the current user and invalidating the security context. The task of invalidating the HTTP session is again delegated to another actor, the SecurityContextLogoutHandler.

This handler is injected in the LogoutFilter constructor:

<bean id="logoutFilter" 
	class="org.springframework.security.web.authentication.logout.LogoutFilter">
	<constructor-arg value="/pages/Security/logout.html" />
	<constructor-arg>
		<list>
			<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
		</list>
	</constructor-arg>
	<property name="filterProcessesUrl" value="/j_myApplication_logout"/>
</bean>

At line 3, we define the URL of the logout page.
The SecurityContextLogoutHandler is injected as constructor argument at line 6.
The HTML URL for the logout action is define by the filterProcessesUrl parameter at line 9.

<a id="logout_link_id" class="logout-text" 
	href="/myApplication/j_myApplication_logout">Logout</a>	

to be continued…

Part I : Configuration & Security Chain

Advertisements

About DuyHai DOAN
Cassandra Technical Evangelist. LinkedIn profile : http://fr.linkedin.com/pub/duyhai-doan/2/224/848. Follow me on Twitter: @doanduyhai for latest updates on Cassandra

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: