spring-security - How is possible to access to the logged out user name in Spring Security?

Question

We use Spring Security 4.0.x and I need to find the way to access the logged out user name. I have configured LogoutSuccessHandler:

<logout logout-url="/logout" success-handler-ref="logoutSuccessHandler" />

I see the authentication object in the method signature:

onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)

Unfortunately, the authentication object is empty. I see that the LogoutHandler (SecurityContextLogoutHandler) clears the authentication before logoutSuccessHandler but I can not find the way how to configure LogoutHandler via <logout .. configuration.

How is possible to access to the logged out user name in Spring Security?

score 1 · Accepted Answer

if (requiresLogout(request, response)) {
            Authentication auth = SecurityContextHolder.getContext().getAuthentication();

            if (logger.isDebugEnabled()) {
                logger.debug("Logging out user '" + auth
                        + "' and transferring to logout destination");
            }

            this.handler.logout(request, response, auth);

            logoutSuccessHandler.onLogoutSuccess(request, response, auth);

            return;
        }

As you can see, the filter has got the Authentication, So even the SecurityContextLogoutHandler clears the Authentication in SecurityContextHolder, the auth still holds the Authentication, Do you have any other code that clear Authentication before LogoutFilter ?

spring-security - How is possible to access to the logged out user name in Spring Security?

1 回答 1

Related

Reference