Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

how to correctly logout user in spring security

Tags:

java

spring

spring-security

Edit - 1 

<security:logout
    invalidate-session="true"
    logout-success-url="/logout"
    logout-url="/logoutfail"/>

 </security:http>

Edit - 1 end http://pastie.org/8588538 are the lines 1 to 6 a correct way to logout users? because when I do, the user seems to be logged out momentarily on the page but then can visit other pages again with the same login. it seems line 31 and 38 is making a new session cookie. but how?

@RequestMapping(value = "/logout" )
    public String logout(ModelMap model, HttpServletRequest request){
        request.getSession(true).invalidate();
        System.out.println("logout user page shown--------------------");
        return "/login/logout";       
   }


200 OK

GET /logout

200 OK

localhost:8080

5.7 KB

127.0.0.1:8080



225ms
HeadersResponseHTMLCacheCookies
Response Headersview source
Content-Language    en
Content-Length  5864
Content-Type    text/html;charset=ISO-8859-1
Date    Mon, 30 Dec 2013 21:38:59 GMT
Server  Apache-Coyote/1.1
Set-Cookie  JSESSIONID=4B961D14E4B3096368BCC5F9A55874BC; Path=/ttmaven/; HttpOnly

Request Headersview source
Accept  text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language en-US,en;q=0.5
Connection  keep-alive
Cookie  JSESSIONID=A0E89C909D0A7F7BE93EC737130E9A31
Host    localhost:8080
Referer http://localhost:8080/ttmaven/users/home
User-Agent  Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0
like image 775
Mab Avatar asked Dec 25 '22 15:12

Mab

1 Answers

This is how you do it:

SecurityContextHolder.getContext().setAuthentication(null);

Spring Security also comes with login/logout functionality already implemented, here is how you can configure a custom logout URL. You don't have to create any controllers/request mappings then.

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:p="http://www.springframework.org/schema/p"
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <http auto-config="true" use-expressions="true">
        <logout logout-url="/custom_logout_url" />
    </http>
</beans:beans>
like image 90
SergeyB Avatar answered Dec 28 '22 07:12

SergeyB
Sign in to Comment

Related questions

String trim coming out with incorrect length
Jaxb + jersey. Skipping null fields in generated json
Unable to locate an Element By ID in Selenium
How to open cmd.exe in java
Why set a password using Jasypt when encrypting text?
Removing an integer from a list
switching databases in spring petclinic
How do I invoke a method with array parameter in java? [closed]
hashCode() value changes between executions
How does Guava Set difference work?
Overhead of 'this' keyword
Not a statement
Behavior of static blocks with Abstract classes
SOAP message MUST NOT contain a Document Type Declaration(DTD)
Spring MVC how @RequestBody works
Generated ZIP file is corrupt / invalid
How to specify dependency on tomcat libraries with gradle
Remove the comma after the last number in a loop [duplicate]
Spring Social - Could not generate CGLIB subclass
Java Regular Expression: match any number of digits in round brackets if the closing bracket is the last char in the String

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!