Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring Security 3.1 redirect after logout

Tags:

redirect

spring

spring-security

I was reading many tutorials and none of them is working for me... I use Spring 3.1.x with Spring Security. I have a bunch of secured url and many unsecured. Now, when the user is logged in and tries to logout I want him to stay in the same page as he was before so I use this:

<beans:bean id="logoutSuccessHandler" class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">
    <beans:property name="useReferer" value="true"/>
</beans:bean>

This works fine, however when the user logs out from the secured page it redirects him to the login page, and I would like to redirect to home page.. How can I achieve this? Thanks in advance!

like image 663
Mat Avatar asked Dec 20 '22 19:12

Mat

2 Answers

Since you have custom logic for redirecting, you need a custom LogoutSuccessHandler. In this handler, you need to add this logic:

String refererUrl = request.getHeader("Referer");
String normalizedRefererUrl = ...; // "Normalize" (if needed) the URL so it is in the form that you need.

if (requiresAuthentication(normalizedRefererUrl, authentication)) {
    response.sendRedirect(request.getContextPath()); // home page
} else {
    response.sendRedirect(refererUrl); // or normalizedUrl
}

In your requiresAuthentication() method, you need to use some part of Spring Security that determined if the URL needs authentication.
You can use a WebInvocationPrivilegeEvaluator reference there. You get a hold of it through Spring through autowiring by class (since there will be a bean implementing WebInvocationPrivilegeEvaluator).
The evaluator has a method that you can use, isAllowed(uri, authentication).

like image 75
Nicolae Albu Avatar answered Dec 28 '22 07:12

Nicolae Albu

 
<security:http auto-config="true">
    <security:form-login login-page="/spring/login" 
                         login-processing-url="/spring/loginProcess"
                         default-target-url="/spring/main" 
                         authentication-failure-url="/spring/login?login_error=1" />  
    <security:logout logout-url="/spring/logout" logout-success-url="/spring/logout-success" />
</security:http>

logout-success-url from the docs or for a custom succeshandler

like image 30
NimChimpsky Avatar answered Dec 28 '22 06:12

NimChimpsky
Sign in to Comment

Related questions

Validate request headers with Spring validation framework
Spring Hello World setup and code in eclipse
How to intercept all Hibernate sessions when they're created (Spring / Grails environment)
Spring Security, Form Login, and Concurrent Sessions
Spring serving static content with mvc:resources, invalid xsd
AnnotationConfigApplicationContext and parent context
JAXB unmarshalling exception: unexpected element when spring webservice 1.0.4
writing hessian service
setting no cache for different parts of spring mvc 3 using WebContentInterceptor?
spring 3 @controller not able to inject service object which has @Transactional
Injecting dependencies using @Autowired into objects created with "new ..."
Spring MVC custom scope bean
Different beans scope in spring?
How do I use a Spring bean inside an OSGi bundle?
Load a properties file into a java.util.Properties?
How to start myBatis implemention with spring?
How do I save a string in the session with Spring MVC?
Spring dataSource bean definition failing
Load properties file in Spring depending on profile
Invalid property 'packagesToScan' of bean class [org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!