Handling the logout request
When the user clicks on logout, the Angular app invokes a logout API which, primarily, invalidates the HTTP session and removes the authentication object from the SecurityContextHolder
object. Recall the SecurityContextHolder
object is used to store the SecurityContext
object, which holds on to the Authentication
object. The following represents the code in the Spring app which invokes the logout API on the SecurityContextLogoutHandler
instance:
@GetMapping(value="/logout") public ExecutionStatus logout (HttpServletRequest request, HttpServletResponse response) { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); if (auth != null){ new SecurityContextLogoutHandler().logout(request, response, auth); } return new ExecutionStatus("USER_LOGOUT_SUCCESSFUL", "User is logged out"); }