Geek Answers Handbook

Spring Security 3 Exit Not Working

I am new to spring security. I created an example in spring security 3.

I have a problem. I can successfully log in with the default login page, but when I log out, I am successfully redirected to my loggedout.jsp, but when checking with a change in the URL, I see that I'm still registered.

spring security.xml :

 <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <http pattern="/loggedout.jsp" security="none" /> <http auto-config='true'> <intercept-url pattern="/**" access="ROLE_USER" /> <logout logout-success-url="/loggedout.jsp" invalidate-session="true" delete-cookies="JSESSIONID" /> <!-- <remember-me key="myAppKey" /> --> <!-- <session-management invalid-session-url="/timeout.jsp"> <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" /> </session-management> --> </http> <authentication-manager> <authentication-provider> <user-service> <user name="vrajesh" password="vrajesh" authorities="ROLE_USER,ROLE_ADMIN" /> <user name="test" password="test" authorities="ROLE_USER,ROLE_ADMIN" /> </user-service> </authentication-provider> </authentication-manager> <!-- <http pattern="/loggedout.jsp" security="none"/> <http use-expressions="true"> <intercept-url pattern="/**" access="ROLE_USER" /> <form-login /> <logout logout-success-url="/loggedout.jsp" delete-cookies="JSESSIONID"/> <remember-me /> <session-management invalid-session-url="/timeout.jsp"> <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" /> </session-management> </http> --> </beans:beans>

This is my link to every page:

 <p><a href="j_spring_security_logout">Logout</a></p>

and this is my loggedout.jsp :

 <p> You have been logged out. <a href="<c:url value='/'/>">Start again</a>. </p>

In my loggedout.jsp , if I click the "Start Again" link, it should display the login page, but that is not the case. Instead, I am registered in the application.

Please help me and let me know if I am missing something.

+4
source share
2 answers

I had a problem with the j_spring_security_logout link, so I did this:

1.- In spring-security.xml added to section:

 <logout logout-url="/logout.html"/>

2.- In my controller I just:

 @RequestMapping(value = "logout.html", method = RequestMethod.GET) public String logout(ModelMap model, HttpServletRequest request) { return "loginform"; }

3.- In my .jsp :

  <a href="${pageContext.request.contextPath}/logout.html"><fmt:message key="text.exit" /></a>

And it works flawlessly :)

You can check additional output configurations here .

0
source

Your link to the exit on each page should be:

 <p><a href="/j_spring_security_logout">Logout</a></p>
+4
source

More articles:


All Articles