I've got a problem logging out in Spring framework.
First when I want j_spring_security_logout to handle it for me i get 404 j_spring_security_logout not found: sample-security.xml:
<http>
<intercept-url pattern="/messageList.htm*" access="ROLE_USER,ROLE_GUEST" />
<intercept-url pattern="/messagePost.htm*" access="ROLE_USER" />
<intercept-url pattern="/messageDelete.htm*" access="ROLE_ADMIN" />
<form-login login-page="/login.jsp" default-target-url="/messageList.htm"
authentication-failure-url="/login.jsp?error=true" />
<logout/>
</http>
Sample url link to logout in JSP page:
<a href="<c:url value="/j_spring_security_logout" />">Logout</a>
When i try to use a custom JSP page i.e. I use login form for this purpose then I get better result at least it gets to login page, but another problem is that you dont't get logged off as you can diretcly type url that should be guarded buy you get past it anyway.
Slightly modified from previous listings:
<http>
<intercept-url pattern="/messageList.htm*" access="ROLE_USER,ROLE_GUEST" />
<intercept-url pattern="/messagePost.htm*" access="ROLE_USER" />
<intercept-url pattern="/messageDelete.htm*" access="ROLE_ADMIN" />
<form-login login-page="/login.jsp" default-target-url="/messageList.htm"
authentication-failure-url="/login.jsp?error=true" />
<logout logout-success-url="/login.jsp" />
</http>
<a href="<c:url value="/login.jsp" />">Logout</a>
Thank you for help
Basic Configuration The basic configuration of Spring Logout functionality using the logout() method is simple enough: @Configuration @EnableWebSecurity public class SecSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(final HttpSecurity http) throws Exception { http //... .
Spring Security provides login and logout features that we can use in our application. It is helpful to create secure Spring application.
The default logout URL is /logout, but you can set it to something else using the logout-url attribute.
The thing with Spring Security is: It is difficult. Not because it is poorly designed or could be easier to use, but because of the complexity of its domain: Application security. Complex problems require technically sophisticated solutions, and security is one of them.
I've just had this problem.
You need to make sure in web.xml
your security filter matches on the url /j_spring_security_logout
e.g.
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/j_spring_security_logout</url-pattern>
</filter-mapping>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With