user3526989
Reputation: 11
getting principal object in spring security even after using setAuthenticated(false)
I am authenticating the loggedin user using UserNamePasswordAuthentictionToken.
But after that on some condition i want to log out manually. Inside if condition I have put the below code. I am getting authenticated=false, but principal object still remains there..
SecurityContextHolder.getContext().getAuthentication()
.setAuthenticated(false);
SecurityContextHolder.clearContext();
Upvotes: 0
Views: 1449
Answers (2)
astrohome
Reputation: 475
I don't know your version of Spring, but still you can also add:
SecurityContextLogoutHandler logoutHandler = new SecurityContextLogoutHandler();
if( currentUser == null ) {
logoutHandler.logout(request, response, auth);
}
next after to call of clearContext();
Upvotes: 0
sp00m
Reputation: 48817
SecurityContextHolder.getContext().setAuthentication(null).
authenticated is just a boolean flag beside the principal object.
Upvotes: 2
Related Questions
- Spring Security: How to get details from the principal?
- Spring Security getAuthentication() returns null
- Principal stays string albeit using a custom user details class in Spring security
- Obtain the Authentication (Principal) object via oAuth2 Spring Security?
- Principal is returned as UsernamePasswordAuthenticationToken
- Spring Security - Invalid property 'principal' of bean class [org.springframework.security.authentication.UsernamePasswordAuthenticationToken]
- Why does @AuthenticationPrincipal return the Authentication instead of the principal object?
- Spring security returns String as principal instead of UserDetails on failed login?
- getPrincipal() return null after successful login
- Spring security accessing principal