how to create logout session in spring?

Question

1).I am new to spring technology.so I am starting with login and log out webapp. 2).I have created login page in jsp also I have added web.xml and spring-servlet.xml. Now.If I wants to invalidate session for the user how should I do that and where changes should occure,please help me with this...I am posting login controller and all pages.

   controller:
          @Controller
            public class AdminLoginController extends AbstractController 
            {

                static Logger log = Logger.getLogger(AdminLoginController.class.getName());

                @RequestMapping(value = "/loginForm", method ={RequestMethod.GET,RequestMethod.POST})
                   public ModelAndView showForm(ModelMap model) 
                   {
                    AdminLoginForm loginForm =  new AdminLoginForm();
                    model.put("loginForm", loginForm);  
                     log.info("Inside Controller returning to loginform page....");


                    return new ModelAndView( GlobalConstants.LOGIN_PAGE);
                   }

                @RequestMapping(value = "/login" ,method ={RequestMethod.POST, RequestMethod.GET})
                public ModelAndView processForm(@ModelAttribute("loginForm")AdminLoginForm loginForm, BindingResult result , HttpServletRequest request, HttpServletResponse response, ModelMap model)
                {

                try{
                    loginForm = (AdminLoginForm) model.get("loginForm");
                    String returnPage="";
                    model=super.execute(model);
                    if(result.hasErrors()){
                        return new ModelAndView(GlobalConstants.ERRORPAGE);
                    }

                    AdminLoginWorker worker=new AdminLoginWorker();
                    boolean status=worker.validateUser(loginForm);
                    if(status)
                    {                   
                        model.addObject("request", request);
                        HttpSession session=super.getSession(model);
                        CommonDTOBean dtoBean=(CommonDTOBean)session.getAttribute("dtoBean");

                        if("Admin".equalsIgnoreCase(loginForm.getUserType())){
                            dtoBean.setEmp_id(loginForm.getUserName());
                            dtoBean.setEmpType("Admin");
                            session.setAttribute("dtoBean", dtoBean);

                            return new ModelAndView(GlobalConstants.HOME_PAGE);
                        }else{
                            dtoBean.setEmp_id(loginForm.getUserName());
                            dtoBean.setEmpType("Employee");
                            session.setAttribute("dtoBean", dtoBean);
                            return new ModelAndView(GlobalConstants.EMP_HOME_PAGE);
                        }
                    }
                    else
                    {
                        return new ModelAndView(GlobalConstants.LOGIN_PAGE);
                    }

                }catch(Exception e){

                    e.printStackTrace();
                }
                return new ModelAndView(GlobalConstants.LOGIN_PAGE);
                }
 and spring-servlet.xml is:

 <context:component-scan base-package="com.portal.controller" />
   <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
      <property name="prefix" value="/jsp/" />
      <property name="suffix" value=".jsp" />
   </bean>
   <bean id="messageSource"  class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
        <property name="basename" value="classpath:messages"/>     
        <property name="defaultEncoding" value="UTF-8"/>
  </bean>

    <bean id="localeChangeInterceptor"
        class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
        <property name="paramName" value="lang" />
    </bean>

    <bean id="localeResolver"
        class="org.springframework.web.servlet.i18n.CookieLocaleResolver">
        <property name="defaultLocale" value="en"/>
    </bean> 
        <bean id="handlerMapping"
              class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping">
            <property name="interceptors">
                <ref bean="localeChangeInterceptor" />
            </property>
     </bean>
</beans>

1.Is it necessary to create securityContentxt.xml for logout. 2.The above controller class extends the some abstract class which validates whether the session is empty or not.

Please help me with this and I have gone through the http://docs.spring.io/spring-security/site/docs/3.0.x/reference/ns-config.html#ns-session-mgmt site but did not understand.

