Spring Security - ClassCastException

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Spring Security - ClassCastException

Amad
This post was updated on .
With saml plugin installed, upon logout (local), i am getting

java.lang.ClassCastException: org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler cannot be cast to org.springframework.security.web.authentication.logout.LogoutHandler
	at org.codehaus.groovy.grails.plugins.springsecurity.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:70)

I noticed that in saml plugin descriptor following two are registered as Logout Handlers,
SpringSecurityUtils.registerLogoutHandler 'successLogoutHandler'
SpringSecurityUtils.registerLogoutHandler 'logoutHandler'
and
successLogoutHandler(SimpleUrlLogoutSuccessHandler) {
    defaultTargetUrl = conf.saml.afterLogoutUrl
}

SimpleUrlLogoutSuccessHandler is not a LogoutHandler and hence causes that CCE in MutableLogoutFilter since here is whats on that line 70,
for (LogoutHandler handler : _handlers) {
    handler.logout(request, response, auth);
}

Any idea how this is working for others and not me?