Reputation: 7897
spring security - how to make another user log out
When I wish to remove a user from my application, I also want to log him out (as soon as he clicks on any link). I can clear my own security context by :
SecurityContextHolder.getContext().setAuthentication(null);
but how should I clear his security context ?
Upvotes: 3
Views: 1746
Answers (1)
Reputation: 912
SecurityContextHolder.getContext().setAuthentication(null); will invalidate the current session.
The SecurityContextHolder.getContext() returns a session-scoped bean. So calling setAuthentication(null) will invalidate the current user's session.
So you can just call this from the controller when the user clicks on a link and his session will be invalidated.
Of course you probably don't want to scatter code through all of your controllers to do this. So then you can use a filter to do this instead.
In your filter you could keep a singleton bean with a list of all of the usernames you want to invalidate. Then you check the current session against the list and decide to invalidate or not.
Upvotes: 1
Related Questions
- How to manually log out a user with spring security?
- Spring Authorization Server - how do you implement a 'log' out user functionality?
- Spring Security logoff a user while runtime
- how to correctly logout user in spring security
- Spring security logout handling
- How to logout specific User in Spring ? Programatically
- How to logout user(not current) by login?
- Log out user by admin Spring Security
- how to log a user out programmatically using spring security
- How to log out using spring-security?