I have tried the solution I got from here but could not work out.I havge configured the spring-security.xml:

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.0.xsd">
    <http auto-config="true">
    <intercept-url pattern="/loginPage" access="IS_AUTHENTICATED_ANONYMOUSLY" />

            <logout logout-success-url="/errorPage" logout-url="//errorPage"/>
            <session-management invalid-session-url="/home?invalid=true" />
        </http>

and I have added the the following code in web.xml:

<filter>
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>*.do</url-pattern>
</filter-mapping>

And then I am getting this error:

java.lang.IllegalStateException: No WebApplicationContext found: no ContextLoaderListener registered?
    org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:251)

can any one tell whts wrong with this?

possible duplicate of [How to manually log out a user with spring security?](http://stackoverflow.com/questions/5727380/how-to-manually-log-out-a-user-with-spring-security) — NimChimpsky, Feb 25 '14 at 11:29

score 1 · Answer 1 · answered Feb 25 '14 at 11:23

1

For the logout a simple link like

<a href="/j_spring_security_logout">Logout</a>

should be enough to launch the logout controller.

About the rest of your question I don't really understand if the login part is working and you just neededed the logout or if you need help on the whole system. Once the login works and you have your user correctly stored in session, there's nothing else you have to do, Spring security manages everything. If you need additional help, provide more informations and I'll be glad to help!

Cheers

answered Feb 25 '14 at 11:23

Luca

1,116
2
15
24

thank you so much for your answer.will it work If I put the above code on jsp page without adding any xml file with it.Is't it necessary to add bean id for servelt .xml file. – user3264841 Feb 25 '14 at 11:29
If your code for the login actually works, then yes, you don't have to add anything else. Yet you have to be really sure to have configured the spring security properly! – Luca Feb 25 '14 at 11:34
no I did not configured the spring security property.Actually i do not no how to do that ,I mean I did go through the tutorial but did not understand anything. – user3264841 Feb 25 '14 at 11:38
then you should first learn to configure properly the security context, and in this case YES, you need to use the .xml file to actually tell Spring Security what it has to do. It's not easy to explain in two words what you must do. I first found very useful the tutorial from mkyong [link]http://www.mkyong.com/spring-security/spring-security-hello-world-example/[/link] Try to look at it step by step without hurry! – Luca Feb 25 '14 at 11:43
Now I understood,How create logout?But Is it possible to log in as different role of users like Admin, manage and usere how to do that? – user3264841 Feb 25 '14 at 12:02
To do that you have to specify the roles in the xml configuration. Each role (such as admin, user, etc...) must be defined as ROLE_(something) and you have to specify which role can access which page `` this means, for example, that all urls mapped with /welcome can be accessed only by who has the ROLE_USER permission – Luca Feb 25 '14 at 12:20
I have tried your solution but getting above error. – user3264841 Feb 26 '14 at 07:01
I would like to point out that is **not** an issue in my solution, rather in your Spring configuraion. Is everything else working? Is the login part working? You should be more detailed on your issues or we won't be able to help. – Luca Feb 26 '14 at 07:45
Ya,login part is working fine and for that I did not configured anything but as you said to configure the spring-security.xml i did that.I have already posted that above.when I start up the tomcat server I get above error. – user3264841 Feb 26 '14 at 09:00

score 1 · Answer 2 · answered Feb 25 '14 at 11:25

1

in your jsp this works : <a href="<c:url value="/j_spring_security_logout"/>">Logout</a>

or if you need to do it from another source, programitcally in java

SecurityContextHolder.clearContext();

and remove session :

HttpSession session = request.getSession(false);
if (session != null) {
  session.invalidate();
}

answered Feb 25 '14 at 11:25

NimChimpsky

46,453
60
198
311

please tell me how to configure the above servlet.xml for spring security. – user3264841 Feb 25 '14 at 11:39
@user3264841 just tak e alook at one of the example spring apps on github – NimChimpsky Feb 25 '14 at 12:04

how to create logout session in spring?

Please help me with this and I have gone through the http://docs.spring.io/spring-security/site/docs/3.0.x/reference/ns-config.html#ns-session-mgmt site but did not understand.

2 Answers2