spring security logout handler not working

Question

i have grails pluggin spring-security-core-1.2.1

I registered security event listener as a spring bean in grails-app/conf/spring/resources.groovy:

securityEventListener(LoggingSecurityEventListener)

and make two additions to grails-app/conf/Config.groovy:

grails.plugins.springsecurity.useSecurityEventListener = true
grails.plugins.springsecurity.logout.handlerNames =
    ['rememberMeServices',
            'securityContextLogoutHandler',
            'securityEventListener']

my logging/logout listener

class LoggingSecurityEventListener implements ApplicationListener<AbstractAuthenticationEvent>, LogoutHandler {

            void onApplicationEvent(AbstractAuthenticationEvent event) {
                System.out.println('appEvent')
            }


            void logout(HttpServletRequest request, HttpServletResponse response,
                            Authentication authentication) {
                System.out.println('logout')
            }

}

on ApplicationEvent works good, but logout not working what could be the problem?

or you can tell how to get all logging users

Answer 1

When you set

grails.plugins.springsecurity.useSecurityEventListener = true

the spring security plugin will register it's own event listener called securityEventListener. The handler looked up from handlerNames is probably getting the plugin registered one instead of yours. Try renaming your bean to something like:

loggingSecurityEventListener(LoggingSecurityEventListener)

and replacing the handlerNames with

grails.plugins.springsecurity.logout.handlerNames = 
    ['rememberMeServices',
     'securityContextLogoutHandler',
     'loggingSecurityEventListener']

NOTE: the configuration property names have changed (plugins -> plugin). If you're using the grails spring-security plugin version 2.0 or later, use this:

grails.plugin.springsecurity.logout.handlerNames