Skip to content

Logout configuration

Jump to bottom
LELEU Jérôme edited this page Sep 9, 2020 · 1 revision

You can log out the current authenticated user using the LogoutFilter. It has the following behaviour:

  1. after logout, the user is redirected to the url defined by the url request parameter if it matches the logoutUrlPattern

  2. or the user is redirected to the defaultUrl if it is defined

  3. otherwise, a blank page is displayed.

Setup with annotations

In order to bind the filter to an URL, it must be bound to a JAX-RS Resource method using the @Pac4JLogout annotation.

For example:

    @DELETE
    @Path("/session")
    @Pac4JLogout(skipResponse = true)
    public void logout() {
        // do nothing
    }

Available parameters

  1. defaultUrl (optional): the default logout url if no url request parameter is provided or if the url does not match the logoutUrlPattern (not defined by default)

  2. logoutUrlPattern (optional): the logout url pattern that the url parameter must match (only relative urls are allowed by default).

  3. skipResponse (optional): by default pac4j builds an answer (to redirect to the logout url), if this is set to true then the response will be skipped. In the case of RESTful APIs, it can make sense to not use redirection.

Clone this wiki locally