I am using grails 4.0.3 and I am trying to logout a user programmatically. I search for this but all the solutions that I found are for grails 2 and are not working for grails 4.
Like - force logout for authenticated user using spring security plugin
Does anyone have any idea how to invalidate a user session?
On
Jeff's solution works for the current user's session only. If you want to logout/invalidate all the sessions (or all the sessions of a particular user) then you can use this solution.
Make a custom session listener class-
class MyCustomSessionListener implements HttpSessionListener {
Map<String, HttpSession> sessions = [:].asSynchronized()
void sessionCreated(HttpSessionEvent se) {
sessions.put(se.session.id, se.session)
}
void sessionDestroyed(HttpSessionEvent se) {
sessions.remove(se.session.id)
}
void invalidateAllSessionsOfUser(String username) {
List<HttpSession> sessionsList = []
sessions.each { sessionId, sess ->
SecurityContext sc = sess[SPRING_SECURITY_CONTEXT_KEY]
if (sc.authentication.principal.username == username) {
sessionsList.add(sess)
}
}
sessionsList*.invalidate()
}
void invalidateAllSessions() {
List<HttpSession> sessionsList = []
sessions.each { sessionId, sess ->
sessionsList.add(sess)
}
sessionsList*.invalidate()
}
}
and make an entry in resources.groovy
beans = {
myCustomSessionListener(MyCustomSessionListener)
}
In a controller you can invoke
session.invalidate().If you want to access the session from some other context, you could have that class implement the
grails.web.api.ServletAttributestrait, which will provide thesessionproperty to that class and thensession.invalidate()may be called from there.