Add logout support to Spring Security Configuration.
DemoSecurityConfig.java:1
2
3
4
5
6
7
8
9
10
11
12
13
14
15protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/showMyLoginPage")
.loginProcessingUrl("/authenticateTheUser")
.permitAll()
.and()
// logout support for default URL /logout,
// which means we don't have to write extra code in controller
.logout()
.permitAll();
}
Add a button on page.
home.jsp:1
2
3
4<!-- MUST USE POST -->
<form:form action="${pageContext.request.contextPath}/logout" method="post">
<input type="submit" value="Logout"/>
</form:form>
Logout Process
- When a logout is processed, by default Spring Security will…
- Invalidate user’s HTTP session and remove session cookies, etc
- Send user back to your login page
- Append a logout parameter: ?logout
Based ont the fact that a parameter will be appended in the url, we can show a notification after log out and back to the login page1
2
3
4
5<c:if test="${param.logout != null}">
<div class="alert alert-success col-xs-offset-1 col-xs-10">
You have been logged out.
</div>
</c:if>