Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Spring logout gives 404 error

I've gone through all of the solutions listed at SO but can't seem to make it work. I've a simple spring-security xml file-

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd">
    <http auto-config='true' use-expressions="true">
        <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
    </http>

    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="user" password="user" authorities="ROLE_USER"/>
            </user-service>
        </authentication-provider>
    </authentication-manager>

</beans:beans>

My logout page looks like this-

<form action="j_spring_security_logout" method="post" id="logoutForm">
            <input type="hidden"
                    name="${_csrf.parameterName}"
                    value="${_csrf.token}" />
</form>

<script>
    function formSubmit() {
                document.getElementById("logoutForm").submit();
    }
</script>

<c:if test="${pageContext.request.userPrincipal.name != null}">
           <h2>
                Welcome : ${pageContext.request.userPrincipal.name} |
                 <a href="javascript:formSubmit()"> Logout</a>
            </h2>
</c:if>

But I get 404 error when I make HTTP POST; Spring gives following error message-

WARNING: No mapping found for HTTP request with URI [/j_spring_security_logout] in DispatcherServlet with name 'spring-dispatcher'

What am I doing wrong?

Spring versions (from pom.xml)-

<spring-core-version>4.1.6.RELEASE</spring-core-version>
<spring-security-version>4.0.1.RELEASE</spring-security-version>
like image 668
user375868 Avatar asked Mar 17 '23 00:03

user375868


1 Answers

According to the docs, the logout URL ins Spring Security 4 is just /logout, so it should work if you change your form action.

I would also drop the auto-config attribute and just set what you want to use explicitly, following the examples in the manual.

like image 143
Shaun the Sheep Avatar answered Mar 22 '23 23:03

Shaun the Sheep