Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring security multiple logout urls?

Tags:

spring-security

I am using Spring security java config and I wanted to know a way to implemented log-out for multiple urls. i.e.

logout().logoutRequestMatcher(new 
AntPathRequestMatcher("/invalidate")).logoutUrl("/logout");

In this code the normal logout url "/logout" works fine and its a post request but i also want the user to logout for the url "/invalidate" which doesn't seem to work.

like image 574
Tarun Sapra Avatar asked Dec 14 '25 06:12

Tarun Sapra

2 Answers

According to Spring Security tutorial, it seems that the next is more elegant approach:

enter image description here

In the security form-login tag just add something like this:

<security:logout logout-url="/logout" success-handler-ref="logoutHandler"/>

Every time that you'll hit /logout URL the logoutHandler will be invoked, and on it, you can decide how to behave after a successful logout.

From Spring docs:

enter image description here

All you need to do is to create a new class that implements the interface marked in the image and implement its single method.

On that method decide how to act after a successful logout. for example:

@Component("logoutHandler")
public class MyLogoutSuccessHandler implements LogoutSuccessHandler {

    @Override
    public void onLogoutSuccess(HttpServletRequest request,HttpServletResponse response, Authentication authentication) throws IOException, ServletException {

        if(request.getParameter("msgShow") != null && request.getParameter("msgShow").equals("false")){
            redirectResponse(request, response, "http://" + request.getServerName() + ":" + request.getServerPort() + "/my_web_app/home?logout=false");
        }
        else{
            redirectResponse(request, response,"http://" + request.getServerName() + ":" + request.getServerPort() + "/my_web_app/home?logout=true");
        }
    }

    private void redirectResponse(HttpServletRequest request, HttpServletResponse response, String destination) {
        response.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY);
        response.setHeader("Location", destination);
    }
}

Now don't forget to add a @Component annotation to the above logout handler + on security configuration file add the next 2 statements:

<context:annotation-config />
<context:component-scan base-package="package.to.logout.handler" />
like image 108
Moshe Arad Avatar answered Dec 15 '25 19:12

Moshe Arad

This might not be the most elegant way, but you can just specify a @Controller that is mapped to all the URLs you want for logout, e. g.

@Controller
public class LogoutController {

  final String logoutRedirectUrl = "redirect:http://yourredirect.xy";

  @RequestMapping("/logout")
  public String logout1(HttpServletRequest request) throws ServletException {
    request.logout();
    return logoutRedirectUrl;
  }    

  @RequestMapping("/second/logout/")
  public String logout2(HttpServletRequest request) throws ServletException {
    request.logout();
    return logoutRedirectUrl;
  }
}
like image 21
C Brand Avatar answered Dec 15 '25 19:12

C Brand

Sign in to Comment

Related questions

Authentication in Java using Spring LDAP

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!