Class OidcBackChannelServerLogoutHandler

java.lang.Object
org.springframework.security.config.web.server.OidcBackChannelServerLogoutHandler
All Implemented Interfaces:
ServerLogoutHandler

public final class OidcBackChannelServerLogoutHandler extends Object implements ServerLogoutHandler
A ServerLogoutHandler that locates the sessions associated with a given OIDC Back-Channel Logout Token and invalidates each one.
Since:
6.4
See Also:
  • Constructor Details

  • Method Details

    • logout

      public reactor.core.publisher.Mono<Void> logout(WebFilterExchange exchange, Authentication authentication)
      Description copied from interface: ServerLogoutHandler
      Invoked when log out is requested
      Specified by:
      logout in interface ServerLogoutHandler
      Parameters:
      exchange - the exchange
      authentication - the Authentication
      Returns:
      a completion notification (success or error)
    • setLogoutUri

      public void setLogoutUri(String logoutUri)
      Use this logout URI for performing per-session logout. Defaults to /logout since that is the default URI for LogoutFilter.
      Parameters:
      logoutUri - the URI to use
    • setSessionCookieName

      public void setSessionCookieName(String sessionCookieName)
      Use this cookie name for the session identifier. Defaults to JSESSIONID.

      Note that if you are using Spring Session, this likely needs to change to SESSION.

      Parameters:
      sessionCookieName - the cookie name to use